From 6856ec3d248315a0de45a942d85d7844690beee1 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sat, 27 Jun 2026 18:51:37 -0400 Subject: [PATCH] test: throwaway workflow_call + secrets:inherit feasibility probe (Phase 4) --- .gitea/workflows/zz-wf-call-probe-caller.yml | 9 +++++++++ .gitea/workflows/zz-wf-call-probe-reusable.yml | 13 +++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 .gitea/workflows/zz-wf-call-probe-caller.yml create mode 100644 .gitea/workflows/zz-wf-call-probe-reusable.yml diff --git a/.gitea/workflows/zz-wf-call-probe-caller.yml b/.gitea/workflows/zz-wf-call-probe-caller.yml new file mode 100644 index 0000000..c8fd7d5 --- /dev/null +++ b/.gitea/workflows/zz-wf-call-probe-caller.yml @@ -0,0 +1,9 @@ +# THROWAWAY feasibility probe for Phase 4 — delete after. +name: zz-wf-call-probe-caller +on: + push: + branches: [test/wf-call-probe] +jobs: + call-reusable: + uses: ./.gitea/workflows/zz-wf-call-probe-reusable.yml + secrets: inherit diff --git a/.gitea/workflows/zz-wf-call-probe-reusable.yml b/.gitea/workflows/zz-wf-call-probe-reusable.yml new file mode 100644 index 0000000..619fa09 --- /dev/null +++ b/.gitea/workflows/zz-wf-call-probe-reusable.yml @@ -0,0 +1,13 @@ +# THROWAWAY feasibility probe for Phase 4 — delete after. +name: zz-wf-call-probe-reusable +on: + workflow_call: {} +jobs: + probe: + runs-on: ubuntu-latest + steps: + - name: report inherited-secret visibility (no leak) + env: + S: ${{ secrets.OLLAMA_CLOUD_API_KEY }} + run: | + if [ -n "$S" ]; then echo "WFCALL_PROBE_RESULT=SECRET_PRESENT"; else echo "WFCALL_PROBE_RESULT=SECRET_ABSENT"; fi