Aman-Mittal commented on code in PR #5890:
URL: https://github.com/apache/fineract/pull/5890#discussion_r3308355895
##########
.github/workflows/build-core.yml:
##########
@@ -1,7 +1,12 @@
name: Fineract Build Core
on:
+ push:
+ branches: ["**"]
workflow_call:
+ secrets:
Review Comment:
If you are referring to:
```yaml id="i1b7xv"
workflow_call:
secrets:
```
this workflow is reusable (`workflow_call`), so any secret consumed inside
it must be explicitly declared under `on.workflow_call.secrets`.
`DEVELOCITY_ACCESS_KEY` is referenced in `env`, and without this declaration
callers cannot pass the secret to the workflow.
`required: false` keeps the workflow usable even when the secret is not
configured (for example forks or local CI usage).
This also satisfies zizmor’s reusable-workflow secret validation and, as per
zizmor recommendations, explicitly declares only the secret required by this
workflow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
