Base repository cannot read secret after PR merge from forked repository

  1. I got a PR from a forked repository
  2. I merged it and the workflow got executed.
  3. The execution failed to read the secret that exists on the base repository.

Was the workflow executed in the forked repository instead of the base repository? Documentation does not agree:

When you create a pull request from a forked repository to the base repository, GitHub sends the pull_request event to the base repository and no pull request events occur on the forked repository.

Why did the workflow fail to read my secret “${{secrets.BUMP_GITHUB_PAT}}” on a PR event that was executed in master in base repository?

BTW if interesting here’s the here I’m trying to achieve to maintain the repository.

Hi @undergroundwires,

Glad to see you in Github Community Forum!

When you create a pull request from forked repository to base repository, the workflow will be triggered on base repository.

It’s by designed that encypted secrets are not passed to the runner when a workflow is triggered from a forked repository. It’s mentioned in official doc here:
https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets#using-encrypted-secrets-in-a-workflow

Thanks