Removed use of 'inherit' in ci-cd-pipeline.yml

Author: Avalin

.github/workflows/ci-cd-pipeline.yml

@@ -144,7 +144,6 @@ jobs:
       buildTargets: ${{ inputs.buildTargets }}
       combineArtifacts: ${{ needs.unpack_inputs.outputs.requiresCombined }}
       skipPerBuildTargetArtifacts: ${{ needs.unpack_inputs.outputs.skipPerBuildTarget }}
-    secrets: inherit
 
   # ─────────────────────────────────────────────────────────────────────────────
   # 4. Deploy
@@ -169,7 +168,26 @@ jobs:
       buildTargets: ${{ inputs.buildTargets }}
       hasCombinedArtifacts: ${{ needs.unpack_inputs.outputs.requiresCombined }}
       artifactSource: build
-    secrets: inherit
+    secrets:
+      CICD_PAT: ${{ secrets.CICD_PAT }}
+      DEPLOY_API_KEY: ${{ secrets.DEPLOY_API_KEY }}
+      ITCH_USERNAME: ${{ secrets.ITCH_USERNAME }}
+      ITCH_PROJECT: ${{ secrets.ITCH_PROJECT }}
+      APPCENTER_OWNER_NAME: ${{ secrets.APPCENTER_OWNER_NAME }}
+      FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      S3_BUCKET: ${{ secrets.S3_BUCKET }}
+      STEAM_USERNAME: ${{ secrets.STEAM_USERNAME }}
+      STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }}
+      STEAM_APP_ID: ${{ secrets.STEAM_APP_ID }}
+      STEAM_DEPOT_VDF_PATH: ${{ secrets.STEAM_DEPOT_VDF_PATH }}
+      APPSTORE_API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
+      APPSTORE_API_ISSUER_ID: ${{ secrets.APPSTORE_API_ISSUER_ID }}
+      APPSTORE_API_PRIVATE_KEY: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
+      CUSTOM_SERVER_HOST: ${{ secrets.CUSTOM_SERVER_HOST }}
+      CUSTOM_SERVER_USER: ${{ secrets.CUSTOM_SERVER_USER }}
+      CUSTOM_SERVER_KEY: ${{ secrets.CUSTOM_SERVER_KEY }}
 
   # ─────────────────────────────────────────────────────────────────────────────
   # 5. Notify
@@ -199,4 +217,6 @@ jobs:
       testsTotal: ${{ needs.run_tests.outputs.totalTests }}
       testsPassed: ${{ needs.run_tests.outputs.passedTests }}
       testsFailedNames: ${{ needs.run_tests.outputs.failedTestNames }}
-    secrets: inherit
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}

.github/workflows/step-1-test.yml

@@ -47,12 +47,9 @@ on:
         description: "List of failed test names (multiline string or 'None' if no failures)"
         value: ${{ jobs.summarize_tests.outputs.failedTestNames }}
     secrets:
-      UNITY_EMAIL:
-        required: true
-      UNITY_PASSWORD:
-        required: true
-      UNITY_LICENSE:
-        required: true
+      UNITY_EMAIL: { required: true }
+      UNITY_PASSWORD: { required: true }
+      UNITY_LICENSE: { required: true }
 
 jobs:
   upload_unity_license:

.github/workflows/step-3-release.yml

@@ -28,7 +28,7 @@ on:
         description: "Whether to skip uploading per-platform artifacts"
         type: string
         default: "false"
-        required: false      
+        required: false
     outputs:
       releaseErrorMessage:
         description: "Error message if release failed"

.github/workflows/step-5-notify.yml

@@ -34,6 +34,9 @@ on:
         required: false
         type: string
         default: "None (tests were not run)"
+    secrets:
+      SLACK_WEBHOOK: { required: false }
+      DISCORD_WEBHOOK: { required: false }
 
