From fdc044d3f75e5ffccca5ca3415f89c4c9533db7d Mon Sep 17 00:00:00 2001
From: Daniel Kastl <daniel.kastl@gmail.com>
Date: Thu, 20 Nov 2025 10:41:25 +0900
Subject: [PATCH 1/4] Clarify usage of TECHDOCS_AWS_ACCOUNT_ID and
 AWS_ACCOUNT_ID in publish-techdocs documentation

Signed-off-by: Daniel Kastl <daniel.kastl@gmail.com>
---
 docs/workflows.md | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/docs/workflows.md b/docs/workflows.md
index 13dc413..9862e22 100644
--- a/docs/workflows.md
+++ b/docs/workflows.md
@@ -25,9 +25,9 @@ on their own schedule.
 - Runs on `main` when `docs/**` or `mkdocs.yml` changes, or manually via `workflow_dispatch`.
 - Delegates to `reusable-backstage-techdocs.yml@v1` with safe defaults for AWS
   region, environment, and tool versions.
-- Inherits org-level `TECHDOCS_AWS_ACCOUNT_ID` by default; set a repo secret
-  `AWS_ACCOUNT_ID` to override per-repo; role/bucket overrides can be passed via
-  vars or workflow inputs.
+- Uses `TECHDOCS_AWS_ACCOUNT_ID` of `geolonia/.github` repository secret by default;
+  optional inputs allow setting a repo secret `AWS_ACCOUNT_ID` to override on a
+  per-repo basis.
 
 Example minimal usage after selecting the template:
 
@@ -39,9 +39,8 @@ jobs:
     # with:
     #   environment: production
     #   aws_region: ap-northeast-1
-    secrets: 
-      inherit: true
-    # AWS_ACCOUNT_ID: ${{ secrets.TECHDOCS_AWS_ACCOUNT_ID }}
+    # secrets: 
+    #   AWS_ACCOUNT_ID: ${{ secrets.TECHDOCS_AWS_ACCOUNT_ID }}
 ```
 
 ## Release on Tag (`release-auto-on-tag.yml`)
@@ -58,7 +57,6 @@ Example minimal usage:
 jobs:
   publish:
     uses: geolonia/.github/.github/workflows/reusable-release-auto-on-tag.yml@v1
-    secrets: inherit
 ```
 
 ## Updating templates

From f17af546b58addab6fd928db020cff439eb8c33d Mon Sep 17 00:00:00 2001
From: Daniel Kastl <daniel.kastl@gmail.com>
Date: Thu, 20 Nov 2025 10:46:23 +0900
Subject: [PATCH 2/4] Enable secrets inheritance in publish-techdocs workflow

Signed-off-by: Daniel Kastl <daniel.kastl@gmail.com>
---
 workflow-templates/publish-techdocs.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/workflow-templates/publish-techdocs.yml b/workflow-templates/publish-techdocs.yml
index 862395d..6ad60d4 100644
--- a/workflow-templates/publish-techdocs.yml
+++ b/workflow-templates/publish-techdocs.yml
@@ -17,5 +17,6 @@ jobs:
     #   techdocs_bucket: ${{ vars.TECHDOCS_BUCKET }}
     #   techdocs_entity: ${{ vars.TECHDOCS_ENTITY }}
 
-    # secrets:
+    secrets:
+      inherit: true
     #   AWS_ACCOUNT_ID: ${{ secrets.TECHDOCS_AWS_ACCOUNT_ID }}

From 76ac56f56ba982ad69f3ad5da1414d1ed58679b7 Mon Sep 17 00:00:00 2001
From: Daniel Kastl <daniel.kastl@gmail.com>
Date: Thu, 20 Nov 2025 10:50:28 +0900
Subject: [PATCH 3/4] Enable secrets inheritance in publish-techdocs job

Signed-off-by: Daniel Kastl <daniel.kastl@gmail.com>
---
 .github/workflows/publish-techdocs.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/publish-techdocs.yml b/.github/workflows/publish-techdocs.yml
index 061dd70..d20ad24 100644
--- a/.github/workflows/publish-techdocs.yml
+++ b/.github/workflows/publish-techdocs.yml
@@ -11,3 +11,4 @@ on:
 jobs:
   publish:
     uses: geolonia/.github/.github/workflows/reusable-backstage-techdocs.yml@v1
+    secrets: inherit

From 8eeb2e2d5a4b71b1b549dc77c575ecc880c42b0f Mon Sep 17 00:00:00 2001
From: Daniel Kastl <daniel.kastl@gmail.com>
Date: Thu, 20 Nov 2025 10:56:19 +0900
Subject: [PATCH 4/4] Simplify secrets inheritance in publish-techdocs workflow

Signed-off-by: Daniel Kastl <daniel.kastl@gmail.com>
---
 workflow-templates/publish-techdocs.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/workflow-templates/publish-techdocs.yml b/workflow-templates/publish-techdocs.yml
index 6ad60d4..b1638f8 100644
--- a/workflow-templates/publish-techdocs.yml
+++ b/workflow-templates/publish-techdocs.yml
@@ -11,12 +11,10 @@ on:
 jobs:
   publish:
     uses: geolonia/.github/.github/workflows/reusable-backstage-techdocs.yml@v1
+    secrets: inherit
+    # optional inputs can be specified here to override defaults
     # with:
     #   environment: production
     #   aws_region: ap-northeast-1
     #   techdocs_bucket: ${{ vars.TECHDOCS_BUCKET }}
     #   techdocs_entity: ${{ vars.TECHDOCS_ENTITY }}
-
-    secrets:
-      inherit: true
-    #   AWS_ACCOUNT_ID: ${{ secrets.TECHDOCS_AWS_ACCOUNT_ID }}