[Rails]Github Secretsに定義した環境変数"RAILS_SECRET_KEY"が、Github ActionsのCD用ymlで込まれない

Github ActionsでRailsアプリのCI/CDを構築しています。
Github Secretsに定義した環境変数(RAILS_MASTER_KEY)が読み込まれないという問題に遭遇しました。
ご助言をいただけると幸いです。

開発環境

ruby 3.0.1
Rails 6.1.4.4
docker 20.10.12
docker-compos 1.29.2

起きている問題

Github Secretsに環境変数"RAILS_SECRET_KEY"を定義したところ、.github/workflows/ci.ymlでは読み込みに成功し、.github/workflows/cd.ymlでは読み込みに失敗する。
その結果、Actionの中でcredentials.yml.encを参照できずに、デプロイに失敗する。

関連コード

Github Actions"`cd.yml`"のログ

Preparing to unpack .../yarn_1.22.19-1_all.deb ...
Unpacking yarn (1.22.19-1) ...
Setting up nodejs (16.15.0-deb-1nodesource1) ...
Setting up yarn (1.22.19-1) ...
Processing triggers for libc-bin (2.28-10) ...
Removing intermediate container f4c6ae32085f
 ---> 31d1d6f23430
Step 15/23 : COPY ./src /var/www/myapp
 ---> 0f64a1f3786a
Step 16/23 : COPY ./src/entrypoint.sh /usr/bin/
 ---> 506a8cf41485
Step 17/23 : RUN chmod +x /usr/bin/entrypoint.sh
 ---> Running in fd40812a73fc
Removing intermediate container fd40812a73fc
 ---> b5d512066a58
Step 18/23 : ENTRYPOINT ["entrypoint.sh"]
 ---> Running in 99d3882bbb9a
Removing intermediate container 99d3882bbb9a
 ---> a1f89be36d9f
Step 19/23 : RUN bundle exec rails assets:precompile
 ---> Running in 266a8564b5c9
rails aborted!
NoMethodError: undefined method `[]' for nil:NilClass
/var/www/myapp/config/initializers/aws.rb:5:in `<main>'
/var/www/myapp/config/environment.rb:5:in `<main>'
Tasks: TOP => environment
(See full trace by running task with --trace)
The command '/bin/sh -c bundle exec rails assets:precompile' returned a non-zero code: 1
Service 'app' failed to build : Build failed

Error: Process completed with exit code 1.

config/initializers/aws.rb

以下の箇所でRailsのmasterkeyが読み込めていないため、NoMethodErrorが出ていると考えています。

ruby
require 'aws-sdk'

Aws::Rails.add_action_mailer_delivery_method(
  :ses,
  credentials: Aws::Credentials.new(Rails.application.credentials.aws[:access_key_id],
                                    Rails.application.credentials.aws[:secret_access_key]),
  region: 'ap-northeast-1'
)

.github/workflows/ci.yml

CIの場合、RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}が読み込まれてRails Credentialsを参照することができます。

yml
name: CI
on:
  push:
  pull_request:

jobs:
  rspec:
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./src
    services:
      mysql:
        image: mysql:8.0.28
        ports:
          - 3306:3306
        env:
          MYSQL_ALLOW_EMPTY_PASSWORD: yes
          BIND-ADDRESS: 0.0.0.0
        options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 5
    env:
      RAILS_ENV: test
      MYSQL_DATABASE_HOST: 127.0.0.1
      RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
    steps:
      - uses: actions/checkout@v2.3.4
      - name: set up ruby
        uses: ruby/setup-ruby@v1.68.0
        with:
          ruby-version: 3.0.1
          bundler-cache: true
      - name: cache node modules
        uses: actions/cache@v2.1.4
        with:
          path: node_modules
          key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
          restore-keys: ${{ runner.os }}-node-
      - name: bundle install
        run: |
          gem install bundler
          bundle install --jobs 4 --retry 3 --path vendor/bundle
      - name: yarn install
        run:  yarn install --check-files
      - name: migrate db
        run: |
          bundle exec rails db:create
          bundle exec rails db:test:prepare
      - name: build tailwind CSS
        run: bundle exec rails tailwindcss:build
      - name: run rspec
        run: bundle exec rspec

.github/workflows/cd.yml

docker-compose -f docker-compose.production.yml buildの部分で、RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}が読み込まれません。

yml
name: CD
on:
  push:
jobs:
  ecs_deploy:
    runs-on: ubuntu-latest
    # if: ${{ github.event.workflow_run.conclusion == 'success' }}
    env:
      RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
    steps:
      - uses: actions/checkout@v2
      - name: aws authentication
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
      - name : ecr login
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: build and push
        id: build-image
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        run: |
          docker-compose -f docker-compose.production.yml build
          docker image tag myapp_app $ECR_REGISTRY/app:latest
          docker image tag myapp_nginx $ECR_REGISTRY/nginx:latest
          docker push $ECR_REGISTRY/app:latest
          docker push $ECR_REGISTRY/nginx:latest
      - name: sleep
        run: sleep 10
      - name: update service
        run: |
          aws ecs update-service --cluster myapp --service myapp --force-new-deployment

docker-compose.yml

yml
version: '3'

services:
  nginx:
    build:
      context: .
      dockerfile: ./nginx/Dockerfile
    ports:
      - 80:80

  app:
    build: 
      context: .
      dockerfile: ./src/Dockerfile

docker-compose.production.yml

yml
version: '3'

services:
  nginx:
    extends:
      file: docker-compose.yml
      service: nginx
    container_name: myapp_nginx

  app:
    extends:
      file: docker-compose.yml
      service: app
    container_name: myapp_app