From f4bc741897dcd835b574f22c571f66ec6489a6a6 Mon Sep 17 00:00:00 2001
From: Jonathan Hartman
 <208858388+cx-jonathan-hartman@users.noreply.github.com>
Date: Tue, 16 Jun 2026 17:53:22 -0700
Subject: [PATCH] fix(actions): declare secrets used by reusable workflows

Adds explicit on.workflow_call.secrets declarations for all secrets
referenced in the workflow body, replacing implicit reliance on
callers using secrets: inherit.
---
 .github/workflows/run-projects.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/run-projects.yaml b/.github/workflows/run-projects.yaml
index 83552615..8f04afc7 100644
--- a/.github/workflows/run-projects.yaml
+++ b/.github/workflows/run-projects.yaml
@@ -7,6 +7,17 @@ on:
         description: 'Total number of machines'
         required: true
         type: number
+    secrets:
+      CES_BUCKET_AWS_ACCESS_KEY:
+        required: true
+      CES_BUCKET_AWS_REGION:
+        required: true
+      CES_BUCKET_AWS_SECRET_ACCESS_KEY:
+        required: true
+      CES_EXECUTOR_REPO:
+        required: true
+      CX_CEBOT_GITHUB_TOKEN_CHECKMARX:
+        required: true
 
 env:
   ENGINE: "2ms"