From 979e05ce532fe8c45055a06bac27184f24368b28 Mon Sep 17 00:00:00 2001
From: Lucas Santana <lucas.diassantana@gmail.com>
Date: Tue, 10 Mar 2026 15:15:54 -0300
Subject: [PATCH] fix(ci): avoid secrets context in reusable docker guard

---
 .github/workflows/reusable-docker-build.yml |  9 ++++++---
 CHANGELOG.md                                | 13 +++++++++++++
 README.md                                   |  3 +++
 3 files changed, 22 insertions(+), 3 deletions(-)
 create mode 100644 CHANGELOG.md

diff --git a/.github/workflows/reusable-docker-build.yml b/.github/workflows/reusable-docker-build.yml
index caf0cc1..c9819af 100644
--- a/.github/workflows/reusable-docker-build.yml
+++ b/.github/workflows/reusable-docker-build.yml
@@ -72,11 +72,14 @@ jobs:
         uses: docker/setup-qemu-action@v3
 
       - name: Login to Docker Hub
-        if: inputs.push && secrets.DOCKER_USERNAME != ''
+        if: inputs.push && env.DOCKER_USERNAME != ''
+        env:
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
         uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ env.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
         if: inputs.push
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..9769ec9
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,13 @@
+# Changelog
+
+All notable changes to this repository will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Fixed
+
+- `reusable-docker-build.yml`: replaced `secrets.*` usage in Docker Hub login
+  `if` guard with env-backed checks to avoid workflow-file evaluation errors.
diff --git a/README.md b/README.md
index cd42c6b..9d56bde 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,9 @@
 [![Docker](https://img.shields.io/badge/Docker-Ready-2496ED)](https://www.docker.com/)
 [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen)](CONTRIBUTING.md)
 
+> Maintenance (2026-03-10): fixed `reusable-docker-build.yml` so Docker Hub
+> login guards do not use `secrets.*` directly in `if` expressions.
+
 ---
 
 ## Why Forge Space?