fix(ci): use literal ROCKETRIDE_APIKEY in Test step instead of secret#742
Merged
fix(ci): use literal ROCKETRIDE_APIKEY in Test step instead of secret#742
Conversation
Replace \`ROCKETRIDE_APIKEY: \${{ secrets.ROCKETRIDE_APIKEY }}\` with a
literal \`MYAPIKEY\` in the Test step env block.
Why this is unblocking the queue
--------------------------------
PR #712 set up the env var to fix "No authentication configured" failures
in client-python integration tests. Its own inline comment correctly
noted that "the secret value itself doesn't matter — it just has to
match between server and client in this single CI run." Sourcing it
from \`secrets.ROCKETRIDE_APIKEY\` introduced an empty-string failure
mode that we hit:
1. The secret was created on 2026-04-27, has not been updated since,
and may be set to "" (or rotated to a value the engine no longer
accepts).
2. When that happens, the workflow silently expands the expression to
\`ROCKETRIDE_APIKEY=""\` for the Test step.
3. The test client reads it via \`os.getenv('ROCKETRIDE_APIKEY',
'MYAPIKEY')\`. \`os.getenv\` returns the empty string when the
variable is set-but-empty — NOT the default — so the client
authenticates with \`""\`.
4. The server (running in the same step) sees the same empty key and
responds AuthenticationException.
5. All 48 client-python integration tests fail uniformly across
Ubuntu, Windows, and macOS (which is what's been happening on
develop's most recent runs and on PRs #715, #728, #738).
Using a literal value eliminates the entire failure mode without
changing observable behaviour: the value still isn't a secret (the
inline comment was always explicit on this), it never leaves the runner,
and it matches the "MYAPIKEY" dev key the engine already recognises
elsewhere in the codebase (\`.env.template\`).
Together with #734 (the sequential test execution flag, already on
develop) this should clear both failure modes that have been blocking
PRs since yesterday.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Caution Review failedThe pull request is closed. ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe CI workflow's Test job environment configuration is updated to set Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~5 minutes Possibly related PRs
Suggested labels
Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.Comment |
|
No description provided. |
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace
ROCKETRIDE_APIKEY: ${{ secrets.ROCKETRIDE_APIKEY }}with a literalMYAPIKEYin the Test step's env block. Companion fix to #734 — together they clear the two CI/CD failure modes that have been blocking the queue.Why
PR #712 added the env var to unblock client-python integration tests. Its own inline comment correctly noted that "the secret value itself doesn't matter — it just has to match between server and client in this single CI run". Sourcing it from
secrets.ROCKETRIDE_APIKEYintroduced an empty-string failure mode:""(or rotated to a value the engine no longer accepts), the workflow silently expands the expression toROCKETRIDE_APIKEY="".os.getenv('ROCKETRIDE_APIKEY', 'MYAPIKEY').os.getenvreturns the empty string when the variable is set-but-empty — not the default — so the client authenticates with"".AuthenticationException, and all 48 client-python tests fail uniformly across Ubuntu / Windows / macOS.That's exactly the symptom on develop's most recent CI run and on PRs #715, #728, #738.
A literal eliminates the failure mode without changing observable behaviour. The value isn't a secret (the inline comment was always explicit on this), never leaves the runner, and matches the existing
MYAPIKEYplaceholder used elsewhere (.env.template, the engine's built-in dev key).Test plan
python3 -c "import yaml; yaml.safe_load(...)").🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes
This release contains internal infrastructure updates with no user-facing changes.