 jobs:
   notify:
@@ -73,10 +76,9 @@ jobs:
             failure) COLOR="danger" ;;
             *) COLOR="#cccccc" ;;
           esac
-      
-          # Interpret literal newlines correctly
+
           TEXT=$'*${{ steps.generate_notification.outputs.title }}* - `${{ github.repository }}`\n${{ steps.generate_notification.outputs.slackMessage }}'
-      
+
           PAYLOAD=$(jq -n \
             --arg text "$TEXT" \
             --arg color "$COLOR" \
@@ -85,34 +87,33 @@ jobs:
               attachments: [{ color: $color }]
             }'
           )
-      
+
           RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X POST -H "Content-Type: application/json" \
             -d "$PAYLOAD" "$SLACK_WEBHOOK")
-      
+
           if [ "$RESPONSE" -ge 200 ] && [ "$RESPONSE" -lt 300 ]; then
             echo "SLACK_STATUS=✅ Notification sent" >> $GITHUB_ENV
           else
             echo "SLACK_STATUS=❌ Failed to send (HTTP $RESPONSE)" >> $GITHUB_ENV
           fi
         env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}    
-    
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+
       # ───── Discord ─────
       - name: 📢 Send Discord Notification (if configured)
         if: ${{ env.DISCORD_WEBHOOK != '' }}
         continue-on-error: true
         run: |
-          # Interpret literal newlines correctly
           TEXT=$'${{ steps.generate_notification.outputs.discordMessage }}'
-      
+
           PAYLOAD=$(jq -n \
             --arg content "$TEXT" \
             '{ content: $content }'
           )
-      
+
           RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" -X POST -H "Content-Type: application/json" \
             -d "$PAYLOAD" "$DISCORD_WEBHOOK")
-      
+
           if [ "$RESPONSE" -ge 200 ] && [ "$RESPONSE" -lt 300 ]; then
             echo "DISCORD_STATUS=✅ Notification sent" >> $GITHUB_ENV
           else

.github/workflows/test-step-2-build-workflow.yml

@@ -64,4 +64,7 @@ jobs:
       projectName: ${{ needs.prepare_metadata.outputs.projectName }}
       buildTargets: ${{ inputs.buildTargets }}
       combineArtifacts: ${{ needs.prepare_metadata.outputs.requiresCombined }}
-    secrets: inherit
+    secrets:
+      UNITY_EMAIL: ${{ secrets.UNITY_EMAIL }}
+      UNITY_PASSWORD: ${{ secrets.UNITY_PASSWORD }}
+      UNITY_LICENSE: ${{ secrets.UNITY_LICENSE }}

.github/workflows/test-step-4-deploy-workflow.yml

@@ -133,7 +133,26 @@ jobs:
       buildTargets: ${{ inputs.buildTargets }}
       hasCombinedArtifacts: ${{ needs.prepare_metadata.outputs.requiresCombined }}
       artifactSource: ${{ inputs.artifactSource }}
-    secrets: inherit
+    secrets:
+      CICD_PAT: ${{ secrets.CICD_PAT }}
+      DEPLOY_API_KEY: ${{ secrets.DEPLOY_API_KEY }}
+      ITCH_USERNAME: ${{ secrets.ITCH_USERNAME }}
+      ITCH_PROJECT: ${{ secrets.ITCH_PROJECT }}
+      APPCENTER_OWNER_NAME: ${{ secrets.APPCENTER_OWNER_NAME }}
+      FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      S3_BUCKET: ${{ secrets.S3_BUCKET }}
+      STEAM_USERNAME: ${{ secrets.STEAM_USERNAME }}
+      STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }}
+      STEAM_APP_ID: ${{ secrets.STEAM_APP_ID }}
+      STEAM_DEPOT_VDF_PATH: ${{ secrets.STEAM_DEPOT_VDF_PATH }}
+      APPSTORE_API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
+      APPSTORE_API_ISSUER_ID: ${{ secrets.APPSTORE_API_ISSUER_ID }}
+      APPSTORE_API_PRIVATE_KEY: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
+      CUSTOM_SERVER_HOST: ${{ secrets.CUSTOM_SERVER_HOST }}
+      CUSTOM_SERVER_USER: ${{ secrets.CUSTOM_SERVER_USER }}
+      CUSTOM_SERVER_KEY: ${{ secrets.CUSTOM_SERVER_KEY }}
 
