将机密传递给可重用工作流程时出错

Question

我正在尝试调用可重用的工作流程。

https://github.com/dhis2-sre/gha-workflows/blob/master/.github/workflows/instance-manager.yaml

调用者如下所示

name: Tests, build and deploy

on:
  push:
    branches:
      - master
      - feature/**
    tags:
      - v*.*.*

  pull_request:

  workflow_dispatch:

jobs:
  call-workflow:
    uses: dhis2-sre/gha-workflows/.github/workflows/instance-manager.yaml@v0.2.0
    with:
      DOCKER_IMAGE_NAME: dhis2/instance-manager-api
      PROCESS_NAME: dhis2-instance-manager
      DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
      DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
      SOPS_KMS_ARN: "${{ secrets.SOPS_KMS_ARN }}"
      AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
      KUBECONFIG: "${{ secrets.KUBECONFIG }}"

我收到以下错误

Invalid workflow file
The workflow is not valid. .github/workflows/cicd.yaml (Line: 21, Col: 24): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.DOCKER_USERNAME .github/workflows/cicd.yaml (Line: 22, Col: 24): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.DOCKER_PASSWORD

关于我做错了什么有任何线索吗？另外请让我知道我是否应该发布更多代码

Answer 1

呼叫者在“with”下有秘密，应该在“secrets”下

呼叫工作流程

...
jobs:
  call-workflow:
    uses: dhis2-sre/gha-workflows/.github/workflows/instance-manager.yaml@v0.2.0
    with:
      DOCKER_IMAGE_NAME: dhis2/instance-manager-api
      PROCESS_NAME: dhis2-instance-manager
    secrets:
      DOCKER_USERNAME: "${{ secrets.DOCKER_USERNAME }}"
      DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
      SOPS_KMS_ARN: "${{ secrets.SOPS_KMS_ARN }}"
      AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
      AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
      KUBECONFIG: "${{ secrets.KUBECONFIG }}"

称为工作流程

...
on:
  workflow_call:
    secrets:
      DOCKER_USERNAME:
        required: true
        description: ''