fsecada01/Pygentic-AI
0
0
Fork 0
mirror of https://github.com/fsecada01/Pygentic-AI.git synced 2026-05-13 12:44:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
80bb08eb5127898ca94e708b913cefff2a61acf2
Pygentic-AI/.github/workflows/test.yml
Francis Secada 80bb08eb51 fix(ci): use GitHub secrets instead of hardcoded test values 
BREAKING: Previous commit used hardcoded test values (security risk)

Changes:
- Replace all hardcoded env vars with ${{ secrets.* }}
- Use existing GitHub secrets configured via 'gh secret set'
- Maintain proper secret isolation in CI/CD

Secrets used:
- SECRET_KEY, DEBUG, HTTPS_ONLY, SERVER_ENV
- Database: SQL_DIALECT, LOCAL_DB_*, CLOUD_DB_*
- API Keys: OPENAI_*, TAVILY_API_KEY
- Reddit: REDDIT_*

Benefits:
-  No secrets exposed in YAML file
-  Uses existing secret management infrastructure
-  Proper separation of concerns
-  Secrets can be rotated via 'gh secret set'

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-04 16:20:22 -05:00

73 lines
2.3 KiB
YAML
Raw Blame History

name: Tests
on:
push:
branches: [main, dev_deploy]
pull_request:
branches: [main, dev_deploy]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.13"]
steps:
- uses: actions/checkout@v4
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install uv
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Install dependencies
run: |
uv sync --group test
- name: Run tests
run: |
uv run pytest --cov=src --cov-report=xml --cov-report=term
env:
PYTHONPATH: src
TESTING: "true"
# Security
SECRET_KEY: ${{ secrets.SECRET_KEY }}
DEBUG: ${{ secrets.DEBUG }}
HTTPS_ONLY: ${{ secrets.HTTPS_ONLY }}
SERVER_ENV: ${{ secrets.SERVER_ENV }}
# Database
SQL_DIALECT: ${{ secrets.SQL_DIALECT }}
LOCAL_DB_UN: ${{ secrets.LOCAL_DB_UN }}
LOCAL_DB_PW: ${{ secrets.LOCAL_DB_PW }}
LOCAL_DB_DB: ${{ secrets.LOCAL_DB_DB }}
LOCAL_DB_HOST: ${{ secrets.LOCAL_DB_HOST }}
LOCAL_DB_PORT: ${{ secrets.LOCAL_DB_PORT }}
CLOUD_DB_UN: ${{ secrets.CLOUD_DB_UN }}
CLOUD_DB_PW: ${{ secrets.CLOUD_DB_PW }}
CLOUD_DB_DB: ${{ secrets.CLOUD_DB_DB }}
CLOUD_DB_HOST: ${{ secrets.CLOUD_DB_HOST }}
CLOUD_DB_PORT: ${{ secrets.CLOUD_DB_PORT }}
# API Keys
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
OPENAI_MODEL: ${{ secrets.OPENAI_MODEL }}
TAVILY_API_KEY: ${{ secrets.TAVILY_API_KEY }}
# Reddit
REDDIT_CLIENT_ID: ${{ secrets.REDDIT_CLIENT_ID }}
REDDIT_CLIENT_SECRET: ${{ secrets.REDDIT_CLIENT_SECRET }}
REDDIT_USER_AGENT: ${{ secrets.REDDIT_USER_AGENT }}
REDDIT_SUBREDDIT: ${{ secrets.REDDIT_SUBREDDIT }}
REDDIT_MAX_INSIGHTS: ${{ secrets.REDDIT_MAX_INSIGHTS }}
REDDIT_MAX_INSIGHT_LENGTH: ${{ secrets.REDDIT_MAX_INSIGHT_LENGTH }}
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
file: ./coverage.xml
fail_ci_if_error: false
Reference in New Issue View Git Blame Copy Permalink