Skip to content

fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors #643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors #643

wants to merge 1 commit into from

Conversation

@manavgup
Copy link
Owner

@manavgup manavgup commented Nov 17, 2025

Summary

This PR fixes Pydantic validation errors that occur when the SKIP_AUTH secret is empty, which was causing backend deployment failures.

Problem

When the SKIP_AUTH GitHub secret is not set or is empty, the backend receives an empty string '', causing this Pydantic validation error during Code Engine application startup:

Input should be a valid boolean, unable to interpret input
[type=bool_parsing, input_value='', input_type=str]

This error prevented the backend from starting and caused deployment failures.

Solution

Added a default value 'false' to the SKIP_AUTH environment variable in the deployment workflow:

Before:

SKIP_AUTH: ${{ secrets.SKIP_AUTH }}

After:

SKIP_AUTH: ${{ secrets.SKIP_AUTH || 'false' }}

Now when the secret is empty or unset, the backend receives 'false' instead of '', which Pydantic can successfully parse as a boolean.

Changes

  • .github/workflows/deploy_complete_app.yml (line 346): Added default value to SKIP_AUTH

Testing

This fix will be validated in the CI pipeline. Expected behavior:

If SKIP_AUTH secret is set: Uses the configured value
If SKIP_AUTH secret is empty/unset: Defaults to 'false'
Backend starts successfully: No Pydantic validation errors

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • Deployment fix

Related PRs

This is part of the focused PR strategy to replace PR #641:

Checklist

  • Code follows the style guidelines of this project
  • Change is focused and addresses a single issue
  • Commit message follows conventional commits format
  • No breaking changes introduced
  • CI workflows will validate the change

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@manavgup @claude
fix(workflow): Add SKIP_AUTH default value to prevent Pydantic valida…
2f172ee 
…tion errors

This PR fixes Pydantic validation errors that were occurring when the SKIP_AUTH secret was empty.

## Problem

When SKIP_AUTH secret is not set or empty, the backend receives an empty string '', causing:
```
Input should be a valid boolean, unable to interpret input
[type=bool_parsing, input_value='', input_type=str]
```

This was causing backend deployments to fail during the Code Engine application startup.

## Solution

Added default value 'false' to SKIP_AUTH environment variable:

**Before**:
```yaml
SKIP_AUTH: ${{ secrets.SKIP_AUTH }}
```

**After**:
```yaml
SKIP_AUTH: ${{ secrets.SKIP_AUTH || 'false' }}
```

Now when the secret is empty, the backend receives 'false' instead of '', which Pydantic can parse as a boolean.

## Testing

This fix will be validated in the next deployment workflow run. Expected behavior:
- If SKIP_AUTH secret is set: uses that value
- If SKIP_AUTH secret is empty/unset: defaults to 'false'
- Backend starts successfully without Pydantic validation errors

## Related

- Part of deployment fixes series (breaking down PR #641)
- Related to PR #642 (backend Docker fixes)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions
Copy link
Contributor

github-actions bot commented Nov 17, 2025

🚀 Development Environment Options

This repository supports Dev Containers for a consistent development environment.

Option 1: GitHub Codespaces (Recommended)

Create a cloud-based development environment:

  1. Click the green Code button above
  2. Select the Codespaces tab
  3. Click Create codespace on fix/skip-auth-validation
  4. Wait 2-3 minutes for environment setup
  5. Start coding with all tools pre-configured!

Option 2: VS Code Dev Containers (Local)

Use Dev Containers on your local machine:

  1. Install Docker Desktop
  2. Install VS Code
  3. Install the Dev Containers extension
  4. Clone this PR branch locally
  5. Open in VS Code and click "Reopen in Container" when prompted

Option 3: Traditional Local Setup

Set up the development environment manually:

# Clone the repository
git clone https://github.com/manavgup/rag_modulo.git
cd rag_modulo
git checkout fix/skip-auth-validation

# Initialize development environment
make dev-init
make dev-build
make dev-up
make dev-validate

Available Commands

Once in your development environment:

make help           # Show all available commands
make dev-validate   # Validate environment setup
make test-atomic    # Run atomic tests
make test-unit      # Run unit tests
make lint          # Run linting

Services Available

When running make dev-up:

This automated message helps reviewers quickly set up the development environment.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 17, 2025

Code Review - PR #643

Summary

This PR fixes a critical Pydantic validation error that occurs during backend deployment when the SKIP_AUTH GitHub secret is empty or unset. The fix adds a default value of 'false' to prevent empty string validation errors.

Strengths

  1. Root Cause Identified: Correctly identifies that empty GitHub secrets pass empty strings ('') to environment variables, causing Pydantic's boolean parser to fail.

  2. Clean Solution: The fix uses GitHub Actions' null coalescing operator (||) to provide a sensible default value, which is a standard pattern.

  3. Aligns with Codebase Conventions: The fix matches the existing pattern used in docker-compose.yml:29

  4. Focused PR Strategy: Part of a well-organized effort to break down PR fix: Add ICR auth for Trivy scans, improve error handling, optimize disk usage #641 into focused, reviewable chunks (PRs fix(backend): Backend Docker build fixes for AutoModelForImageTextToText #642, fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors #643, fix(prod): Fix production deployment configuration for make build-all and prod-start #644).

  5. Clear Documentation: Excellent PR description with problem statement, solution, and testing plan.

🔍 Issues Found

Critical: Inconsistent Fix Across Workflows

Location: .github/workflows/deploy_code_engine.yml:105

The same issue exists in another workflow file but was not fixed in this PR. The deploy_code_engine.yml workflow will still fail with the same Pydantic validation error if SKIP_AUTH secret is empty.

Recommendation: Apply the same fix to deploy_code_engine.yml:105

📋 Additional Observations

  1. Formatting Change: The PR also reformats the ICR_REGION ternary expression (lines 88-90) by splitting it across multiple lines. While this improves readability, it's technically unrelated to the fix.

  2. Backend Configuration: The backend's Pydantic model at backend/core/config.py:286 correctly defines skip_auth with a default of False. However, Pydantic validates the input before applying the default, so an empty string still causes validation errors.

  3. Security Considerations: The default value 'false' is the correct security-conscious choice. This aligns with the project's security guidelines.

  4. Testing Gap: There are no automated tests that verify the behavior when SKIP_AUTH is an empty string.

🎯 Recommendations

Priority 1 (Blocking):

  • Apply the same fix to .github/workflows/deploy_code_engine.yml:105

Priority 2 (Nice to have):

  • Add a test case to verify empty string handling
  • Update commit message to mention the ICR_REGION formatting change

📊 Code Quality Assessment

Category Rating Notes
Correctness 7/10 Fix works but incomplete (missing deploy_code_engine.yml)
Security 10/10 Defaults to 'false' - security-conscious
Maintainability 9/10 Clear, follows existing patterns
Testing 6/10 No automated test for this edge case
Documentation 9/10 Excellent PR description

🏁 Verdict

Status: ⚠️ CHANGES REQUESTED

The fix is correct and well-implemented for deploy_complete_app.yml, but the same issue exists in deploy_code_engine.yml and needs to be fixed to prevent deployment failures.

Once the deploy_code_engine.yml fix is applied, this PR will be APPROVED for merge.

🤖 Generated with Claude Code

manavgup added a commit that referenced this pull request Nov 17, 2025
@manavgup @claude
fix(workflow): Use backend/Dockerfile.backend instead of Dockerfile.c…
4602cf4 
…odeengine

This PR updates the GitHub Actions workflow to use the correct backend Dockerfile.

## Problem

The workflow was using `Dockerfile.codeengine` which:
- Used `poetry install` that pulled CUDA PyTorch from poetry.lock (6-8GB NVIDIA libs)
- Caused massive Docker image bloat
- Led to deployment failures

## Solution

Changed the workflow to use `backend/Dockerfile.backend` which:
- Parses `pyproject.toml` directly with pip
- Uses CPU-only PyTorch index `--extra-index-url https://download.pytorch.org/whl/cpu`
- Significantly reduces image size
- Works with the fixes from PR #642 (transformers[vision] + numpy cleanup)

**Before**:
```yaml
file: ./Dockerfile.codeengine
```

**After**:
```yaml
file: ./backend/Dockerfile.backend
```

## Changes

- `.github/workflows/deploy_complete_app.yml` (line 215): Updated Dockerfile path

## Testing

This fix will be validated in the CI pipeline. Expected behavior:

✅ **Builds use correct Dockerfile**: backend/Dockerfile.backend
✅ **CPU-only PyTorch**: No CUDA libraries in image
✅ **Smaller image size**: ~500MB vs 6-8GB
✅ **Successful deployment**: No import errors

## Type of Change

- [x] Bug fix (non-breaking change which fixes an issue)
- [x] Deployment fix

## Related PRs

This is part of the focused PR strategy to replace PR #641:

- **PR #642**: Backend Docker fixes (transformers[vision] + numpy cleanup)
- **PR #643**: SKIP_AUTH default value fix
- **PR #644** (this PR): Workflow Dockerfile path fix

## Checklist

- [x] Code follows the style guidelines of this project
- [x] Change is focused and addresses a single issue
- [x] Commit message follows conventional commits format
- [x] No breaking changes introduced
- [x] CI workflows will validate the change

---

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@manavgup manavgup mentioned this pull request Nov 17, 2025
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@manavgup