Route workflows to BlackRoad-OS-Inc org, add Stripe/Clerk E2E pipeline#21
Route workflows to BlackRoad-OS-Inc org, add Stripe/Clerk E2E pipeline#21
Conversation
…ue template Co-authored-by: blackboxprogramming <118287761+blackboxprogramming@users.noreply.github.com>
Co-authored-by: blackboxprogramming <118287761+blackboxprogramming@users.noreply.github.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
This PR migrates CI/CD workflow references from the blackboxprogramming org to BlackRoad-OS-Inc, adds a new E2E workflow for Stripe + Clerk integration testing, and introduces an urgent issue template for tracking cross-repo rollout.
Changes:
- Updated
deploy.ymlandproject-sync.ymlto reference theBlackRoad-OS-Incorganization instead ofblackboxprogramming. - Added
e2e-blackroad.ymlworkflow with Stripe CLI setup, Node 20, and conditional E2E test execution with secret smoke-checks. - Added an urgent issue template (
.github/ISSUE_TEMPLATE/urgent-deploy-workflows.md) as a checklist for cross-repo deployment.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
.github/workflows/project-sync.yml |
Updated project board URL to BlackRoad-OS-Inc org |
.github/workflows/deploy.yml |
Reusable workflow reference updated to BlackRoad-OS-Inc; added empty permissions block |
.github/workflows/e2e-blackroad.yml |
New E2E workflow with Stripe/Clerk secret checks, Node setup, and conditional test run |
.github/ISSUE_TEMPLATE/urgent-deploy-workflows.md |
New urgent issue template for cross-repo workflow deployment tracking |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| - name: Verify Stripe webhook signatures | ||
| run: | | ||
| if [ -n "$STRIPE_SECRET_KEY" ]; then | ||
| echo "Stripe key configured — webhook verification ready" | ||
| else | ||
| echo "::warning::STRIPE_SECRET_KEY not set — add it in repo secrets" | ||
| fi | ||
|
|
||
| - name: Verify Clerk auth | ||
| run: | | ||
| if [ -n "$CLERK_SECRET_KEY" ]; then | ||
| echo "Clerk key configured — auth verification ready" | ||
| else | ||
| echo "::warning::CLERK_SECRET_KEY not set — add it in repo secrets" | ||
| fi |
There was a problem hiding this comment.
The step is named "Verify Stripe webhook signatures" but it only checks whether the secret is set — it does not verify any webhook signature. Similarly, "Verify Clerk auth" just checks for a secret's presence. Consider renaming these steps to something like "Check Stripe secret" and "Check Clerk secret" to accurately reflect what they do.
| STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }} | ||
| CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }} | ||
| NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }} | ||
| NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }} |
There was a problem hiding this comment.
Secret keys (STRIPE_SECRET_KEY, CLERK_SECRET_KEY) are exported as environment variables at the job level, which means they are available to every step in the job — including the Stripe CLI install step that runs curl and apt-get from external sources. Limit secret exposure by moving the env declarations to only the steps that actually need them (e.g., the "Run E2E tests" step and the respective verification steps).
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Pull request was closed
Redirects all workflow references from
blackboxprogrammingtoBlackRoad-OS-Incand adds E2E infrastructure for Stripe + Clerk. Includes an urgent issue template for tracking cross-repo rollout since automated multi-repo deployment is out of scope here.Org migration
deploy.yml: reusable workflow now callsBlackRoad-OS-Inc/blackroad-deployproject-sync.yml: project board URL →orgs/BlackRoad-OS-Inc/projects/1New:
e2e-blackroad.ymltest:e2eexecution fromblackroad_site/STRIPE_SECRET_KEYandCLERK_SECRET_KEYwith::warning::annotations when missingworkflow_dispatchenabled for manual runsNew: urgent issue template
.github/ISSUE_TEMPLATE/urgent-deploy-workflows.md— checklist covering all 6 workflows, required secrets, and indexing tasks for cross-repo rollout to BlackRoad-OS-IncSecurity
permissionsblocks added todeploy.yml({}) ande2e-blackroad.yml(contents: read) per CodeQLOriginal prompt
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.