Fix secret passing to Docker during tests

ppolydoras · ppolydoras · commit d61ac7999c7b · 2025-09-18T11:40:16.000+03:00
- Create test.env file with API keys during test step
- Pass both config.env and test.env to Docker container
- Update README to emphasize UNCOMMENT requirement
- This fixes 'OPENAI_API_KEY is not set' error during tests

IMPORTANT: Projects must uncomment the env variables they need in deploy.yml!
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -243,11 +243,22 @@ jobs:
     - name: Test Docker image with secrets
       run: |
         echo "🧪 Running full test suite with secrets..."
-        # Docker automatically inherits env vars from the workflow env block
+        # Create env file with all current environment variables that might be needed
+        cat > test.env << EOF
+        OPENAI_API_KEY=$OPENAI_API_KEY
+        ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY
+        VERTEC_API_KEY=$VERTEC_API_KEY
+        EOF
+        
+        # Run tests with both config.env and test.env
         docker run --rm \
           --env-file deployment/config.env \
+          --env-file test.env \
           ${{ env.ECR_REPOSITORY }}:${{ github.sha }} \
           just test-all
+        
+        # Clean up
+        rm -f test.env
         echo "✅ All tests passed!"
     
     - name: Push to ECR
diff --git a/.squirro/workflows/build-and-push-to-ecr.yml.template b/.squirro/workflows/build-and-push-to-ecr.yml.template
@@ -211,11 +211,22 @@ jobs:
     - name: Test Docker image with secrets
       run: |
         echo "🧪 Running full test suite with secrets..."
-        # Docker automatically inherits env vars from the workflow env block
+        # Create env file with all current environment variables that might be needed
+        cat > test.env << EOF
+        OPENAI_API_KEY=$OPENAI_API_KEY
+        ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY
+        VERTEC_API_KEY=$VERTEC_API_KEY
+        EOF
+        
+        # Run tests with both config.env and test.env
         docker run --rm \
           --env-file deployment/config.env \
+          --env-file test.env \
           ${{ env.ECR_REPOSITORY }}:${{ github.sha }} \
           just test-all
+        
+        # Clean up
+        rm -f test.env
         echo "✅ All tests passed!"
     
     - name: Push to ECR
diff --git a/README.md b/README.md
@@ -447,16 +447,18 @@ Each project must customize `.github/workflows/deploy.yml` to include its specif
 
 1. Open `.github/workflows/deploy.yml`
 2. Find the `env:` block at the top (after the `on:` section)
-3. Add your project's secrets:
+3. **UNCOMMENT** and customize the secrets your project needs:
    ```yaml
    env:
-     # Your project's secrets
-     OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY || '' }}
-     ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY || '' }}
-     CUSTOM_API_TOKEN: ${{ secrets.CUSTOM_API_TOKEN || '' }}
+     # Example secrets (uncomment and modify for your project):
+     OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY || '' }}  # ← UNCOMMENT THIS!
+     # ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY || '' }}
+     # CUSTOM_API_TOKEN: ${{ secrets.CUSTOM_API_TOKEN || '' }}
    ```
 4. Commit these changes - they're part of your project configuration
 
+⚠️ **IMPORTANT**: The secrets are commented out by default. You MUST uncomment the ones you need!
+
 **Why this approach?**
 - Simple and explicit - you see exactly what secrets your project uses
 - No complex template processing or filtering
