Do not use secrets in test run #2201

benjamineskola · 2025-03-12T12:11:43Z

This allows them to be used by PRs from forks.

pixeltrix · 2025-03-12T12:40:07Z

.env.test

@@ -2,7 +2,8 @@ DOMAIN="example.com"
 STAGING_API_URL="bops-staging.services"
 STAGING_API_BEARER="fjisdfjsdiofjdsoi"
 OS_VECTOR_TILES_API_KEY="testtest"
-NOTIFY_LETTER_API_KEY='testtest'
+NOTIFY_API_KEY="test_key_for_ci-d64cc892-8848-4663-9544-487551484e9b-d7bc72d1-8e1f-4d5a-a703-de5beecaf4a8"
+NOTIFY_LETTER_API_KEY="test_key_for_ci-d64cc892-8848-4663-9544-487551484e9b-d7bc72d1-8e1f-4d5a-a703-de5beecaf4a8"


Are these real test keys?

Yes. (Have assumed that because it's specifically for testing and therefore doesn't have permission to do anything, it's less of a risk. Can revert and revoke if that's not the case.)

Problem is that we can't keep it in GH Secrets (if we want to allow PRs from forks) and we can't use a fake key because some of the code is actually instantiating Notify, which throws an error if just given a non-uuid like testtest.

We'd have to track down all of those places and mock Notify (which arguably we should have been doing all along.)

Do not use secrets in test run

3a9a502

This allows them to be used by PRs from forks.

benjamineskola force-pushed the fix-fork-ci branch from fb7a7e3 to 3a9a502 Compare March 12, 2025 12:26

pixeltrix reviewed Mar 12, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Do not use secrets in test run #2201

Do not use secrets in test run #2201

benjamineskola commented Mar 12, 2025

pixeltrix Mar 12, 2025

benjamineskola Mar 12, 2025

Do not use secrets in test run #2201

Are you sure you want to change the base?

Do not use secrets in test run #2201

Conversation

benjamineskola commented Mar 12, 2025

pixeltrix Mar 12, 2025

Choose a reason for hiding this comment

benjamineskola Mar 12, 2025

Choose a reason for hiding this comment