As described here, GitHub Actions now makes it possible to reuse workflows under the following conditions:
- Both workflows are in the same repository.
- The called workflow is stored in a public repository.
This is quite limiting for organization (that have a GitHub subscription like “GitHub Teams”) that want to create reusable workflows that can be used across many distinct repositories (ex: 1 private repository defines a shared workflow and that workflow is reused by 50 other private repositories).
In my case, the shared workflows would have sensitive information (ex: AWS ECR registry url, AWS Code Artifacts information). Exposing all these details in a public repository would expose to the world the technologies that we use for building our products and how we do it. This gives more information to potential hackers.
With this in mind, my organization can’t use shared workflows which is a shame The feature would have made it possible to stop replicating yaml build scripts in about 40 repositories (one repository per micro-service).
So my question is: do you have plans to enable workflow reuse when the repository that contains the shared workflow is stored in a private organization repository?