└── .github
    └── workflows
        ├── workflow-template.yml
        ├── workflow-template-fix.yml
        ├── workflow-template-fix-without-required-secret.yml
        └── workflow-inplementation.yml


/.github/workflows/workflow-template.yml:
--------------------------------------------------------------------------------
 1 | name: Workflow Template
 2 | 
 3 | on:
 4 |   workflow_call:
 5 |     inputs:
 6 |       ENVIRONMENT:
 7 |         required: true
 8 |         type: string
 9 |             
10 | jobs:
11 |     my-job:
12 |         name: my-job
13 |         runs-on: ubuntu-latest
14 |         environment: ${{ inputs.ENVIRONMENT }}
15 | 
16 |         env:
17 |             MY_SECRET: ${{ secrets.MY_SECRET }}
18 | 
19 |         steps:
20 |             - uses: actions/checkout@v2
21 | 
22 |             - run : |
23 |                 echo 'printing envs'
24 |                 env


--------------------------------------------------------------------------------
/.github/workflows/workflow-template-fix.yml:
--------------------------------------------------------------------------------
 1 | name: Workflow Template with Fix
 2 | 
 3 | on:
 4 |   workflow_call:
 5 |     inputs:
 6 |       ENVIRONMENT:
 7 |         required: true
 8 |         type: string
 9 |     secrets:
10 |       MY_SECRET: 
11 |         required: true
12 |             
13 | jobs:
14 |     my-job:
15 |         name: my-job
16 |         runs-on: ubuntu-latest
17 |         environment: ${{ inputs.ENVIRONMENT }}
18 | 
19 |         env:
20 |             MY_SECRET: ${{ secrets.MY_SECRET }}
21 | 
22 |         steps:
23 |             - uses: actions/checkout@v2
24 | 
25 |             - run : |
26 |                 echo 'printing envs'
27 |                 env


--------------------------------------------------------------------------------
/.github/workflows/workflow-template-fix-without-required-secret.yml:
--------------------------------------------------------------------------------
 1 | name: Workflow Template with Fix
 2 | 
 3 | on:
 4 |   workflow_call:
 5 |     inputs:
 6 |       ENVIRONMENT:
 7 |         required: true
 8 |         type: string
 9 |     secrets:
10 |       MY_SECRET: 
11 |         required: false
12 |             
13 | jobs:
14 |     my-job:
15 |         name: my-job
16 |         runs-on: ubuntu-latest
17 |         environment: ${{ inputs.ENVIRONMENT }}
18 | 
19 |         env:
20 |             MY_SECRET: ${{ secrets.MY_SECRET }}
21 | 
22 |         steps:
23 |             - uses: actions/checkout@v2
24 | 
25 |             - run : |
26 |                 echo 'printing envs'
27 |                 env


--------------------------------------------------------------------------------
/.github/workflows/workflow-inplementation.yml:
--------------------------------------------------------------------------------
 1 | name: Deploy Workflow
 2 | 
 3 | on:
 4 |   push:
 5 |       branches:
 6 |           - master
 7 |   
 8 |   workflow_dispatch:
 9 | 
10 | jobs:
11 | 
12 |     #this shows that the environment secrets were not loaded when dynamically passing an environment. If you open the last Action run logs you will see that MY_SECRET is empty
13 |     my-workflow-job-1:
14 |       uses: AllanOricil/workflow-template-bug/.github/workflows/workflow-template.yml@master
15 |       with:
16 |         ENVIRONMENT: myenvironment
17 | 
18 |     #this shows that the environment works because the protection rule blocked the job. If you open the last Action run logs you will see that MY_SECRET is empty
19 |     my-workflow-job-2:
20 |       uses: AllanOricil/workflow-template-bug/.github/workflows/workflow-template.yml@master
21 |       with:
22 |         ENVIRONMENT: myprotectedenvironment
23 | 
24 |     #this shows that the environment secrets are loaded when the job is inline. If you open the last Action run logs you will see that MY_SECRET is NOT empty. But this job is inline and it is not reusable. If you copy and paste it multiple times, you would end up having lots of repeated lines.
25 |     my-workflow-job-3:
26 |       name: my-workflow-job-3
27 |       runs-on: ubuntu-latest
28 |       environment: myenvironment
29 | 
30 |       env:
31 |           MY_SECRET: ${{ secrets.MY_SECRET }}
32 | 
33 |       steps:
34 |           - uses: actions/checkout@v2
35 | 
36 |           - run : |
37 |               echo 'printing envs'
38 |               env
39 | 
40 |     #this uses the workflow template with the fix to ensure the environment secret is actually loaded. If you open the last Action run logs you will see that MY_SECRET is NOT empty.
41 |     my-workflow-job-4:
42 |       uses: AllanOricil/workflow-template-bug/.github/workflows/workflow-template-fix.yml@master
43 |       with:
44 |         ENVIRONMENT: myenvironment
45 |       secrets:
46 |         MY_SECRET: ${{ secrets.MY_SECRET }} #it is really weird to pass a secret here because it feels that is comming from outside, from the repository secrets, not from the environment. But it magically works, and the environment secret will be loaded
47 |         
48 |     #this won't work because the workflow-template-fix has MY_SECRET as a required secret. It throws a template compilation error. That is why it is commented. It is here just to show you what not do to.
49 |     #my-workflow-job-5:
50 |     #  uses: AllanOricil/workflow-template-bug/.github/workflows/workflow-template-fix.yml@master
51 |     #  with:
52 |     #    ENVIRONMENT: myenvironment
53 |     
54 |     #this won't work.  If you open the last Action run logs you will see that MY_SECRET is empty. So it is a MUST that you do as in the my-workflow-job-4.
55 |     my-workflow-job-6:
56 |       uses: AllanOricil/workflow-template-bug/.github/workflows/workflow-template-fix-without-required-secret.yml@master
57 |       with:
58 |         ENVIRONMENT: myenvironment
59 | 


--------------------------------------------------------------------------------