Happy to see this! Been using it for a few weeks now. Aside from a major upgrade to issues/projects there's only a few features left that could bring GitHub up to Azure DevOps' level.
Currently it looks like you can't use or pass a protected environment secret in the caller to the called workflow through that secret param yet.
Also, for this to be useful at Enterprise scale the org secrets need to be mappable to specific yaml files in other repos like how Azure DevOps has in a policy for Service Connections.
Secrets with high level access to shared endpoints are too easy for a malicious dev to echo to the log (via char injection or storing in a file) to be trusted.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Happy to see this! Been using it for a few weeks now. Aside from a major upgrade to issues/projects there's only a few features left that could bring GitHub up to Azure DevOps' level.
Currently it looks like you can't use or pass a protected environment secret in the caller to the called workflow through that secret param yet.
Also, for this to be useful at Enterprise scale the org secrets need to be mappable to specific yaml files in other repos like how Azure DevOps has in a policy for Service Connections.
Secrets with high level access to shared endpoints are too easy for a malicious dev to echo to the log (via char injection or storing in a file) to be trusted.