feat(actions): show inherited org secrets/variables in repo settings #78

New Issue

Closed

opened 2026-05-13 00:30:39 +00:00 by jmiller · 0 comments

jmiller commented 2026-05-13 00:30:39 +00:00

Owner

Copy Link

Copy Source

Summary

Mimic GitHub behavior: when viewing repo-level Actions secrets and variables settings, also display inherited org-level secrets/variables so repo maintainers can see what is available and what they would override.

Current Behavior

Repo settings ? Actions ? Secrets only shows repo-level secrets. Users have no visibility into org-level secrets that are available to their workflows. Same issue with variables.

Expected Behavior (GitHub parity)

• Repo secrets/variables page shows two sections:
  1. Repository secrets � editable, same as today
  2. Organization secrets � read-only list showing inherited org secrets, with:
     • Name (value is masked/hidden)
     • Description if set
     • "Inherited from organization" badge
     • Visual indicator if a repo-level secret overrides an org secret (e.g. strikethrough or "overridden" label)
• Same pattern for variables
• Org secrets cannot be edited from the repo page � link to org settings for management

Implementation Notes

• GetSecretsOfTask() in models/secret/secret.go already handles the cascade correctly (org first, repo overrides)
• Repo secrets handler in routers/web/repo/setting/secrets.go needs to also query FindSecretsOptions{OwnerID: repo.OwnerID} for display
• Shared template repo/settings/actions needs an inherited secrets section
• Same approach for variables in routers/web/shared/actions/variables.go

References

• GitHub docs: Organization-level secrets are available to all repos in the org
• Secret resolution: repo secrets take priority over org secrets with the same name

---

Authored-by: Moko Consulting

## Summary Mimic GitHub behavior: when viewing repo-level Actions secrets and variables settings, also display inherited org-level secrets/variables so repo maintainers can see what is available and what they would override. ## Current Behavior Repo settings ? Actions ? Secrets only shows repo-level secrets. Users have no visibility into org-level secrets that are available to their workflows. Same issue with variables. ## Expected Behavior (GitHub parity) - Repo secrets/variables page shows two sections: 1. **Repository secrets** � editable, same as today 2. **Organization secrets** � read-only list showing inherited org secrets, with: - Name (value is masked/hidden) - Description if set - "Inherited from organization" badge - Visual indicator if a repo-level secret overrides an org secret (e.g. strikethrough or "overridden" label) - Same pattern for variables - Org secrets cannot be edited from the repo page � link to org settings for management ## Implementation Notes - `GetSecretsOfTask()` in `models/secret/secret.go` already handles the cascade correctly (org first, repo overrides) - Repo secrets handler in `routers/web/repo/setting/secrets.go` needs to also query `FindSecretsOptions{OwnerID: repo.OwnerID}` for display - Shared template `repo/settings/actions` needs an inherited secrets section - Same approach for variables in `routers/web/shared/actions/variables.go` ## References - GitHub docs: Organization-level secrets are available to all repos in the org - Secret resolution: repo secrets take priority over org secrets with the same name --- *Authored-by: Moko Consulting*

jmiller referenced this issue from a commit 2026-05-13 01:06:23 +00:00

feat(actions): show inherited org secrets/variables in repo settings

jmiller referenced a pull request that will close this issue 2026-05-13 01:07:26 +00:00

feat(actions): show inherited org secrets/variables in repo settings #81

jmiller closed this issue 2026-05-13 01:17:20 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

alpha

beta

feature

version

feat/custom-logo

v1.25.5-moko.1

v1.26.1

v1.26.0

v1.26.0-rc0

v1.27.0-dev

v1.25.5

v1.25.4

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

breaking-change

Breaking API or behavior change

ci-cd

CI/CD pipeline changes

config

Configuration changes

dependencies

Dependency updates

deploy-failure

Deployment failed

docker

Docker/container changes

documentation

Documentation changes

good first issue

Good for newcomers

health-check

Repo health check result

help wanted

Extra attention needed

mokostandards

Related to MokoStandards framework

priority: critical

Must fix immediately

priority: high

Important, fix soon

priority: low

Nice to have

priority: medium

Normal priority

push-failure

Git push operation failed

security

Security vulnerability or hardening

size/l

200-500 lines changed

size/m

50-200 lines changed

size/s

10-50 lines changed

size/xl

500+ lines changed

size/xs

< 10 lines changed

standards-drift

Deviates from MokoStandards

standards-update

MokoStandards compliance update

status: blocked

Blocked by dependency or decision

status: in-progress

Actively being worked on

status: needs-review

Awaiting code review

status: on-hold

Paused intentionally

status: wontfix

Will not be addressed

sync-failure

Sync or mirror failed

type: bug

Something isn't working

type: chore

Maintenance, dependencies, cleanup

type: enhancement

Improvement to existing feature

type: feature

New functionality

type: refactor

Code restructuring without behavior change

type: version

Version bump or release

work-in-progress

Draft or incomplete work

bug

Something is not working

chore

Maintenance and housekeeping

documentation

Documentation improvements

enhancement

Improvement to existing functionality

feature

New feature or request

priority: critical

Must fix immediately

priority: high

Should fix soon

priority: low

Nice to have

priority: medium

Fix when convenient

refactor

Code restructuring without behavior change

roadmap

Planned feature or enhancement tracked on the roadmap

scope: client

Client-specific work

scope: dolibarr

Dolibarr modules and customizations

scope: infrastructure

Server, CI, backups, monitoring

scope: joomla

Joomla templates and extensions

scope: waas

MokoWaaS platform

security

Security vulnerability or hardening

status: blocked

Waiting on external dependency

status: duplicate

Duplicate of another issue

status: in-progress

Being worked on

status: needs-review

Ready for review

status: wontfix

Will not be addressed

No labels

Milestone

No items

No Milestone

Projects

Clear projects

No projects

Assignees

Clear assignees

jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea#78