Skip to content

ci(e2e): use INTEGRATION_STAGING_INSTANCE_KEYS for mobile-e2e workflow #8498

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wobsoriano merged 2 commits into from
May 7, 2026
+58 −31
Merged

ci(e2e): use INTEGRATION_STAGING_INSTANCE_KEYS for mobile-e2e workflow #8498

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
605ee4e
ci(e2e): use INTEGRATION_STAGING_INSTANCE_KEYS for mobile-e2e workflow
chriscanin May 7, 2026
52a3d24
ci(e2e): extract instance-key resolution into Node helper
chriscanin May 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 7 additions & 31 deletions .github/workflows/mobile-e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
# and runs Maestro flows on iOS simulator and Android emulator.
#
# Secrets:
# INTEGRATION_INSTANCE_KEYS — JSON map of named test instances
# INTEGRATION_STAGING_INSTANCE_KEYS — JSON map of named staging test instances
# ({ "<name>": { "pk": "pk_test_...", "sk": "sk_test_..." } }).
# Same secret used by /integration (Playwright). We read the entry named
# EXPO_INSTANCE_NAME (set in env: below).
# Same secret used by /integration (Playwright) staging jobs. We read the
# entry named EXPO_INSTANCE_NAME (set in env: below).
#
# Test users are provisioned per-run via Clerk Backend API and deleted at
# teardown — same pattern as /integration's createBapiUser.
Expand Down Expand Up @@ -69,20 +69,8 @@ jobs:
- name: Resolve Clerk instance keys
id: keys
env:
INTEGRATION_INSTANCE_KEYS: ${{ secrets.INTEGRATION_INSTANCE_KEYS }}
run: |
if [ -z "$INTEGRATION_INSTANCE_KEYS" ]; then
echo "::error::INTEGRATION_INSTANCE_KEYS secret is not set"
exit 1
fi
pk=$(echo "$INTEGRATION_INSTANCE_KEYS" | jq -er ".[\"$EXPO_INSTANCE_NAME\"].pk") || {
echo "::error::No entry '$EXPO_INSTANCE_NAME' found in INTEGRATION_INSTANCE_KEYS"
exit 1
}
sk=$(echo "$INTEGRATION_INSTANCE_KEYS" | jq -er ".[\"$EXPO_INSTANCE_NAME\"].sk")
echo "::add-mask::$sk"
echo "pk=$pk" >> "$GITHUB_OUTPUT"
echo "sk=$sk" >> "$GITHUB_OUTPUT"
INTEGRATION_STAGING_INSTANCE_KEYS: ${{ secrets.INTEGRATION_STAGING_INSTANCE_KEYS }}
run: node scripts/resolve-instance-keys.mjs INTEGRATION_STAGING_INSTANCE_KEYS "$EXPO_INSTANCE_NAME"

- name: Write quickstart .env
working-directory: clerk-expo-quickstart/NativeComponentQuickstart
Expand Down Expand Up @@ -186,20 +174,8 @@ jobs:
- name: Resolve Clerk instance keys
id: keys
env:
INTEGRATION_INSTANCE_KEYS: ${{ secrets.INTEGRATION_INSTANCE_KEYS }}
run: |
if [ -z "$INTEGRATION_INSTANCE_KEYS" ]; then
echo "::error::INTEGRATION_INSTANCE_KEYS secret is not set"
exit 1
fi
pk=$(echo "$INTEGRATION_INSTANCE_KEYS" | jq -er ".[\"$EXPO_INSTANCE_NAME\"].pk") || {
echo "::error::No entry '$EXPO_INSTANCE_NAME' found in INTEGRATION_INSTANCE_KEYS"
exit 1
}
sk=$(echo "$INTEGRATION_INSTANCE_KEYS" | jq -er ".[\"$EXPO_INSTANCE_NAME\"].sk")
echo "::add-mask::$sk"
echo "pk=$pk" >> "$GITHUB_OUTPUT"
echo "sk=$sk" >> "$GITHUB_OUTPUT"
INTEGRATION_STAGING_INSTANCE_KEYS: ${{ secrets.INTEGRATION_STAGING_INSTANCE_KEYS }}
run: node scripts/resolve-instance-keys.mjs INTEGRATION_STAGING_INSTANCE_KEYS "$EXPO_INSTANCE_NAME"

- name: Write quickstart .env
working-directory: clerk-expo-quickstart/NativeComponentQuickstart
Expand Down
51 changes: 51 additions & 0 deletions scripts/resolve-instance-keys.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env node

/**
* Resolves Clerk pk/sk for a named test instance from a JSON-encoded env var
* (e.g. INTEGRATION_INSTANCE_KEYS / INTEGRATION_STAGING_INSTANCE_KEYS).
*
* Usage:
* node scripts/resolve-instance-keys.mjs <SECRET_ENV_VAR> <INSTANCE_NAME>
*
* Writes pk and sk as GitHub Actions step outputs to $GITHUB_OUTPUT and masks
* sk in the runner logs. Exits non-zero with a ::error:: annotation if the
* env var is missing, malformed, or doesn't contain the requested instance.
*/

import { appendFileSync } from 'node:fs';

const fail = msg => {
console.error(`::error::${msg}`);
process.exit(1);
};

const [, , secretVar, instanceName] = process.argv;
if (!secretVar || !instanceName) {
fail('Usage: resolve-instance-keys.mjs <SECRET_ENV_VAR> <INSTANCE_NAME>');
}

const raw = process.env[secretVar];
if (!raw) fail(`${secretVar} secret is not set`);

let parsed;
try {
parsed = JSON.parse(raw);
} catch (err) {
fail(`Failed to parse ${secretVar} as JSON: ${err.message}`);
}

if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
fail(`Expected ${secretVar} to be a JSON object of instance entries`);
}

const entry = parsed[instanceName];
if (!entry) fail(`No entry '${instanceName}' found in ${secretVar}`);

const { pk, sk } = entry;
if (!pk) fail(`Entry '${instanceName}' in ${secretVar} is missing 'pk'`);
if (!sk) fail(`Entry '${instanceName}' in ${secretVar} is missing 'sk'`);

console.log(`::add-mask::${sk}`);

const out = process.env.GITHUB_OUTPUT;
if (out) appendFileSync(out, `pk=${pk}\nsk=${sk}\n`);
Loading