Skip to content

fix(argo-workflows): fix bug with apiTokens#1100

Merged
mleonidas merged 1 commit intomainfrom
mleonidas/fix-argo-workflows-when-api-token-present
May 4, 2026
Merged

fix(argo-workflows): fix bug with apiTokens#1100
mleonidas merged 1 commit intomainfrom
mleonidas/fix-argo-workflows-when-api-token-present

Conversation

@mleonidas
Copy link
Copy Markdown
Collaborator

@mleonidas mleonidas commented May 4, 2026
edited by coderabbitai Bot
Loading

  • if there's an api token we need a Bearer with the token

Summary by CodeRabbit

  • Bug Fixes
    • Improved authentication token handling for Argo Workflows integration, ensuring proper formatting of authorization headers when tokens are present or absent.

@mleonidas
fix(argo-workflows): fix bug with apiTokens
b2faa42 
* if there's an api token we need a Bearer with the token
@mleonidas mleonidas marked this pull request as ready for review May 4, 2026 20:28
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 4, 2026
edited
Loading

📝 Walkthrough

Walkthrough

A helper function argoBearerIfToken is added to format API tokens as HTTP Bearer authentication headers. The Argo workflow submitter's authentication supplier is updated to use this helper, properly formatting tokens with the Bearer prefix while handling empty tokens.

Changes

Bearer Token Authentication Formatting

Layer / File(s) Summary
Helper Definition
apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go (lines 21-27)		 New argoBearerIfToken(token string) string helper returns empty string for empty tokens, otherwise returns "Bearer " + token.
Auth Supplier Integration
apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go (lines 41-42)		 SubmitWorkflow's Argo client AuthSupplier updated to call argoBearerIfToken(apiKey) instead of returning raw apiKey directly.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A token wrapped in Bearer's cloak,
where empty strings no secrets poke,
the auth flow gleams with proper form—
small change, but keeps the protocol warm! 🎀

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix(argo-workflows): fix bug with apiTokens' directly relates to the main change: fixing authentication header behavior for API tokens in Argo Workflows. It clearly identifies both the component and the specific issue being addressed.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mleonidas/fix-argo-workflows-when-api-token-present

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

  • Generate code and open pull requests
  • Plan features and break down work
  • Investigate incidents and troubleshoot customer tickets together
  • Automate recurring tasks and respond to alerts with triggers
  • Summarize progress and report instantly

Built for teams:

  • Shared memory across your entire org—no repeating context
  • Per-thread sandboxes to safely plan and execute work
  • Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go (1)

21-26: ⚡ Quick win

argoBearerIfToken is correct — AuthSupplier expects the full Bearer <token> header value.

The Argo Workflows v4 Go client passes the AuthSupplier() return value directly into request authentication logic, which expects the complete Authorization header value. The old behavior (returning the raw token) was the bug; this fix is correct.

Optional: If the input token could carry surrounding whitespace (e.g., from a config file or environment variable), apply strings.TrimSpace() to prevent malformed header values:

Optional hardening: guard against whitespace in the incoming token 
 func argoBearerIfToken(token string) string {
+	token = strings.TrimSpace(token)
 	if token == "" {
 		return ""
 	}
 	return "Bearer " + token
 }
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go`
around lines 21 - 26, The current argoBearerIfToken function should return the
full "Bearer <token>" string (AuthSupplier expects the complete header) and is
correct; to harden it against tokens with surrounding whitespace, update
argoBearerIfToken to trim the incoming token using strings.TrimSpace before
checking emptiness and before concatenating so the returned value is "Bearer
<trimmed-token>" when non-empty.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go`:
- Around line 21-26: The current argoBearerIfToken function should return the
full "Bearer <token>" string (AuthSupplier expects the complete header) and is
correct; to harden it against tokens with surrounding whitespace, update
argoBearerIfToken to trim the incoming token using strings.TrimSpace before
checking emptiness and before concatenating so the returned value is "Bearer
<trimmed-token>" when non-empty.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 49332164-2b7a-424f-a117-ca50d873177d

📥 Commits

Reviewing files that changed from the base of the PR and between 0c45e54 and b2faa42.

📒 Files selected for processing (1)
  • apps/workspace-engine/pkg/jobagents/argoworkflows/workflow_submitter.go

@mleonidas mleonidas merged commit 52046a1 into main May 4, 2026
13 checks passed
@mleonidas mleonidas deleted the mleonidas/fix-argo-workflows-when-api-token-present branch May 4, 2026 20:37
@jsbroks jsbroks mentioned this pull request May 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@dacbd dacbd dacbd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mleonidas @dacbd