Lantern

Appearance

API Key Setup for Workflow Testing

Complete guide for setting up API keys for GitHub Actions workflow testing.

Overview

Several workflows require API keys for testing:

  • AI Issue Triage - OpenAI API key
  • GitHub Projects V2 - GitHub Personal Access Token (PAT)

This guide covers setup for local testing and CI/CD.

OpenAI API Key

  1. Get your API key:

    • Visit OpenAI API Keys
    • Click "Create new secret key"
    • Copy the key (starts with sk-proj-)

  2. Add to .env.local:

    bash
    # In your project root
echo "OPENAI_API_KEY=sk-proj-YOUR_KEY_HERE" >> .env.local

  3. Verify it works:

    bash
    grep OPENAI_API_KEY .env.local

Why this works:

  • ✅ Test scripts automatically load from .env.local
  • ✅ Never committed (it's in .gitignore)
  • ✅ Works for all test scripts
  • ✅ Simplest setup

GitHub Personal Access Token (PAT)

For GitHub Projects V2 testing:

  1. Create PAT:

    • Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
    • Click "Generate new token (classic)"
    • Select scopes: repo + project
    • Copy the token

  2. Add to .env.local:

    bash
    echo "GH_PAT=ghp_YOUR_TOKEN_HERE" >> .env.local

Why this works:

  • .github/workflows/test-projects-v2.sh loads from .env.local
  • ✅ Never committed
  • ✅ Recommended for local testing

Option B: Using GitHub CLI Secrets (For CI/CD)

Use this method for GitHub Actions workflows that need API keys.

OpenAI API Key

bash
# 1. Install GitHub CLI (if needed)
brew install gh  # macOS
# or visit https://cli.github.com

# 2. Authenticate
gh auth login

# 3. Store your API key
gh secret set OPENAI_API_KEY
# Paste your key and press Enter

# 4. Verify it was stored
gh secret list

Workflows automatically use OPENAI_API_KEY secret.

GitHub Personal Access Token

bash
# 1. Create your PAT (see Option A steps 1-2 above)

# 2. Store in GitHub
gh secret set GH_PAT
# Paste your token and press Enter

# 3. Verify
gh secret list

Workflows automatically use GH_PAT secret.

Security Best Practices

✅ DO

  • Store API keys in .env.local (local testing) or GitHub Secrets (CI/CD)
  • Rotate keys periodically
  • Use minimal required scopes (e.g., repo + project for GitHub, read-only for OpenAI)
  • Review GitHub Secrets quarterly
  • Use separate keys for dev and production

❌ DON'T

  • Commit .env.local to Git (it's in .gitignore)
  • Share API keys in messages, PRs, or commit messages
  • Use the same key for dev and production
  • Grant unnecessary permissions (e.g., admin scopes)
  • Leave expired or unused keys active

Troubleshooting

"OPENAI_API_KEY not found"

Local testing:

bash
# Check if .env.local exists
ls -la .env.local

# Check if key is set correctly
grep OPENAI_API_KEY .env.local

# If not set, add it
echo "OPENAI_API_KEY=sk-proj-YOUR_KEY_HERE" >> .env.local

CI/CD:

bash
# Check if secret is stored
gh secret list

# If not, set it
gh secret set OPENAI_API_KEY

"Invalid API key"

Verify your key:

"gh: command not found"

Install GitHub CLI:

bash
# macOS
brew install gh

# Ubuntu/Debian
sudo apt install gh

# Or visit https://cli.github.com

"Not authenticated"

Authenticate with GitHub:

bash
gh auth login

"Rate limited"

Wait before retrying. If using OpenAI API:

Cost Estimation

ServiceCostUsage
OpenAI API~$0.0002 per issue triageMock tests: free
GitHub APIFree (with PAT)Unlimited for Projects V2

Example monthly costs with 100 issues triaged with real API:

  • OpenAI: ~$0.02
  • GitHub: $0
  • Total: <$0.02/month

Testing Your Setup

OpenAI API Key

bash
# Quick test with curl
curl https://api.openai.com/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY" | head -20

Expected: List of available models (not an error)

GitHub PAT

bash
# Quick test
gh auth status
gh api user -q .login

Expected: Your GitHub username

See Also

Built with VitePress

Copyright © 2026 Lantern