Skip to content
Latchkey

Gitea Actions secrets not passed to the workflow in CI

A ${{ secrets.NAME }} reference resolves to empty because the secret is not defined at the repo, org, or user scope the run uses, or it was passed to a step in a way the runner does not expand. Define it at the right scope and reference it via the secrets context.

What this error means

A step that needs a secret fails with an empty value or an auth error, while the workflow otherwise runs. The secret is missing at the run scope or misreferenced.

Gitea Actions
Error: authentication failed
# because:
env:
  TOKEN: ${{ secrets.API_TOKEN }}   # API_TOKEN not defined at this scope

Common causes

The secret is not defined at the run scope

The secret exists at a different level (org vs repo) than the run uses, so the context returns empty.

The value is not passed through the secrets context

Hardcoding or referencing a plain variable instead of ${{ secrets.NAME }} means the runner never injects the secret.

How to fix it

Define the secret at the correct scope

  1. Add the secret under the repo (or org) Actions secrets that the run uses.
  2. Reference it with the secrets context in env or with.
  3. Re-run and confirm the value is present.
.gitea/workflows/ci.yml
env:
  API_TOKEN: ${{ secrets.API_TOKEN }}

Pass the secret explicitly to reusable steps

When a secret is needed by an action or nested call, pass it through inputs or env rather than assuming it is inherited.

.gitea/workflows/ci.yml
- uses: some/action@v1
  with:
    token: ${{ secrets.API_TOKEN }}

How to prevent it

  • Define secrets at the scope the workflow actually runs under.
  • Always reference secrets via the secrets context.
  • Do not commit secret values into workflow files.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →