Skip to content

ci: run live keyed test suite on push to main (non-blocking)#132

Merged
martinkersner merged 2 commits into
mainfrom
issue-131-live-keyed-test-suite-ci
Jul 2, 2026
Merged

ci: run live keyed test suite on push to main (non-blocking)#132
martinkersner merged 2 commits into
mainfrom
issue-131-live-keyed-test-suite-ci

Conversation

@martinkersner

Copy link
Copy Markdown
Member

Closes #131

Summary

Adds a dedicated live-tests.yml workflow that runs the FULL suite (integration + smoke lanes) against prod using the DATAMAXI_API_KEY secret, on push to main only. Non-blocking so transient prod-data flakiness never fails a required build.

Separate workflow vs gated job

Chose a separate workflow keyed on on: push: branches: [main] rather than an if: github.ref == ... gated job in python-package.yml. A branch-scoped trigger is the cleanest guarantee the keyed lane never runs on fork/branch pushes, so the secret is never exposed to untrusted refs. It also keeps the required offline matrix build fully untouched.

Behavior

  • Mirrors the offline lane setup (checkout@v4, setup-uv@v6, uv pip install --system -r requirements/requirements-test.txt); single Python 3.12 (no matrix needed for the live lane).
  • continue-on-error: true -> non-blocking. Cold-pod 500s and empty-page premium ValueError (per test: drop flaky-prod xfails; harden premium limit + live-lane timeout #130) won't fail the run.
  • DATAMAXI_TIMEOUT=60 env to tolerate slow cold prod pods (conftest default is 30s).
  • paths-ignore mirrors the offline lane (skip docs/md/license/gitignore-only pushes).

Required manual step

The DATAMAXI_API_KEY repo secret must be added in repo settings (Secrets and variables -> Actions) for this lane to authenticate. Until then the lane runs keyless: conftest resolves no key, both live lanes skipif-skip cleanly, and the non-blocking job stays green. Behavior with the secret absent is acceptable.

Test plan

  • All four workflow YAMLs validated with yaml.safe_load (parse OK).
  • Offline required lane (python-package.yml) unchanged — no edits.
  • New lane is main-only + continue-on-error, so PRs (this one included) do not trigger it.

Separate workflow (on: push: branches: [main]) so fork/branch pushes
never trigger it and DATAMAXI_API_KEY secret is never exposed to
untrusted refs. Runs full suite (integration+smoke) vs prod;
continue-on-error keeps it non-blocking. Bumps DATAMAXI_TIMEOUT=60 for
slow cold pods. Offline required lane untouched.

Closes #131
@martinkersner martinkersner self-assigned this Jul 2, 2026
@martinkersner martinkersner merged commit 61c42d6 into main Jul 2, 2026
5 checks passed
@martinkersner martinkersner deleted the issue-131-live-keyed-test-suite-ci branch July 2, 2026 07:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Run the live/keyed test suite in CI on push to main

1 participant