From daff6d08a1113eca3818464e56741121a6d9b961 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Sat, 27 Jun 2026 21:00:40 -0400 Subject: [PATCH] docs: drop stale 'secrets: inherit' mentions (reusable comment + CLAUDE.md) Self-review on PR #9 flagged two doc-drift spots left over from the explicit-secret-forwarding switch. Cosmetic. Co-Authored-By: Claude Opus 4.8 (1M context) --- .gitea/workflows/review-reusable.yml | 2 +- CLAUDE.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/review-reusable.yml b/.gitea/workflows/review-reusable.yml index 7480e67..fdb0921 100644 --- a/.gitea/workflows/review-reusable.yml +++ b/.gitea/workflows/review-reusable.yml @@ -92,7 +92,7 @@ jobs: COMMENT_BODY: ${{ github.event.comment.body }} COMMENT_ID: ${{ github.event.comment.id }} ACTOR: ${{ github.actor }} - # --- provider auth (via secrets: inherit; empty if consumer unset) - + # --- provider auth (forwarded workflow_call secrets; empty if the caller doesn't forward it) - OLLAMA_CLOUD_API_KEY: ${{ secrets.OLLAMA_CLOUD_API_KEY }} OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} diff --git a/CLAUDE.md b/CLAUDE.md index 42b887d..7d284c6 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -47,7 +47,7 @@ entrypoint.sh container brains: trigger gating, PR clone, model loop (t Dockerfile multi-stage; private-module creds via BuildKit secrets never reach the final image .gitea/workflows/build-image.yml push main → :latest; tag v* → :+:latest; PR → build-only .gitea/workflows/review-reusable.yml reusable (workflow_call) review job; consumers subscribe with - an ~8-line caller + `secrets: inherit` (Phase 4). gadfly's own + an ~8-line caller forwarding only the secrets the reviewer needs (Phase 4). gadfly's own adversarial-review.yml is a thin caller of it (dogfoods the path). examples/ copy-paste consumer stub workflows for different providers ```