Gitea Actions secrets not passed to the workflow in CI
A ${{ secrets.NAME }} reference resolves to empty because the secret is not defined at the repo, org, or user scope the run uses, or it was passed to a step in a way the runner does not expand. Define it at the right scope and reference it via the secrets context.
What this error means
A step that needs a secret fails with an empty value or an auth error, while the workflow otherwise runs. The secret is missing at the run scope or misreferenced.
Error: authentication failed
# because:
env:
TOKEN: ${{ secrets.API_TOKEN }} # API_TOKEN not defined at this scopeCommon causes
The secret is not defined at the run scope
The secret exists at a different level (org vs repo) than the run uses, so the context returns empty.
The value is not passed through the secrets context
Hardcoding or referencing a plain variable instead of ${{ secrets.NAME }} means the runner never injects the secret.
How to fix it
Define the secret at the correct scope
- Add the secret under the repo (or org) Actions secrets that the run uses.
- Reference it with the secrets context in env or with.
- Re-run and confirm the value is present.
env:
API_TOKEN: ${{ secrets.API_TOKEN }}Pass the secret explicitly to reusable steps
When a secret is needed by an action or nested call, pass it through inputs or env rather than assuming it is inherited.
- uses: some/action@v1
with:
token: ${{ secrets.API_TOKEN }}How to prevent it
- Define secrets at the scope the workflow actually runs under.
- Always reference secrets via the secrets context.
- Do not commit secret values into workflow files.