token workflow fails when nested in calling workflow #266
Description
We have a handful of private app repos running similar workflows using this action to allow both git and gh cli to consume private assets and python app dependencies. We normally use the basic github token except for these ^^ shared assets. The token action works fine in a stand-alone workflow but when I include it in a calling workflow, the private key is no longer visible and the nested workflow fails.
Otherwise this construct works in both public and private repo contexts:
build_rpms:
name: Build rpms
permissions:
contents: write
uses: ./.github/workflows/rpmrel.yml
I tried adjusting the workflow permissions but I could not find the right combination to make things work, if it's even supposed to work. The only workaround I found was not using the above construct and just copy all the jobs into a single workflow file.