Skip to content

test: WORKFLOW TEST: DO NOT MERGE (Delete after ENG-2146) Dashboard code only change #4197

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
mcstepp wants to merge 13 commits into from
Closed

test: WORKFLOW TEST: DO NOT MERGE (Delete after ENG-2146) Dashboard code only change #4197

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1b03f3d
feat: exclude markdown and txt files from dashboard workflow triggers
mcstepp Oct 28, 2025
ea2f11c
feat: add dashboard-specific workflow checks
mcstepp Oct 28, 2025
2e53bc8
fix: add required env vars for dashboard build
mcstepp Oct 28, 2025
1f9a43a
fix: improve markdown exclusion pattern with both root and nested paths
mcstepp Oct 28, 2025
641a4c2
fix: use extglob syntax for dashboard and go filters to avoid picomat…
mcstepp Oct 28, 2025
a62e31e
fix: correct operator precedence in build and test_api job conditions
mcstepp Oct 28, 2025
750111b
test: dashboard code change
mcstepp Oct 28, 2025
4d38cf8
fix: remove typecheck step (build catches TS errors), keep lint and b…
mcstepp Oct 28, 2025
7ef2002
Merge branch 'ENG-2146-dashboard-workflow' into test/dashboard-code-c…
mcstepp Oct 28, 2025
c4fed46
rename workflow to match naming conventions
mcstepp Oct 30, 2025
d735523
Merge branch 'ENG-2146-dashboard-workflow' into test/dashboard-code-c…
mcstepp Oct 30, 2025
4af3b43
fix: remove lint step (handled by autofix.ci with Biome)
mcstepp Oct 30, 2025
9aa744b
Merge branch 'ENG-2146-dashboard-workflow' into test/dashboard-code-c…
mcstepp Oct 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 17 additions & 5 deletions .github/workflows/job_detect_changes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,12 +74,25 @@ jobs:

# Dashboard application and its dependencies
dashboard:
- 'apps/dashboard/**'
- 'internal/ui/**'
- 'apps/dashboard/**/!(*.md|*.txt)'
- 'apps/dashboard/!(*.md|*.txt)'
- 'internal/billing/**'
- 'internal/clickhouse/**'
- 'internal/db/**'
- 'internal/encryption/**'
- 'internal/events/**'
- 'internal/hash/**'
- 'internal/icons/**'
- 'internal/id/**'
- 'internal/keys/**'
- 'internal/proto/**'
- 'internal/resend/**'
- 'internal/schema/**'
- 'internal/ui/**'
- 'internal/validation/**'
- 'internal/vercel/**'
- 'packages/error/**'
- 'packages/rbac/**'

# Agent application (Go-based)
agent:
Expand All @@ -91,9 +104,8 @@ jobs:

# Go services (API v2, Ctrl, Deploy services)
go:
- 'go/**'
- '!go/benchmarks/**'
- '!go/demo_api/**'
- 'go/!(benchmarks|demo_api)/**'
- 'go/!(benchmarks|demo_api)'

# ClickHouse schema and related
clickhouse:
Expand Down
37 changes: 37 additions & 0 deletions .github/workflows/job_test_dashboard.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: Test Dashboard
on:
workflow_call:
permissions:
contents: read
jobs:
test:
name: Test Dashboard
runs-on: depot-ubuntu-24.04-4
steps:
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
- name: Setup Node
uses: ./.github/actions/setup-node
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Test
run: pnpm turbo run test --filter=@unkey/dashboard
env:
CI: 1
- name: Build
run: pnpm turbo run build --filter=@unkey/dashboard
env:
CI: 1
DATABASE_HOST: localhost:8080
DATABASE_USERNAME: unkey
DATABASE_PASSWORD: password
DATABASE_NAME: unkey
UNKEY_WORKSPACE_ID: "not-empty"
UNKEY_API_ID: "not-empty"
UNKEY_WEBHOOK_KEYS_API_ID: "not-empty"
AGENT_URL: "http://localhost:8080"
AGENT_TOKEN: "not-empty"
AUTH_PROVIDER: "workos"
WORKOS_CLIENT_ID: "client_"
WORKOS_API_KEY: "sk_test_"
WORKOS_COOKIE_PASSWORD: "IAMACOOKIEPASSWORD"
NEXT_PUBLIC_WORKOS_REDIRECT_URI: "http://localhost:3000/auth/sso-callback"
Comment on lines +22 to +37
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Document or externalize hardcoded credentials.

The workflow contains hardcoded test/placeholder credentials (e.g., WORKOS_CLIENT_ID: "client_", WORKOS_API_KEY: "sk_test_", AGENT_TOKEN: "not-empty"). While these appear to be safe test values, they should be:

  1. Clearly documented as test/placeholder values in a comment if intentional.
  2. Moved to GitHub Secrets if they need to be sensitive or change frequently.
  3. Verified to not contain any actual credentials or PII.

