From bd020d84be08ca8034ea638aed07eb9409d2c86b Mon Sep 17 00:00:00 2001 From: Hongming Wang Date: Tue, 21 Apr 2026 11:24:59 -0700 Subject: [PATCH] ci(e2e): wire MOLECULE_STAGING_OPENAI_KEY into workflow env MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The harness needs E2E_OPENAI_API_KEY set for Hermes workspaces to boot — without it the runtime crashes with "No provider API key found" and workspaces never hit online. Preflight step fails fast with a clear error if the repo secret is missing, so CI doesn't burn 10 minutes on a foregone conclusion. Repo secret to add: Settings → Secrets → Actions → MOLECULE_STAGING_OPENAI_KEY. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/e2e-staging-saas.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/e2e-staging-saas.yml b/.github/workflows/e2e-staging-saas.yml index c43e1200..c1e2b878 100644 --- a/.github/workflows/e2e-staging-saas.yml +++ b/.github/workflows/e2e-staging-saas.yml @@ -78,6 +78,10 @@ jobs: # retrieval + teardown. Configure in # Settings → Secrets and variables → Actions → Repository secrets. MOLECULE_ADMIN_TOKEN: ${{ secrets.MOLECULE_STAGING_ADMIN_TOKEN }} + # OpenAI key for workspace LLM calls (section 8 A2A). Without it, + # Hermes runtime crashes at boot with "No provider API key found". + # Configure at Settings → Secrets → Actions → MOLECULE_STAGING_OPENAI_KEY. + E2E_OPENAI_API_KEY: ${{ secrets.MOLECULE_STAGING_OPENAI_KEY }} E2E_RUNTIME: ${{ github.event.inputs.runtime || 'hermes' }} E2E_RUN_ID: "${{ github.run_id }}-${{ github.run_attempt }}" E2E_KEEP_ORG: ${{ github.event.inputs.keep_org && '1' || '0' }} @@ -93,6 +97,14 @@ jobs: fi echo "Admin token present ✓" + - name: Verify OpenAI key present + run: | + if [ -z "$E2E_OPENAI_API_KEY" ]; then + echo "::error::MOLECULE_STAGING_OPENAI_KEY secret not set — workspaces will fail at boot with 'No provider API key found'" + exit 2 + fi + echo "OpenAI key present ✓ (len=${#E2E_OPENAI_API_KEY})" + - name: CP staging health preflight run: | code=$(curl -sS -o /dev/null -w "%{http_code}" --max-time 10 "$MOLECULE_CP_URL/health")