diff --git a/.gitea/workflows/zz-wf-call-probe-caller.yml b/.gitea/workflows/zz-wf-call-probe-caller.yml new file mode 100644 index 0000000..c8fd7d5 --- /dev/null +++ b/.gitea/workflows/zz-wf-call-probe-caller.yml @@ -0,0 +1,9 @@ +# THROWAWAY feasibility probe for Phase 4 — delete after. +name: zz-wf-call-probe-caller +on: + push: + branches: [test/wf-call-probe] +jobs: + call-reusable: + uses: ./.gitea/workflows/zz-wf-call-probe-reusable.yml + secrets: inherit diff --git a/.gitea/workflows/zz-wf-call-probe-reusable.yml b/.gitea/workflows/zz-wf-call-probe-reusable.yml new file mode 100644 index 0000000..619fa09 --- /dev/null +++ b/.gitea/workflows/zz-wf-call-probe-reusable.yml @@ -0,0 +1,13 @@ +# THROWAWAY feasibility probe for Phase 4 — delete after. +name: zz-wf-call-probe-reusable +on: + workflow_call: {} +jobs: + probe: + runs-on: ubuntu-latest + steps: + - name: report inherited-secret visibility (no leak) + env: + S: ${{ secrets.OLLAMA_CLOUD_API_KEY }} + run: | + if [ -n "$S" ]; then echo "WFCALL_PROBE_RESULT=SECRET_PRESENT"; else echo "WFCALL_PROBE_RESULT=SECRET_ABSENT"; fi