fix: use repository variables instead of secrets for non-sensitive values#1723
Merged
amikofalvy merged 1 commit intomainfrom Feb 5, 2026
Merged
fix: use repository variables instead of secrets for non-sensitive values#1723amikofalvy merged 1 commit intomainfrom
amikofalvy merged 1 commit intomainfrom
Conversation
…lues Move TURBO_TEAM and VERCEL_ORG_ID from secrets to vars to prevent GitHub Actions from masking these values in logs. Secret values are automatically masked, which was causing "inkeep" to appear as "***" throughout CI logs.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Contributor
|
Claude finished @amikofalvy's task in 2m 23s —— View job PR Review Summary1 Key Finding | Risk: Low 🟠🔶
|
| Location | Issue | Reason Excluded |
|---|---|---|
scripts/setup-turbo-cache.sh:61-63 |
Documentation says to add TURBO_TEAM as a "secret" for CI/CD, which will be outdated after this PR | Not in PR scope; follow-up task |
Incidental changes (informational)
| Location | Change | Notes |
|---|---|---|
cypress.yml:36-48 |
Fixed indentation for postgres service definition |
Positive cleanup, aligns with YAML best practices |
release.yml:37-38 |
Changed quote style from single to double quotes | Minor formatting normalization |
release.yml |
Removed trailing whitespace on multiple lines | Good cleanup |
cypress.yml, release.yml |
Added missing newline at EOF | Good fix |
dimaMachina
pushed a commit
that referenced
this pull request
Feb 5, 2026
…lues (#1723) Move TURBO_TEAM and VERCEL_ORG_ID from secrets to vars to prevent GitHub Actions from masking these values in logs. Secret values are automatically masked, which was causing "inkeep" to appear as "***" throughout CI logs.
dimaMachina
added a commit
that referenced
this pull request
Feb 5, 2026
…chat or if custom headers are invalid (#1699) * upd * upd * upd * upd * upd * upd * upd * typecheck is ok now * wip custom headers dialog * upddd * upddd * upddd * brand color * upd * validate on mount * polish * fix lint * format * review fixes * feat(pr-review): add clickable links to inline comments in review summary (#1714) - Add `url` field to GraphQL queries for review threads and PR comments - Add Phase 5.4 to capture inline comment URLs after posting - Update Point-Fix Edits section to include clickable links - Update Pending Recommendations to use URLs from pr-context skill - Add `gh api` to allowed tools for fetching comment URLs - Add secure debug artifact uploads for Claude review runs * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" (#1691) This reverts commit 938ffb8. * fix: pin claude-code-action to SDK 0.2.25 to avoid AJV crash (#1716) SDK versions 0.2.27+ have a bug causing AJV validation crashes before any API calls are made. This affects all PR reviews. Tracking issue: anthropics/claude-code-action#892 Related: #852, #880, #804 Will revert to @v1 when the upstream issue is resolved. * bump zod to latest 4.3.6 and fix `.omit() cannot be used on object schemas containing refinements` error (#1712) * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" This reverts commit 938ffb8. * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" This reverts commit 938ffb8. * bump * upd * remove zod from pnpm overrides * update zod peerdependencies too, and we have error reproducible locally * minimal fix * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * Version Packages (#1701) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * feat: add Vercel production deployment workflow (#1679) * feat: add Vercel production deployment workflow Add GitHub Actions workflow to deploy to Vercel production only when a GitHub release is published. This integrates with the existing changesets release flow. * feat: add deployment checks before promoting to production Deploy to preview URL first, wait for Vercel deployment checks to pass, then promote to production. This ensures API health before going live. * PRD for vercel deployment strategy * docs: add Vercel staging/production deployment strategy documentation - Document Production Branch configuration (set to '_disabled_') - Document GitHub Actions workflow for release-triggered deployments - Document required secrets (VERCEL_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID) - Document optional staging domain configuration - Add deployment flow diagram and troubleshooting section - Add secrets documentation comments to workflow file Completes US-001, US-002, US-003, US-004 from vercel-deployment-strategy PRD. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update Vercel staging/production strategy to use never-deploy branch Replace _disabled_ approach (which Vercel doesn't support) with a never-deploy orphan branch. Update staging domain examples to use api-staging.agents.yourdomain.com pattern. * Apply suggestion from @claude[bot] Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * revert: remove Vercel deployment docs changes and PRD Revert vercel.mdx to main branch version and remove the PRD file. * feat: deploy both agents-api and agents-manage-ui to Vercel Update production workflow to deploy both projects in parallel using a matrix strategy. Each project uses its own secret for the Vercel project ID. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * remove cursor specific rules in favor or skills and agents.md (#1717) * chore: trigger release for all packages (#1718) No-op patch bumps to trigger a new release. * Version Packages (#1719) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * updating release action (#1720) * fix: add --scope flag to Vercel CLI commands in production workflow (#1721) The vercel inspect and promote commands were failing with authorization errors because VERCEL_ORG_ID as an environment variable isn't used by the CLI for scope resolution - it requires the --scope flag explicitly. * fix: use staged production deployments in Vercel workflow (#1722) - Deploy with --prod --skip-domain to create staged production builds - This ensures production env vars are used and avoids rebuild on promote - Add --yes flag to auto-confirm prompts in CI environment - Fixes issue where promoting preview deployments triggered interactive prompt * fix: add --archive=tgz to prevent CLI hanging during deploy (#1724) Large file uploads can cause the Vercel CLI to hang. The --archive=tgz flag compresses files before upload which resolves this issue. * fix: use repository variables instead of secrets for non-sensitive values (#1723) Move TURBO_TEAM and VERCEL_ORG_ID from secrets to vars to prevent GitHub Actions from masking these values in logs. Secret values are automatically masked, which was causing "inkeep" to appear as "***" throughout CI logs. * fix: simplify Vercel workflow to use direct production deploy (#1725) - Remove --skip-domain flag which was causing CLI to hang - Remove separate promote step (--prod auto-assigns domains) - Simpler, more reliable workflow * fix: use secrets for VERCEL_ORG_ID (#1726) * apply review * pnpm i * polish * format * Rename convert-json-schema-to-zod.ts to convert-json-schema-to-zod.test.ts * add tests * wip tests * wip tests * wip tests * upd * upd * upd * upd * polish error names * upd * move to __tests__ * format * chore: add changeset for custom headers validation feature Co-authored-by: Dimitri POSTOLOV <undefined@users.noreply.github.com> --------- Co-authored-by: Nick Gomez <122398915+nick-inkeep@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Andrew Mikofalvy <5668128+amikofalvy@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Dimitri POSTOLOV <undefined@users.noreply.github.com>
dimaMachina
added a commit
that referenced
this pull request
Feb 5, 2026
…fromJSONSchema()` method (#1735) * upd * upd * upd * upd * upd * upd * upd * typecheck is ok now * wip custom headers dialog * upddd * upddd * upddd * brand color * upd * validate on mount * polish * fix lint * format * review fixes * feat(pr-review): add clickable links to inline comments in review summary (#1714) - Add `url` field to GraphQL queries for review threads and PR comments - Add Phase 5.4 to capture inline comment URLs after posting - Update Point-Fix Edits section to include clickable links - Update Pending Recommendations to use URLs from pr-context skill - Add `gh api` to allowed tools for fetching comment URLs - Add secure debug artifact uploads for Claude review runs * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" (#1691) This reverts commit 938ffb8. * fix: pin claude-code-action to SDK 0.2.25 to avoid AJV crash (#1716) SDK versions 0.2.27+ have a bug causing AJV validation crashes before any API calls are made. This affects all PR reviews. Tracking issue: anthropics/claude-code-action#892 Related: #852, #880, #804 Will revert to @v1 when the upstream issue is resolved. * bump zod to latest 4.3.6 and fix `.omit() cannot be used on object schemas containing refinements` error (#1712) * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" This reverts commit 938ffb8. * Revert "fix(agents-core): remove refine call in resource id schema (#1689)" This reverts commit 938ffb8. * bump * upd * remove zod from pnpm overrides * update zod peerdependencies too, and we have error reproducible locally * minimal fix * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * rm unrelated changes * Version Packages (#1701) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * feat: add Vercel production deployment workflow (#1679) * feat: add Vercel production deployment workflow Add GitHub Actions workflow to deploy to Vercel production only when a GitHub release is published. This integrates with the existing changesets release flow. * feat: add deployment checks before promoting to production Deploy to preview URL first, wait for Vercel deployment checks to pass, then promote to production. This ensures API health before going live. * PRD for vercel deployment strategy * docs: add Vercel staging/production deployment strategy documentation - Document Production Branch configuration (set to '_disabled_') - Document GitHub Actions workflow for release-triggered deployments - Document required secrets (VERCEL_TOKEN, VERCEL_ORG_ID, VERCEL_PROJECT_ID) - Document optional staging domain configuration - Add deployment flow diagram and troubleshooting section - Add secrets documentation comments to workflow file Completes US-001, US-002, US-003, US-004 from vercel-deployment-strategy PRD. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: update Vercel staging/production strategy to use never-deploy branch Replace _disabled_ approach (which Vercel doesn't support) with a never-deploy orphan branch. Update staging domain examples to use api-staging.agents.yourdomain.com pattern. * Apply suggestion from @claude[bot] Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * revert: remove Vercel deployment docs changes and PRD Revert vercel.mdx to main branch version and remove the PRD file. * feat: deploy both agents-api and agents-manage-ui to Vercel Update production workflow to deploy both projects in parallel using a matrix strategy. Each project uses its own secret for the Vercel project ID. --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> * remove cursor specific rules in favor or skills and agents.md (#1717) * chore: trigger release for all packages (#1718) No-op patch bumps to trigger a new release. * Version Packages (#1719) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * updating release action (#1720) * fix: add --scope flag to Vercel CLI commands in production workflow (#1721) The vercel inspect and promote commands were failing with authorization errors because VERCEL_ORG_ID as an environment variable isn't used by the CLI for scope resolution - it requires the --scope flag explicitly. * fix: use staged production deployments in Vercel workflow (#1722) - Deploy with --prod --skip-domain to create staged production builds - This ensures production env vars are used and avoids rebuild on promote - Add --yes flag to auto-confirm prompts in CI environment - Fixes issue where promoting preview deployments triggered interactive prompt * fix: add --archive=tgz to prevent CLI hanging during deploy (#1724) Large file uploads can cause the Vercel CLI to hang. The --archive=tgz flag compresses files before upload which resolves this issue. * fix: use repository variables instead of secrets for non-sensitive values (#1723) Move TURBO_TEAM and VERCEL_ORG_ID from secrets to vars to prevent GitHub Actions from masking these values in logs. Secret values are automatically masked, which was causing "inkeep" to appear as "***" throughout CI logs. * fix: simplify Vercel workflow to use direct production deploy (#1725) - Remove --skip-domain flag which was causing CLI to hang - Remove separate promote step (--prod auto-assigns domains) - Simpler, more reliable workflow * fix: use secrets for VERCEL_ORG_ID (#1726) * apply review * pnpm i * polish * format * Rename convert-json-schema-to-zod.ts to convert-json-schema-to-zod.test.ts * add tests * wip tests * wip tests * wip tests * upd * upd * upd * upd * polish error names * upd * move to __tests__ * rm jsonSchemaToZod * rm jsonSchemaToZod * rm jsonSchemaToZod * rm jsonSchemaToZod * format * chore: add changeset for custom headers validation feature Co-authored-by: Dimitri POSTOLOV <undefined@users.noreply.github.com> * chore: add changeset for jsonSchemaToZod removal Replace custom implementation with Zod's native z.fromJSONSchema() method Co-authored-by: Dimitri POSTOLOV <dimaMachina@users.noreply.github.com> * fix lint * Update validation.test.ts --------- Co-authored-by: Nick Gomez <122398915+nick-inkeep@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Andrew Mikofalvy <5668128+amikofalvy@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Dimitri POSTOLOV <undefined@users.noreply.github.com> Co-authored-by: Dimitri POSTOLOV <dimaMachina@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
TURBO_TEAMandVERCEL_ORG_IDfromsecrets.tovars.to prevent GitHub Actions from masking these values in logs***throughout CI logsFiles Changed
.github/workflows/ci.yml- TURBO_TEAM.github/workflows/cypress.yml- TURBO_TEAM.github/workflows/release.yml- TURBO_TEAM.github/workflows/vercel-production.yml- VERCEL_ORG_IDRequired Setup
After merging, ensure these are configured as organization or repository variables (not secrets) in GitHub Settings > Secrets and variables > Actions > Variables:
TURBO_TEAMVERCEL_ORG_ID