test: throwaway workflow_call + secrets:inherit feasibility probe (Phase 4)
zz-wf-call-probe-caller / call-reusable (push) Successful in 2s
zz-wf-call-probe-caller / call-reusable (push) Successful in 2s
This commit is contained in:
@@ -0,0 +1,9 @@
|
||||
# THROWAWAY feasibility probe for Phase 4 — delete after.
|
||||
name: zz-wf-call-probe-caller
|
||||
on:
|
||||
push:
|
||||
branches: [test/wf-call-probe]
|
||||
jobs:
|
||||
call-reusable:
|
||||
uses: ./.gitea/workflows/zz-wf-call-probe-reusable.yml
|
||||
secrets: inherit
|
||||
@@ -0,0 +1,13 @@
|
||||
# THROWAWAY feasibility probe for Phase 4 — delete after.
|
||||
name: zz-wf-call-probe-reusable
|
||||
on:
|
||||
workflow_call: {}
|
||||
jobs:
|
||||
probe:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: report inherited-secret visibility (no leak)
|
||||
env:
|
||||
S: ${{ secrets.OLLAMA_CLOUD_API_KEY }}
|
||||
run: |
|
||||
if [ -n "$S" ]; then echo "WFCALL_PROBE_RESULT=SECRET_PRESENT"; else echo "WFCALL_PROBE_RESULT=SECRET_ABSENT"; fi
|
||||
Reference in New Issue
Block a user