   test_deploy_from_release:
     name: 🌍 Test Deploy From Release
@@ -148,4 +167,23 @@ jobs:
       buildTargets: '[]'
       hasCombinedArtifacts: ${{ needs.validate_release.outputs.hasCombinedArtifacts }}
       artifactSource: release
-    secrets: inherit
+    secrets:
+      CICD_PAT: ${{ secrets.CICD_PAT }}
+      DEPLOY_API_KEY: ${{ secrets.DEPLOY_API_KEY }}
+      ITCH_USERNAME: ${{ secrets.ITCH_USERNAME }}
+      ITCH_PROJECT: ${{ secrets.ITCH_PROJECT }}
+      APPCENTER_OWNER_NAME: ${{ secrets.APPCENTER_OWNER_NAME }}
+      FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      S3_BUCKET: ${{ secrets.S3_BUCKET }}
+      STEAM_USERNAME: ${{ secrets.STEAM_USERNAME }}
+      STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }}
+      STEAM_APP_ID: ${{ secrets.STEAM_APP_ID }}
+      STEAM_DEPOT_VDF_PATH: ${{ secrets.STEAM_DEPOT_VDF_PATH }}
+      APPSTORE_API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
+      APPSTORE_API_ISSUER_ID: ${{ secrets.APPSTORE_API_ISSUER_ID }}
+      APPSTORE_API_PRIVATE_KEY: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
+      CUSTOM_SERVER_HOST: ${{ secrets.CUSTOM_SERVER_HOST }}
+      CUSTOM_SERVER_USER: ${{ secrets.CUSTOM_SERVER_USER }}
+      CUSTOM_SERVER_KEY: ${{ secrets.CUSTOM_SERVER_KEY }}

.github/workflows/test-step-5-notify-workflow.yml

@@ -146,4 +146,6 @@ jobs:
       testsTotal: ${{ needs.dry_tests.outputs.totalTests }}
       testsPassed: ${{ needs.dry_tests.outputs.passedTests }}
       testsFailedNames: ${{ needs.dry_tests.outputs.failedTestNames }}
-    secrets: inherit
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}

CICD_Workflows/ci-cd-pipeline.yml

@@ -144,7 +144,6 @@ jobs:
       buildTargets: ${{ inputs.buildTargets }}
       combineArtifacts: ${{ needs.unpack_inputs.outputs.requiresCombined }}
       skipPerBuildTargetArtifacts: ${{ needs.unpack_inputs.outputs.skipPerBuildTarget }}
-    secrets: inherit
 
   # ─────────────────────────────────────────────────────────────────────────────
   # 4. Deploy
@@ -169,7 +168,26 @@ jobs:
       buildTargets: ${{ inputs.buildTargets }}
       hasCombinedArtifacts: ${{ needs.unpack_inputs.outputs.requiresCombined }}
       artifactSource: build
-    secrets: inherit
+    secrets:
+      CICD_PAT: ${{ secrets.CICD_PAT }}
+      DEPLOY_API_KEY: ${{ secrets.DEPLOY_API_KEY }}
+      ITCH_USERNAME: ${{ secrets.ITCH_USERNAME }}
+      ITCH_PROJECT: ${{ secrets.ITCH_PROJECT }}
+      APPCENTER_OWNER_NAME: ${{ secrets.APPCENTER_OWNER_NAME }}
+      FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      S3_BUCKET: ${{ secrets.S3_BUCKET }}
+      STEAM_USERNAME: ${{ secrets.STEAM_USERNAME }}
+      STEAM_PASSWORD: ${{ secrets.STEAM_PASSWORD }}
+      STEAM_APP_ID: ${{ secrets.STEAM_APP_ID }}
+      STEAM_DEPOT_VDF_PATH: ${{ secrets.STEAM_DEPOT_VDF_PATH }}
+      APPSTORE_API_KEY_ID: ${{ secrets.APPSTORE_API_KEY_ID }}
+      APPSTORE_API_ISSUER_ID: ${{ secrets.APPSTORE_API_ISSUER_ID }}
+      APPSTORE_API_PRIVATE_KEY: ${{ secrets.APPSTORE_API_PRIVATE_KEY }}
+      CUSTOM_SERVER_HOST: ${{ secrets.CUSTOM_SERVER_HOST }}
+      CUSTOM_SERVER_USER: ${{ secrets.CUSTOM_SERVER_USER }}
+      CUSTOM_SERVER_KEY: ${{ secrets.CUSTOM_SERVER_KEY }}
 
   # ─────────────────────────────────────────────────────────────────────────────
   # 5. Notify
@@ -199,4 +217,6 @@ jobs:
       testsTotal: ${{ needs.run_tests.outputs.totalTests }}
       testsPassed: ${{ needs.run_tests.outputs.passedTests }}
       testsFailedNames: ${{ needs.run_tests.outputs.failedTestNames }}
-    secrets: inherit
+    secrets:
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+      DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}