You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub secrets can be accessible from an environment (best practice) or be available repo-wide. The latter is not secure with self-hosted runners as we have learnt in the past. However, AFAICT, trying to pass secrets from the caller's environment to Nova jobs is not possible atm as there is no way to set the environment variable with Nova.
Here is what I try to do (and fail):
Create an environment called test-passing-secrets with main branch protection and a dummy secret, let's say FOOBAR
This limits the usefulness of Nova jobs, for example it cannot be use to access HuggingFace, upload to pypi or conda where secret tokens are needed.
This is more like an issue with the way GitHub handle reusable workflows where it currently doesn't allow environment to be set. However, maybe there is a workaround that folks know.
GitHub secrets can be accessible from an environment (best practice) or be available repo-wide. The latter is not secure with self-hosted runners as we have learnt in the past. However, AFAICT, trying to pass secrets from the caller's environment to Nova jobs is not possible atm as there is no way to set the
environment
variable with Nova.Here is what I try to do (and fail):
test-passing-secrets
withmain
branch protection and a dummy secret, let's sayFOOBAR
FOOBAR
to a Linux Nova jobThis limits the usefulness of Nova jobs, for example it cannot be use to access HuggingFace, upload to pypi or conda where secret tokens are needed.
This is more like an issue with the way GitHub handle reusable workflows where it currently doesn't allow
environment
to be set. However, maybe there is a workaround that folks know.cc @seemethere @ZainRizvi
Ref
https://docs.github.com/en/actions/sharing-automations/reusing-workflows#supported-keywords-for-jobs-that-call-a-reusable-workflow
The text was updated successfully, but these errors were encountered: