[Rails]Github Secretsに定義した環境変数"RAILS_SECRET_KEY"が、Github ActionsのCD用ymlで込まれない

Github ActionsでRailsアプリのCI/CDを構築しています。
Github Secretsに定義した環境変数(RAILS_MASTER_KEY)が読み込まれないという問題に遭遇しました。
ご助言をいただけると幸いです。

開発環境

ruby 3.0.1
Rails 6.1.4.4
docker 20.10.12
docker-compos 1.29.2

起きている問題

Github Secretsに環境変数"RAILS_SECRET_KEY"を定義したところ、.github/workflows/ci.ymlでは読み込みに成功し、.github/workflows/cd.ymlでは読み込みに失敗する。
その結果、Actionの中でcredentials.yml.encを参照できずに、デプロイに失敗する。

関連コード

Github Actions"`cd.yml`"のログ

Preparing to unpack .../yarn_1.22.19-1_all.deb ...
Unpacking yarn (1.22.19-1) ...
Setting up nodejs (16.15.0-deb-1nodesource1) ...
Setting up yarn (1.22.19-1) ...
Processing triggers for libc-bin (2.28-10) ...
Removing intermediate container f4c6ae32085f
 ---> 31d1d6f23430
Step 15/23 : COPY ./src /var/www/myapp
 ---> 0f64a1f3786a
Step 16/23 : COPY ./src/entrypoint.sh /usr/bin/
 ---> 506a8cf41485
Step 17/23 : RUN chmod +x /usr/bin/entrypoint.sh
 ---> Running in fd40812a73fc
Removing intermediate container fd40812a73fc
 ---> b5d512066a58
Step 18/23 : ENTRYPOINT ["entrypoint.sh"]
 ---> Running in 99d3882bbb9a
Removing intermediate container 99d3882bbb9a
 ---> a1f89be36d9f
Step 19/23 : RUN bundle exec rails assets:precompile
 ---> Running in 266a8564b5c9
rails aborted!
NoMethodError: undefined method `[]' for nil:NilClass
/var/www/myapp/config/initializers/aws.rb:5:in `<main>'
/var/www/myapp/config/environment.rb:5:in `<main>'
Tasks: TOP => environment
(See full trace by running task with --trace)
The command '/bin/sh -c bundle exec rails assets:precompile' returned a non-zero code: 1
Service 'app' failed to build : Build failed

Error: Process completed with exit code 1.

config/initializers/aws.rb

以下の箇所でRailsのmasterkeyが読み込めていないため、NoMethodErrorが出ていると考えています。

ruby
1require 'aws-sdk'
2
3Aws::Rails.add_action_mailer_delivery_method(
4  :ses,
5  credentials: Aws::Credentials.new(Rails.application.credentials.aws[:access_key_id],
6                                    Rails.application.credentials.aws[:secret_access_key]),
7  region: 'ap-northeast-1'
8)

.github/workflows/ci.yml

CIの場合、RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}が読み込まれてRails Credentialsを参照することができます。

yml
1name: CI
2on:
3  push:
4  pull_request:
5
6jobs:
7  rspec:
8    runs-on: ubuntu-latest
9    defaults:
10      run:
11        working-directory: ./src
12    services:
13      mysql:
14        image: mysql:8.0.28
15        ports:
16          - 3306:3306
17        env:
18          MYSQL_ALLOW_EMPTY_PASSWORD: yes
19          BIND-ADDRESS: 0.0.0.0
20        options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 5
21    env:
22      RAILS_ENV: test
23      MYSQL_DATABASE_HOST: 127.0.0.1
24      RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
25    steps:
26      - uses: actions/checkout@v2.3.4
27      - name: set up ruby
28        uses: ruby/setup-ruby@v1.68.0
29        with:
30          ruby-version: 3.0.1
31          bundler-cache: true
32      - name: cache node modules
33        uses: actions/cache@v2.1.4
34        with:
35          path: node_modules
36          key: ${{ runner.os }}-node-${{ hashFiles('**/yarn.lock') }}
37          restore-keys: ${{ runner.os }}-node-
38      - name: bundle install
39        run: |
40          gem install bundler
41          bundle install --jobs 4 --retry 3 --path vendor/bundle
42      - name: yarn install
43        run:  yarn install --check-files
44      - name: migrate db
45        run: |
46          bundle exec rails db:create
47          bundle exec rails db:test:prepare
48      - name: build tailwind CSS
49        run: bundle exec rails tailwindcss:build
50      - name: run rspec
51        run: bundle exec rspec

.github/workflows/cd.yml

docker-compose -f docker-compose.production.yml buildの部分で、RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}が読み込まれません。

yml
1name: CD
2on:
3  push:
4jobs:
5  ecs_deploy:
6    runs-on: ubuntu-latest
7    # if: ${{ github.event.workflow_run.conclusion == 'success' }}
8    env:
9      RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
10    steps:
11      - uses: actions/checkout@v2
12      - name: aws authentication
13        uses: aws-actions/configure-aws-credentials@v1
14        with:
15          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
16          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
17          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
18      - name : ecr login
19        id: login-ecr
20        uses: aws-actions/amazon-ecr-login@v1
21      - name: build and push
22        id: build-image
23        env:
24          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
25        run: |
26          docker-compose -f docker-compose.production.yml build
27          docker image tag myapp_app $ECR_REGISTRY/app:latest
28          docker image tag myapp_nginx $ECR_REGISTRY/nginx:latest
29          docker push $ECR_REGISTRY/app:latest
30          docker push $ECR_REGISTRY/nginx:latest
31      - name: sleep
32        run: sleep 10
33      - name: update service
34        run: |
35          aws ecs update-service --cluster myapp --service myapp --force-new-deployment

docker-compose.yml

yml
1version: '3'
2
3services:
4  nginx:
5    build:
6      context: .
7      dockerfile: ./nginx/Dockerfile
8    ports:
9      - 80:80
10
11  app:
12    build: 
13      context: .
14      dockerfile: ./src/Dockerfile

docker-compose.production.yml

yml
1version: '3'
2
3services:
4  nginx:
5    extends:
6      file: docker-compose.yml
7      service: nginx
8    container_name: myapp_nginx
9
10  app:
11    extends:
12      file: docker-compose.yml
13      service: app
14    container_name: myapp_app