Can't call reusable workflow: "Unexpected value 'uses'"

I’m trying to avoid duplication across repos by reusing workflows, but I’m failing to get it to work as I’m getting the error above.

Here’s my called workflow:

name: Automatically merge Dependabot PRs
on:
  workflow_call:

jobs:
  label:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Fetch metadata
        id: metadata
        uses: dependabot/fetch-metadata@v1.1.1
        with:
          github-token: "${{ secrets.GITHUB_TOKEN }}"
      - name: Rename production dependencies
        if: ${{ steps.metadata.outputs.dependency-type == 'direct:production' }}
        run: gh pr edit "$PR_URL" --title "${OLD_TITLE/chore/fix}"
        env:
          OLD_TITLE: ${{ github.event.pull_request.title }}
          PR_URL: ${{ github.event.pull_request.html_url }}
      - name: Add automerge label
        run: gh pr edit "$PR_URL" --add-label "automerge"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

And here’s the caller:

name: Automerge Dependabot PRs

on:
  pull_request:
    types:
      - opened
      - assigned

jobs:
  dependabot-automerge:
    runs-on: ubuntu-latest
    uses: relaycorp/shared-workflows/.github/workflows/dependabot-automerge.yml@main

However, when the reusable workflow is called, I get this error:


The workflow is not valid. .github/workflows/dependabot-automerge.yml (Line: 12, Col: 5): Unexpected value 'uses'

I also tried moving the uses in the caller inside a steps object, but that fails for a different reason:

callable workflows should be referenced at the top-level `jobs.*.uses' key, not within steps

Any idea what I’m doing wrong?

OK, found the issue: The caller workflow shouldn’t have runs-on (WebStorm complained if it was missing).

However, I’m now running into a new issue: The steps in the called workflow can’t see the GITHUB_TOKEN. I’m getting this error when the first step is run:

Error: github-token is not set! Please add 'github-token: "${{ secrets.GITHUB_TOKEN }}"' to your workflow file.

However, as you’ll see above, I already added github-token: "${{ secrets.GITHUB_TOKEN }}". Do I also have to pass it from the caller? If so, how?

I believe you need to add inputs/secrets to the workflow_call object.
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callsecrets

on:
  workflow_call:
    secrets:
      GITHUB_TOKEN:
        required: true

I think you also need to pass the token variable to the workflow call from the workflow file.
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#jobsjob_idsecrets

jobs:
  dependabot-automerge:
    runs-on: ubuntu-latest
    uses: relaycorp/shared-workflows/.github/workflows/dependabot-automerge.yml@main
    secrets:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
1 Like

Thanks @katsute! I forgot to update this thread to say that I created a separate thread for the GITHUB_TOKEN issue (and I tried what you’re suggesting but it didn’t work)

The syntax in the docs looks different. There it looks like GITHUB_TOKEN is passed automatically when you set the permissions you want it to have. Tell me if I’m wrong here:
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_callinputs

Example

This example shows permissions being set for the GITHUB_TOKEN that will apply to all jobs in the workflow. All permissions are granted read access.

name: "My workflow"

on: [ push ]

permissions: read-all

jobs:
  ...