From 711d451badba1332f5cd1ae8d625f781f94fef8f Mon Sep 17 00:00:00 2001
From: Marius Storhaug <marstor@hotmail.com>
Date: Mon, 12 Jan 2026 23:17:07 +0100
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Add=20description?=
 =?UTF-8?q?s=20for=20secrets=20in=20BeforeAll=20and=20AfterAll=20workflows?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/AfterAll-ModuleLocal.yml  | 31 +++++++++++++++++++++
 .github/workflows/BeforeAll-ModuleLocal.yml | 31 +++++++++++++++++++++
 .github/workflows/workflow.yml              | 16 +++++++++++
 3 files changed, 78 insertions(+)

diff --git a/.github/workflows/AfterAll-ModuleLocal.yml b/.github/workflows/AfterAll-ModuleLocal.yml
index 669e136e..14e1941d 100644
--- a/.github/workflows/AfterAll-ModuleLocal.yml
+++ b/.github/workflows/AfterAll-ModuleLocal.yml
@@ -2,12 +2,43 @@ name: AfterAll-ModuleLocal
 
 on:
   workflow_call:
+    secrets:
+      TEST_APP_ENT_CLIENT_ID:
+        description: The client ID of an Enterprise GitHub App for running tests.
+        required: false
+      TEST_APP_ENT_PRIVATE_KEY:
+        description: The private key of an Enterprise GitHub App for running tests.
+        required: false
+      TEST_APP_ORG_CLIENT_ID:
+        description: The client ID of an Organization GitHub App for running tests.
+        required: false
+      TEST_APP_ORG_PRIVATE_KEY:
+        description: The private key of an Organization GitHub App for running tests.
+        required: false
+      TEST_USER_ORG_FG_PAT:
+        description: The fine-grained personal access token with org access for running tests.
+        required: false
+      TEST_USER_USER_FG_PAT:
+        description: The fine-grained personal access token with user account access for running tests.
+        required: false
+      TEST_USER_PAT:
+        description: The classic personal access token for running tests.
+        required: false
     inputs:
       Settings:
         type: string
         description: The complete settings object including test suites.
         required: true
 
+env:
+  TEST_APP_ENT_CLIENT_ID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
+  TEST_APP_ENT_PRIVATE_KEY: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+  TEST_APP_ORG_CLIENT_ID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
+  TEST_APP_ORG_PRIVATE_KEY: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}
+  TEST_USER_ORG_FG_PAT: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+  TEST_USER_USER_FG_PAT: ${{ secrets.TEST_USER_USER_FG_PAT }}
+  TEST_USER_PAT: ${{ secrets.TEST_USER_PAT }}
+
 permissions:
   contents: read # to checkout the repo
 
diff --git a/.github/workflows/BeforeAll-ModuleLocal.yml b/.github/workflows/BeforeAll-ModuleLocal.yml
index 706738c4..0640f026 100644
--- a/.github/workflows/BeforeAll-ModuleLocal.yml
+++ b/.github/workflows/BeforeAll-ModuleLocal.yml
@@ -2,12 +2,43 @@ name: BeforeAll-ModuleLocal
 
 on:
   workflow_call:
+    secrets:
+      TEST_APP_ENT_CLIENT_ID:
+        description: The client ID of an Enterprise GitHub App for running tests.
+        required: false
+      TEST_APP_ENT_PRIVATE_KEY:
+        description: The private key of an Enterprise GitHub App for running tests.
+        required: false
+      TEST_APP_ORG_CLIENT_ID:
+        description: The client ID of an Organization GitHub App for running tests.
+        required: false
+      TEST_APP_ORG_PRIVATE_KEY:
+        description: The private key of an Organization GitHub App for running tests.
+        required: false
+      TEST_USER_ORG_FG_PAT:
+        description: The fine-grained personal access token with org access for running tests.
+        required: false
+      TEST_USER_USER_FG_PAT:
+        description: The fine-grained personal access token with user account access for running tests.
+        required: false
+      TEST_USER_PAT:
+        description: The classic personal access token for running tests.
+        required: false
     inputs:
       Settings:
         type: string
         description: The complete settings object including test suites.
         required: true
 
+env:
+  TEST_APP_ENT_CLIENT_ID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
+  TEST_APP_ENT_PRIVATE_KEY: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+  TEST_APP_ORG_CLIENT_ID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
+  TEST_APP_ORG_PRIVATE_KEY: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}
+  TEST_USER_ORG_FG_PAT: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+  TEST_USER_USER_FG_PAT: ${{ secrets.TEST_USER_USER_FG_PAT }}
+  TEST_USER_PAT: ${{ secrets.TEST_USER_PAT }}
+
 permissions:
   contents: read # to checkout the repo
 
