ci: pass secrets to docker and packages workflows

.github/workflows/_push-entrypoint.yaml

@@ -109,6 +109,7 @@ jobs:
       elixir_vsn: ${{ needs.prepare.outputs.elixir_vsn }}
       runner: ${{ needs.prepare.outputs.runner }}
       builder_vsn: ${{ needs.prepare.outputs.builder_vsn }}
+    secrets: inherit
 
   build_and_push_docker_images:
     if: ${{ needs.prepare.outputs.release == 'true' }}
@@ -126,6 +127,7 @@ jobs:
       # workaround: self-hosted runners do not have access to org-level secrets?
       runner: ubuntu-22.04
       builder_vsn: ${{ needs.prepare.outputs.builder_vsn }}
+    secrets: inherit
 
   compile:
     runs-on: ${{ needs.prepare.outputs.runner }}

.github/workflows/build_and_push_docker_images.yaml

@@ -34,6 +34,15 @@ on:
       builder_vsn:
         required: true
         type: string
+    secrets:
+      DOCKER_HUB_USER:
+        required: true
+      DOCKER_HUB_TOKEN:
+        required: true
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
   workflow_dispatch:
     inputs:
       ref:

.github/workflows/build_packages.yaml

@@ -25,6 +25,25 @@ on:
       builder_vsn:
         required: true
         type: string
+    secrets:
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+      AWS_DEFAULT_REGION:
+        required: true
+      AWS_S3_BUCKET:
+        required: true
+      AWS_CLOUDFRONT_ID:
+        required: true
+      APPLE_ID_PASSWORD:
+        required: true
+      APPLE_DEVELOPER_IDENTITY:
+        required: true
+      APPLE_DEVELOPER_ID_BUNDLE:
+        required: true
+      APPLE_DEVELOPER_ID_BUNDLE_PASSWORD:
+        required: true
   workflow_dispatch:
     inputs:
       ref: