Skip to content

🔑 Add flag for using local secrets during workflow execution #2841

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dsyme merged 6 commits into from
Oct 31, 2025
Merged

🔑 Add flag for using local secrets during workflow execution #2841

dsyme merged 6 commits into from
Oct 31, 2025

Conversation

@dsyme
Copy link
Contributor

@dsyme dsyme commented Oct 31, 2025

Summary

  • Added --use-local-secrets flag to gh aw run and gh aw trial commands
  • Enables pushing local environment API keys to repository during workflow execution
  • Automatically cleans up secrets after workflow completes

Key Changes

  • Introduced new command-line flag --use-local-secrets
  • Updated CLI commands to support secret pushing and cleanup
  • Modified workflow execution logic to handle temporary secret management
  • Added documentation for the new secret pushing feature

How It Works

  • Reads API keys from local environment variables
  • Temporarily pushes required secrets to repository
  • Automatically deletes secrets after workflow execution
  • Supports multiple AI engine secrets (Anthropic, OpenAI, Copilot)

Security Considerations

  • Secrets are only pushed temporarily
  • Provides a convenient way to test workflows with local API keys
  • Recommended for development and testing environments

Copilot AI review requested due to automatic review settings October 31, 2025 01:21
Copilot AI reviewed Oct 31, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request adds a --use-local-secrets flag to both run and trial commands, enabling users to temporarily push API key secrets from their local environment to repositories for workflow execution. The feature automatically cleans up these secrets after completion.

  • Added --use-local-secrets flag support to run and trial commands
  • Refactored determineAndAddEngineSecret to accept EngineConfig instead of full WorkflowData
  • Introduced conditional secret tracking and cleanup based on the new flag

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
pkg/cli/trial_command.go Added --use-local-secrets flag, --repo alias, conditional secret handling, and refactored engine secret determination
pkg/cli/run_command.go Implemented secret pushing/cleanup logic for run command with engine detection
pkg/cli/commands_test.go Updated test calls to include new pushSecrets parameter
docs/src/content/docs/tools/cli.md Added documentation for --use-local-secrets flag and updated examples
cmd/gh-aw/main.go Added --use-local-secrets flag to run command
Comments suppressed due to low confidence (1)

pkg/cli/trial_command.go:955

  • Debug log statement left in production code. This should be removed or placed behind a verbose/debug flag.
	fmt.Fprintln(os.Stderr, console.FormatInfoMessage(fmt.Sprintf("DEBUG: engineOverride parameter = '%s'", engineOverride)))

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

dsyme and others added 4 commits October 31, 2025 01:31
@dsyme
Update pkg/cli/run_command.go
be4b570 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@dsyme
Update pkg/cli/run_command.go
463d138 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@dsyme
fmt
eaccb3d
@dsyme
fmt
2f0d9c3
@dsyme dsyme merged commit 7782717 into main Oct 31, 2025
16 checks passed
@dsyme dsyme deleted the runc branch October 31, 2025 01:37
@github-actions github-actions bot mentioned this pull request Oct 31, 2025
Merged
Copilot AI mentioned this pull request Oct 31, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dsyme