docs: document inlined-imports: true for cross-org workflow_call scenarios#24977
Merged
docs: document inlined-imports: true for cross-org workflow_call scenarios#24977
inlined-imports: true for cross-org workflow_call scenarios#24977Conversation
5 tasks
Agent-Logs-Url: https://github.com/github/gh-aw/sessions/74af7846-fbb2-4cc0-84b3-9e85b29dcc28 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Implement inline-imports frontmatter flag for lock files
docs: document Apr 6, 2026
inlined-imports: true for cross-org workflow_call scenarios
Contributor
There was a problem hiding this comment.
Pull request overview
Documents inlined-imports: true as the recommended fix for cross-organization workflow_call failures caused by runtime import checkout limitations, and updates related docs/anchors accordingly.
Changes:
- Restructures imports reference to emphasize “Self-Contained Lock Files” and adds a cross-org
workflow_calluse case + trade-offs. - Updates the central repo ops pattern to describe the current cross-repo checkout mechanism and adds cross-organization guidance.
- Fixes a broken FAQ anchor and adds a new FAQ entry covering the cross-org checkout error and resolution.
Show a summary per file
| File | Description |
|---|---|
| docs/src/content/docs/reference/imports.md | Renames/reframes the inlined-imports: true docs around self-contained lock files and adds cross-org workflow_call guidance. |
| docs/src/content/docs/reference/faq.md | Updates the renamed-section anchor and adds an FAQ entry for cross-org checkout failures. |
| docs/src/content/docs/patterns/central-repo-ops.mdx | Refreshes “How It Works” and adds a cross-organization setup section recommending inlined-imports: true. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 3/3 changed files
- Comments generated: 1
Comment on lines
+416
to
+422
| The setup above works when the caller and callee repositories are in the **same organization** (the `GITHUB_TOKEN` can access internal repos within the org). When the platform repo is in a **different organization**, the caller's `GITHUB_TOKEN` cannot check out the platform repo's files, producing an error such as: | ||
|
|
||
| ``` | ||
| fatal: repository 'https://github.com/other-org/platform-repo/' not found | ||
| ``` | ||
|
|
||
| This ensures the activation job checks out the **platform repo's** `.github` folder — where the workflow markdown and runtime imports live — regardless of which application repo triggered the workflow. For non-`workflow_call` events, the expression falls back to the current repository. | ||
| Use `inlined-imports: true` on the platform workflow to make the lock file self-contained. All imported content is embedded into the `.lock.yml` at compile time and no cross-organization checkout is needed at runtime: |
There was a problem hiding this comment.
The Cross-Organization Setup section states that when the platform repo is in a different organization the caller’s GITHUB_TOKEN cannot check out the platform repo’s files. That failure is specifically for private (or otherwise not publicly readable) repos; a public platform repo is still checkoutable cross-org. Consider qualifying the text (e.g., “different organization and the platform repo is private/not accessible to the caller”) to avoid implying cross-org is always broken.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cross-org
workflow_callfails at activation because the caller'sGITHUB_TOKENcannot check out a platform repo in a different organization. Theinlined-imports: truefrontmatter flag already solves this (embeds all imports into the lock file at compile time, eliminating the cross-org checkout), but was undocumented for this use case.Changes
reference/imports.md— Renamed section to "Self-Contained Lock Files" and restructured around two use cases: cross-orgworkflow_call(new, primary) and repository rulesets (existing). Added trade-off note: larger lock file vs. no cross-org token requirement.patterns/central-repo-ops.mdx— Fixed stale "How It Works" description (was showing the oldgithub.event_name == 'workflow_call'ternary; now describes the actualresolve-host-repo/GITHUB_WORKFLOW_REFapproach). Added "Cross-Organization Setup" section prescribinginlined-imports: truewhen caller and callee are in different orgs.reference/faq.md— Fixed broken anchor caused by section rename. Added FAQ entry for the cross-org checkout error with fix and link.Example