Lantern

Appearance

API Key Setup for Workflow Testing โ€‹

Complete guide for setting up API keys for GitHub Actions workflow testing.

Overview โ€‹

Several workflows require API keys for testing:

  • AI Issue Triage - OpenAI API key
  • GitHub Projects V2 - GitHub Personal Access Token (PAT)

This guide covers setup for local testing and CI/CD.

OpenAI API Key โ€‹

  1. Get your API key:

    • Visit OpenAI API Keys
    • Click "Create new secret key"
    • Copy the key (starts with sk-proj-)

  2. Add to .env.local:

    bash
    # In your project root
echo "OPENAI_API_KEY=sk-proj-YOUR_KEY_HERE" >> .env.local

  3. Verify it works:

    bash
    grep OPENAI_API_KEY .env.local

Why this works:

  • โœ… Test scripts automatically load from .env.local
  • โœ… Never committed (it's in .gitignore)
  • โœ… Works for all test scripts
  • โœ… Simplest setup

GitHub Personal Access Token (PAT) โ€‹

For GitHub Projects V2 testing:

  1. Create PAT:

    • Go to GitHub Settings โ†’ Developer settings โ†’ Personal access tokens โ†’ Tokens (classic)
    • Click "Generate new token (classic)"
    • Select scopes: repo + project
    • Copy the token

  2. Add to .env.local:

    bash
    echo "GH_PAT=ghp_YOUR_TOKEN_HERE" >> .env.local

Why this works:

  • โœ… .github/workflows/test-projects-v2.sh loads from .env.local
  • โœ… Never committed
  • โœ… Recommended for local testing

Option B: Using GitHub CLI Secrets (For CI/CD) โ€‹

Use this method for GitHub Actions workflows that need API keys.

OpenAI API Key โ€‹

bash
# 1. Install GitHub CLI (if needed)
brew install gh  # macOS
# or visit https://cli.github.com

# 2. Authenticate
gh auth login

# 3. Store your API key
gh secret set OPENAI_API_KEY
# Paste your key and press Enter

# 4. Verify it was stored
gh secret list

Workflows automatically use OPENAI_API_KEY secret.

GitHub Personal Access Token โ€‹

bash
# 1. Create your PAT (see Option A steps 1-2 above)

# 2. Store in GitHub
gh secret set GH_PAT
# Paste your token and press Enter

# 3. Verify
gh secret list

Workflows automatically use GH_PAT secret.

Security Best Practices โ€‹

โœ… DO โ€‹

  • Store API keys in .env.local (local testing) or GitHub Secrets (CI/CD)
  • Rotate keys periodically
  • Use minimal required scopes (e.g., repo + project for GitHub, read-only for OpenAI)
  • Review GitHub Secrets quarterly
  • Use separate keys for dev and production

โŒ DON'T โ€‹

  • Commit .env.local to Git (it's in .gitignore)
  • Share API keys in messages, PRs, or commit messages
  • Use the same key for dev and production
  • Grant unnecessary permissions (e.g., admin scopes)
  • Leave expired or unused keys active

Troubleshooting โ€‹

"OPENAI_API_KEY not found" โ€‹

Local testing:

bash
# Check if .env.local exists
ls -la .env.local

# Check if key is set correctly
grep OPENAI_API_KEY .env.local

# If not set, add it
echo "OPENAI_API_KEY=sk-proj-YOUR_KEY_HERE" >> .env.local

CI/CD:

bash
# Check if secret is stored
gh secret list

# If not, set it
gh secret set OPENAI_API_KEY

"Invalid API key" โ€‹

Verify your key:

"gh: command not found" โ€‹

Install GitHub CLI:

bash
# macOS
brew install gh

# Ubuntu/Debian
sudo apt install gh

# Or visit https://cli.github.com

"Not authenticated" โ€‹

Authenticate with GitHub:

bash
gh auth login

"Rate limited" โ€‹

Wait before retrying. If using OpenAI API:

Cost Estimation โ€‹

ServiceCostUsage
OpenAI API~$0.0002 per issue triageMock tests: free
GitHub APIFree (with PAT)Unlimited for Projects V2

Example monthly costs with 100 issues triaged with real API:

  • OpenAI: ~$0.02
  • GitHub: $0
  • Total: <$0.02/month

Testing Your Setup โ€‹

OpenAI API Key โ€‹

bash
# Quick test with curl
curl https://api.openai.com/v1/models \
  -H "Authorization: Bearer $OPENAI_API_KEY" | head -20

Expected: List of available models (not an error)

GitHub PAT โ€‹

bash
# Quick test
gh auth status
gh api user -q .login

Expected: Your GitHub username

See Also โ€‹

Built with VitePress

Copyright ยฉ 2026 Lantern