Apply this diff to add clarifying documentation and consider externalizing sensitive values:

      - name: Build
        run: pnpm turbo run build --filter=@unkey/dashboard
        env:
+         # Test/placeholder configuration for dashboard build in CI
          CI: 1
          DATABASE_HOST: localhost:8080
          DATABASE_USERNAME: unkey
          DATABASE_PASSWORD: password
          DATABASE_NAME: unkey
          UNKEY_WORKSPACE_ID: "not-empty"
          UNKEY_API_ID: "not-empty"
          UNKEY_WEBHOOK_KEYS_API_ID: "not-empty"
          AGENT_URL: "http://localhost:8080"
          AGENT_TOKEN: "not-empty"
          AUTH_PROVIDER: "workos"
          WORKOS_CLIENT_ID: "client_"
          WORKOS_API_KEY: "sk_test_"
          WORKOS_COOKIE_PASSWORD: "IAMACOOKIEPASSWORD"
          NEXT_PUBLIC_WORKOS_REDIRECT_URI: "http://localhost:3000/auth/sso-callback"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
env:
CI: 1
DATABASE_HOST: localhost:8080
DATABASE_USERNAME: unkey
DATABASE_PASSWORD: password
DATABASE_NAME: unkey
UNKEY_WORKSPACE_ID: "not-empty"
UNKEY_API_ID: "not-empty"
UNKEY_WEBHOOK_KEYS_API_ID: "not-empty"
AGENT_URL: "http://localhost:8080"
AGENT_TOKEN: "not-empty"
AUTH_PROVIDER: "workos"
WORKOS_CLIENT_ID: "client_"
WORKOS_API_KEY: "sk_test_"
WORKOS_COOKIE_PASSWORD: "IAMACOOKIEPASSWORD"
NEXT_PUBLIC_WORKOS_REDIRECT_URI: "http://localhost:3000/auth/sso-callback"
env:
# Test/placeholder configuration for dashboard build in CI
CI: 1
DATABASE_HOST: localhost:8080
DATABASE_USERNAME: unkey
DATABASE_PASSWORD: password
DATABASE_NAME: unkey
UNKEY_WORKSPACE_ID: "not-empty"
UNKEY_API_ID: "not-empty"
UNKEY_WEBHOOK_KEYS_API_ID: "not-empty"
AGENT_URL: "http://localhost:8080"
AGENT_TOKEN: "not-empty"
AUTH_PROVIDER: "workos"
WORKOS_CLIENT_ID: "client_"
WORKOS_API_KEY: "sk_test_"
WORKOS_COOKIE_PASSWORD: "IAMACOOKIEPASSWORD"
NEXT_PUBLIC_WORKOS_REDIRECT_URI: "http://localhost:3000/auth/sso-callback"
🤖 Prompt for AI Agents 
.github/workflows/job_dashboard_checks.yaml lines 20-35: the workflow currently
defines hardcoded placeholder credentials (WORKOS_CLIENT_ID, WORKOS_API_KEY,
AGENT_TOKEN, etc.); update the file by (1) adding an inline comment above these
env vars noting they are test/placeholder values only, (2) replace any values
that should be treated as secrets with references to GitHub Secrets (e.g., use
the actions secrets context for WORKOS_API_KEY, AGENT_TOKEN, DATABASE_PASSWORD,
etc.), and (3) add a checklist comment to verify none of the values contain real
credentials or PII before merging; ensure you do not commit any actual secret
values when switching to secrets.

9 changes: 7 additions & 2 deletions .github/workflows/pr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,21 @@ jobs:
uses: ./.github/workflows/job_test_unit.yaml
build:
name: Build
if: (github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request' && needs.detect_changes.result == 'success' && (needs.detect_changes.outputs.api == 'true' || needs.detect_changes.outputs.packages == 'true')
if: ((github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request') && needs.detect_changes.result == 'success' && (needs.detect_changes.outputs.api == 'true' || needs.detect_changes.outputs.packages == 'true')
needs: [detect_changes]
uses: ./.github/workflows/build.yaml
test_api:
name: Test API
if: (github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request' && needs.detect_changes.result == 'success' && (needs.detect_changes.outputs.api == 'true' || needs.detect_changes.outputs.packages == 'true')
if: ((github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request') && needs.detect_changes.result == 'success' && (needs.detect_changes.outputs.api == 'true' || needs.detect_changes.outputs.packages == 'true')
needs: [detect_changes]
uses: ./.github/workflows/job_test_api_local.yaml
test_go_api_local:
name: Test Go API Local
if: ((github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request') && needs.detect_changes.result == 'success' && needs.detect_changes.outputs.go == 'true'
needs: [detect_changes]
uses: ./.github/workflows/job_test_go_api_local.yaml
test_dashboard:
name: Test Dashboard
if: ((github.event_name == 'pull_request' && github.event.pull_request.draft == false) || github.event_name != 'pull_request') && needs.detect_changes.result == 'success' && needs.detect_changes.outputs.dashboard == 'true'
needs: [detect_changes]
uses: ./.github/workflows/job_test_dashboard.yaml
Empty file added apps/dashboard/test-file.tsx
View file
Open in desktop
Empty file.