From a1efd5a21e40774b6965f37f79074e7252894371 Mon Sep 17 00:00:00 2001
From: Kevin Meinhardt <kmeinhardt@mozilla.com>
Date: Tue, 25 Jun 2024 20:06:49 +0200
Subject: [PATCH] Add secret

---
 .github/workflows/default.yml |  2 ++
 .github/workflows/worker.yml  | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
index 41effe4..b41d727 100644
--- a/.github/workflows/default.yml
+++ b/.github/workflows/default.yml
@@ -59,6 +59,8 @@ jobs:
   call_worker:
     needs: context
     uses: ./.github/workflows/worker.yml
+    secrets:
+       token: ${{ github.token }}
     with:
       boolean: ${{ fromJson(needs.context.outputs.boolean) }}
       number: ${{ fromJson(needs.context.outputs.number) }}
diff --git a/.github/workflows/worker.yml b/.github/workflows/worker.yml
index 4c7c23e..432641f 100644
--- a/.github/workflows/worker.yml
+++ b/.github/workflows/worker.yml
@@ -30,6 +30,10 @@ on:
       workflow_output2:
         description: "The second job output"
         value: ${{ jobs.output.outputs.two }}
+    secrets:
+      token:
+        description: 'A token passed from the caller workflow'
+        required: false
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
@@ -42,6 +46,20 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/context
 
+  secret:
+    env:
+      github_secret: ${{ github.event.workflow_call.secrets.token }}
+      secret: ${{ secrets.token }}
+    runs-on: ubuntu-latest
+    steps:
+      - shell: bash
+        run: |
+          set -x
+          echo "env.secret: ${{ env.secret }}"
+          echo "contains(env, 'secret'): ${{ contains(env, 'secret') }}"
+          echo "env.github_secret: ${{ env.github_secret }}"
+          echo "contains(env, 'github_secret'): ${{ contains(env, 'github_secret') }}"
+
   output:
     runs-on: ubuntu-latest