GitHub Actions "Unrecognized named-value: 'secrets'" Where Unavailable
You referenced the secrets context in a position where it is not available. GitHub evaluates some keys (runs-on, container image, defaults) early, before secrets are injected, so it cannot recognize secrets there.
What this error means
The workflow fails to compile with "Unrecognized named-value: secrets", pointing at a key like runs-on or a container image where the secrets context is not allowed.
The workflow is not valid. .github/workflows/ci.yml (Line: 6, Col: 14):
Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.RUNNER_LABELCommon causes
secrets used in an early-evaluated key
runs-on, the container/services image, and some defaults are resolved before secrets are available, so referencing secrets there is unrecognized.
secrets referenced in a reusable workflow caller incorrectly
In a caller, secrets are passed via the secrets: block, not referenced inline in arbitrary keys. Using secrets.X outside an allowed position fails.
How to fix it
Move secrets into a step env or with
Reference secrets where they are available - inside a step env or with block - not in runs-on or an image key.
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- run: ./deploy.sh
env:
TOKEN: ${{ secrets.DEPLOY_TOKEN }}Use the right mechanism per key
- For dynamic runner labels, pass a non-secret value via vars or an input, not secrets.
- For container credentials, use the container.credentials block, which does allow secrets.
- For reusable workflows, forward secrets via the secrets: map or secrets: inherit.
How to prevent it
- Consult the context availability table before referencing secrets.
- Keep secrets in step env/with and credentials blocks.
- Use vars or inputs for values needed in early-evaluated keys.