[Feature Request]: Review reusable-workflows and "env"-usage

[Chrico]

We need to review all reusable workflows and what they write into env:. GitHub Actions can have access to the env-variables, so we only should write the required information (like the NODE_TOKEN) into the env:-section.

---

_lint-docs.yml

✅ nothing

---

automatic-release.yml

      HAS_CONFIG: false
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
      GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}

---

build-and-push-assets.yml

      NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NODE_CACHE_MODE: ''
      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}
      GITHUB_USER_SSH_PUBLIC_KEY: ${{ secrets.GITHUB_USER_SSH_PUBLIC_KEY }}
      COMPILE_SCRIPT: ''
      TAG_NAME: ''                                     # we'll override if the push is for tag
      TAG_BRANCH_NAME: ''                              # we'll override if the push is for tag
      NO_CHANGES: ''                                   # we'll override if no changes to commit

---

build-assets-compilation.yml

      COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'
      NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NODE_CACHE_MODE: ''
      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}

---

build-plugin-archive.yml

      ENV_VARS: ${{ secrets.ENV_VARS }}
      COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'
      COMPOSER_MIRROR_PATH_REPOS: 1

---

coding-standards-php.yml

      COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'

---

ddev-playwright.yml

      COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NGROK: ${{ secrets.NGROK_AUTH_TOKEN != '' }}
      SSH_KEY: ${{ secrets.SSH_KEY }}
      SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}

---

lint-php.yml

      COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'

---

lint-workflows.yml

✅ nothing

---

static-analysis-js.yml

      NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NODE_CACHE_MODE: ''
      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}

---

static-analysis-php.yml

     COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'

---

tests-unit-js.yml

      NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NODE_CACHE_MODE: ''
      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}

---

tests-unit-php.yml

    COMPOSER_AUTH: '${{ secrets.COMPOSER_AUTH_JSON }}'

---

wp-scripts-lint.yml

      NODE_OPTIONS: ${{ inputs.NODE_OPTIONS }}
      NODE_AUTH_TOKEN: ${{ secrets.NPM_REGISTRY_TOKEN }}
      NODE_CACHE_MODE: ''
      GITHUB_USER_EMAIL: ${{ secrets.GITHUB_USER_EMAIL }}
      GITHUB_USER_NAME: ${{ secrets.GITHUB_USER_NAME }}
      GITHUB_USER_SSH_KEY: ${{ secrets.GITHUB_USER_SSH_KEY }}

Code of Conduct

• I agree to follow this project's Code of Conduct