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index fd3fccd4..837b352f 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -157,6 +157,14 @@ jobs:
   BeforeAll-ModuleLocal:
     if: fromJson(needs.Get-Settings.outputs.Settings).Run.BeforeAllModuleLocal && needs.Build-Module.result == 'success' && !cancelled()
     uses: ./.github/workflows/BeforeAll-ModuleLocal.yml
+    secrets:
+      TEST_APP_ENT_CLIENT_ID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
+      TEST_APP_ENT_PRIVATE_KEY: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+      TEST_APP_ORG_CLIENT_ID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
+      TEST_APP_ORG_PRIVATE_KEY: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}
+      TEST_USER_ORG_FG_PAT: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+      TEST_USER_USER_FG_PAT: ${{ secrets.TEST_USER_USER_FG_PAT }}
+      TEST_USER_PAT: ${{ secrets.TEST_USER_PAT }}
     needs:
       - Build-Module
       - Get-Settings
@@ -187,6 +195,14 @@ jobs:
   AfterAll-ModuleLocal:
     if: fromJson(needs.Get-Settings.outputs.Settings).Run.AfterAllModuleLocal && needs.Test-ModuleLocal.result != 'skipped' && always()
     uses: ./.github/workflows/AfterAll-ModuleLocal.yml
+    secrets:
+      TEST_APP_ENT_CLIENT_ID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
+      TEST_APP_ENT_PRIVATE_KEY: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+      TEST_APP_ORG_CLIENT_ID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
+      TEST_APP_ORG_PRIVATE_KEY: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}
+      TEST_USER_ORG_FG_PAT: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+      TEST_USER_USER_FG_PAT: ${{ secrets.TEST_USER_USER_FG_PAT }}
+      TEST_USER_PAT: ${{ secrets.TEST_USER_PAT }}
     needs:
       - Get-Settings
       - Test-ModuleLocal

From 86a715d7cc64784ef63dcf402d0de1c3a1319ed1 Mon Sep 17 00:00:00 2001
From: Marius Storhaug <marstor@hotmail.com>
Date: Mon, 12 Jan 2026 23:48:54 +0100
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A9=B9=20[Patch]:=20Explicitly=20defi?=
 =?UTF-8?q?ne=20secrets=20for=20Test-Module=20and=20Publish-Module=20workf?=
 =?UTF-8?q?lows?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/workflow.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 837b352f..4cc37f8c 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -145,7 +145,6 @@ jobs:
       - Build-Module
       - Get-Settings
     uses: ./.github/workflows/Test-Module.yml
-    secrets: inherit
     with:
       Settings: ${{ needs.Get-Settings.outputs.Settings }}
 
@@ -183,7 +182,14 @@ jobs:
       - Get-Settings
       - BeforeAll-ModuleLocal
     uses: ./.github/workflows/Test-ModuleLocal.yml
-    secrets: inherit
+    secrets:
+      TEST_APP_ENT_CLIENT_ID: ${{ secrets.TEST_APP_ENT_CLIENT_ID }}
+      TEST_APP_ENT_PRIVATE_KEY: ${{ secrets.TEST_APP_ENT_PRIVATE_KEY }}
+      TEST_APP_ORG_CLIENT_ID: ${{ secrets.TEST_APP_ORG_CLIENT_ID }}
+      TEST_APP_ORG_PRIVATE_KEY: ${{ secrets.TEST_APP_ORG_PRIVATE_KEY }}
+      TEST_USER_ORG_FG_PAT: ${{ secrets.TEST_USER_ORG_FG_PAT }}
+      TEST_USER_USER_FG_PAT: ${{ secrets.TEST_USER_USER_FG_PAT }}
+      TEST_USER_PAT: ${{ secrets.TEST_USER_PAT }}
     with:
       Settings: ${{ needs.Get-Settings.outputs.Settings }}
 
@@ -223,7 +229,6 @@ jobs:
       - Test-Module
       - Test-ModuleLocal
     uses: ./.github/workflows/Get-TestResults.yml
-    secrets: inherit
     with:
       Settings: ${{ needs.Get-Settings.outputs.Settings }}
 
@@ -239,7 +244,6 @@ jobs:
       - Test-Module
       - Test-ModuleLocal
     uses: ./.github/workflows/Get-CodeCoverage.yml
-    secrets: inherit
     with:
       Settings: ${{ needs.Get-Settings.outputs.Settings }}
 
@@ -251,7 +255,8 @@ jobs:
   Publish-Module:
     if: fromJson(needs.Get-Settings.outputs.Settings).Run.PublishModule && needs.Get-Settings.result == 'success' && !cancelled() && (needs.Get-TestResults.result == 'success' || needs.Get-TestResults.result == 'skipped') && (needs.Get-CodeCoverage.result == 'success' || needs.Get-CodeCoverage.result == 'skipped') && (needs.Build-Site.result == 'success' || needs.Build-Site.result == 'skipped')
     uses: ./.github/workflows/Publish-Module.yml
-    secrets: inherit
+    secrets:
+      APIKey: ${{ secrets.APIKey }}
     needs:
       - Get-Settings
       - Get-TestResults