From bdf8239a73cc1a0194f5ba49cd904db5007ecb78 Mon Sep 17 00:00:00 2001
From: Patrick Lehmann <Paebbels@gmail.com>
Date: Sun, 4 May 2025 11:21:05 +0200
Subject: [PATCH] Don't use "secrets: inherit"!

---
 .github/workflows/CompletePipeline.yml       | 31 +++++++++++---------
 .github/workflows/PublishCoverageResults.yml |  4 +--
 .github/workflows/PublishTestResults.yml     |  2 +-
 3 files changed, 20 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/CompletePipeline.yml b/.github/workflows/CompletePipeline.yml
index 4e30c57..5731bb9 100644
--- a/.github/workflows/CompletePipeline.yml
+++ b/.github/workflows/CompletePipeline.yml
@@ -96,23 +96,23 @@ on:
       codecov:
         description: 'Publish merged coverage and unittest reports to Codecov.'
         required: false
-        default: false
-        type: boolean
+        default: 'false'
+        type:    string
       codacy:
         description: 'Publish merged coverage report to Codacy.'
         required: false
-        default: false
-        type: boolean
+        default: 'false'
+        type: string
       dorny:
         description: 'Publish merged unittest report via Dorny Test-Reporter.'
         required: false
-        default: false
-        type: boolean
+        default: 'false'
+        type: string
       cleanup:
         description: 'Cleanup artifacts afterwards.'
         required: false
-        default: true
-        type: boolean
+        default: 'true'
+        type: string
     secrets:
       PYPI_TOKEN:
         description: "Token for pushing releases to PyPI."
@@ -194,7 +194,6 @@ jobs:
     with:
       python_version: ${{ needs.UnitTestingParams.outputs.python_version }}
       directory:      ${{ needs.ConfigParams.outputs.package_directory }}
-#      fail_below: 70
 
   Package:
     uses: pyTooling/Actions/.github/workflows/Package.yml@dev
@@ -234,7 +233,9 @@ jobs:
       coverage_report_html_directory: ${{ needs.ConfigParams.outputs.coverage_report_html_directory }}
       codecov:                        ${{ inputs.codecov }}
       codacy:                         ${{ inputs.codacy }}
-    secrets: inherit
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      CODACY_TOKEN:  ${{ secrets.CODACY_TOKEN }}
 
   PublishTestResults:
     uses: pyTooling/Actions/.github/workflows/PublishTestResults.yml@dev
@@ -248,7 +249,8 @@ jobs:
       merged_junit_artifact:  ${{ fromJson(needs.UnitTestingParams.outputs.artifact_names).unittesting_xml }}
       dorny:                  ${{ inputs.dorny }}
       codecov:                ${{ inputs.codecov }}
-    secrets: inherit
+    secrets:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 
 #  VerifyDocs:
 #    uses: pyTooling/Actions/.github/workflows/VerifyDocs.yml@dev
@@ -279,7 +281,7 @@ jobs:
       - UnitTestingParams
       - PublishCoverageResults
       - PublishTestResults
-    if: ${{ inputs.cleanup }}
+    if: inputs.cleanup  == 'true'
     with:
       sqlite_coverage_artifacts_prefix: ${{ fromJson(needs.UnitTestingParams.outputs.artifact_names).codecoverage_sqlite }}-
       xml_unittest_artifacts_prefix:    ${{ fromJson(needs.UnitTestingParams.outputs.artifact_names).unittesting_xml }}-
@@ -354,7 +356,8 @@ jobs:
       python_version: ${{ needs.UnitTestingParams.outputs.python_version }}
       requirements: -r dist/requirements.txt
       artifact: ${{ fromJson(needs.UnitTestingParams.outputs.artifact_names).package_all }}
-    secrets: inherit
+    secrets:
+      PYPI_TOKEN:    ${{ secrets.PYPI_TOKEN }}
 
   ArtifactCleanUp:
     uses: pyTooling/Actions/.github/workflows/ArtifactCleanUp.yml@dev
@@ -369,7 +372,7 @@ jobs:
       - PublishToGitHubPages
 #      - PublishOnPyPI
       - IntermediateCleanUp
-    if: ${{ inputs.cleanup }}
+    if: inputs.cleanup  == 'true'
     with:
       package: ${{ fromJson(needs.UnitTestingParams.outputs.artifact_names).package_all }}
       remaining: |
diff --git a/.github/workflows/PublishCoverageResults.yml b/.github/workflows/PublishCoverageResults.yml
index 0c30530..08f0611 100644
--- a/.github/workflows/PublishCoverageResults.yml
+++ b/.github/workflows/PublishCoverageResults.yml
@@ -225,10 +225,10 @@ jobs:
           if [[ "${{ steps.codecov.outcome }}" == "failure" ]]; then
             printf "::error title=%s::%s\n" "Publish Code Coverage Results / Codecov" "Failed to publish code coverage results."
           else
-            printf "Codecov: No errors to report."
+            printf "Codecov: No errors to report.\n"
           fi
           if [[ "${{ steps.codacy.outcome }}" == "failure" ]]; then
             printf "::error title=%s::%s\n" "Publish Code Coverage Results / Codacy" "Failed to publish code coverage results."
           else
-            printf "Codacy:  No errors to report."
+            printf "Codacy:  No errors to report.\n"
           fi
diff --git a/.github/workflows/PublishTestResults.yml b/.github/workflows/PublishTestResults.yml
index e4607db..c09f56c 100644
--- a/.github/workflows/PublishTestResults.yml
+++ b/.github/workflows/PublishTestResults.yml
@@ -145,7 +145,7 @@ jobs:
           if [[ "${{ steps.codecov.outcome }}" == "failure" ]]; then
             printf "::error title=%s::%s\n" "Publish Unit Test Results / Codecov" "Failed to publish unittest results."
           else
-            printf "Codecov: No errors to report."
+            printf "Codecov: No errors to report.\n"
           fi
 
       - name: 📤 Upload merged 'JUnit Test Summary' artifact