They are different configs. Rails 7.1 added assume_ssl in addition to force_ssl, I have both of mine set to true.

Make sure that the form object that you're passing into the partial is the actual form object and not the widget symbols.

I'm not familiar with Worldline as a merchant service provider. I've mainly used Stripe for payments. What makes them appealing?

Are you using a self-hosted runner or are you using the hosted Github runner?

the step before these should provide the caching. Have a look in the runner logs to see if there are any hints to why it is having to rebuild instead of pulling from these caches.

      - uses: docker/build-push-action@v5
        with:
          context: .
          cache-from: type=gha
          cache-to: type=gha,mode=max

I do not think that OTP are a replacement for passwords as they are two different levels of security. Passwords is something a user knows while OTP is something a user has. I'll have to think about this as a OTP and Passkey cover the same level of security but with different approaches. Passkeys are much more secure than OTP and it baffles me that financial institutions haven't moved over to this technology. I know of someone who was recently social engineered to provide their OTP to a bad actor and they had their bank account drained. The same situation would not have happened if the bank had implemented Passkeys as they are not something that can be shared.