Skip to content

Add GitHub CI workflow for the full test pipeline #84

Description

@aubrypaul

Context

We recently added test coverage for configurable Apps Script authentication modes, including API key and Vertex AI authentication paths.

The test changes are being handled separately first. This issue tracks the follow-up work to add GitHub-side CI support for the full test pipeline, not only the authentication-mode tests.

Goal

Add a GitHub Actions workflow that runs the project’s full test pipeline in CI, while supporting configurable authentication-mode tests safely.

The workflow should validate the codebase broadly, and include the auth-mode tests only when explicitly enabled and properly configured.

Scope

Implement a GitHub Actions workflow that supports:

  • running the standard test pipeline in CI;
  • running syntax or static validation checks where applicable;
  • running Apps Script test functions through clasp where applicable;
  • manual workflow dispatch;
  • optional automatic triggers on pull requests and pushes, if appropriate;
  • inputs or configuration switches to enable or disable API key auth tests;
  • inputs or configuration switches to enable or disable Vertex AI auth tests;
  • repository-level or environment-level configuration overrides;
  • validation of enabled auth modes;
  • validation that required secrets are present before running enabled auth tests;
  • secret-safe clasp setup;
  • execution of the selected Apps Script tests;
  • clear skip logs when an optional auth mode is disabled;
  • clear failure messages when an enabled auth mode is missing credentials.

Expected behavior

The default CI pipeline should run the normal test suite without requiring authentication secrets.

Authentication-mode tests should be opt-in or configuration-based, so the main test pipeline can still run safely in environments where secrets are unavailable.

When API key tests are disabled, CI should skip them explicitly.

When Vertex AI tests are disabled, CI should skip them explicitly.

When an auth mode is enabled but the required secrets are missing, CI should fail clearly without leaking secret values.

When the required secrets are present, CI should run the corresponding Apps Script smoke tests as part of the broader test pipeline.

Documentation

Add documentation covering:

  • what the full CI test pipeline runs;
  • when the workflow runs automatically;
  • how to run the workflow manually;
  • required GitHub secrets for optional auth-mode tests;
  • optional repository or environment variables;
  • behavior of each enable or disable switch;
  • skip behavior;
  • missing-credential failure behavior;
  • how CI configuration maps to local Apps Script Script Properties setup.

Out of scope

  • Changing production authentication behavior;
  • adding new authentication modes;
  • logging or exposing secret values;
  • requiring secrets for the default test pipeline;
  • making optional external-auth smoke tests mandatory for every PR unless explicitly decided.

Acceptance criteria

  • A GitHub Actions workflow exists for the full test pipeline.
  • The standard tests run without requiring auth secrets.
  • The workflow can be triggered manually.
  • The workflow can run on pull requests and/or pushes if configured.
  • API key and Vertex AI auth tests can be enabled or disabled independently.
  • Missing required secrets for enabled optional tests produce clear failures.
  • Disabled optional auth modes produce clear skip logs.
  • Secrets are never printed in logs.
  • Documentation explains CI setup and usage.
  • Existing local test behavior remains unchanged.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions