fix: use integration-tests environment for API keys

[Kamilbenkirane]

Problem

Integration tests were failing because the workflow was trying to use repository-level secrets, but the API keys were added to the integration-tests environment.

Solution

Add environment: name: integration-tests to the integration-test job so it uses the environment secrets.

Changes

• Added environment: specification to integration-test job
• Secrets will now be pulled from the integration-tests environment

Fixes integration test failures due to missing API keys.

[claude]

Code Review

Summary

This PR fixes the integration test failures by correctly configuring the GitHub Actions workflow to use environment-scoped secrets. The change is minimal, focused, and addresses the root cause effectively.

✅ Strengths

1. Correct Solution: Adding environment: name: integration-tests is the proper way to access environment-scoped secrets in GitHub Actions (lines 47-48 in .github/workflows/publish.yml).

2. Consistency: This change aligns with the existing pattern in the workflow - the publish-testpypi and publish-pypi jobs already use environment specifications (lines 83-85 and 102-104).

3. Minimal Change: The fix is surgical - only adds the necessary 2 lines without modifying any other logic.

4. Clear Documentation: The PR description clearly explains the problem, solution, and changes made.

5. Safe Change: This is a workflow configuration change with no impact on application code or logic.

🔍 Code Quality

• YAML Formatting: Proper indentation and structure ✓
• Best Practices: Follows GitHub Actions conventions for environment usage ✓
• No Breaking Changes: Only adds missing configuration ✓

🔒 Security Considerations

• Positive Security Impact: Using environment-scoped secrets is a security best practice as it provides better access control and audit trails compared to repository-level secrets.
• Secrets Management: The secrets referenced (OPENAI_API_KEY, ANTHROPIC_API_KEY, etc.) are correctly accessed via the secrets context syntax.

⚡ Performance

• No performance impact. Environment specification doesn't add measurable overhead to workflow execution.

🧪 Test Coverage

• Testing: The integration tests should now pass once the environment secrets are properly configured in the GitHub repository settings.
• Recommendation: After merging, verify that the integration-tests environment exists in the repository settings and has all required API keys configured.

📋 Recommendations

1. Verify Environment Setup: Ensure the integration-tests environment exists in repository settings with all required secrets:

   • OPENAI_API_KEY
   • ANTHROPIC_API_KEY
   • GOOGLE_API_KEY
   • MISTRAL_API_KEY
   • COHERE_API_KEY

2. Consider Documentation: If not already documented, consider adding a note in your repository's documentation about the environment setup requirements for the publish workflow.

3. Optional Enhancement: Consider adding an environment URL (like done for testpypi and pypi jobs) for better visibility in the GitHub Actions UI, though this is not critical for integration tests.

✅ Verdict

LGTM - This is a well-targeted fix that properly addresses the integration test failures. The change follows GitHub Actions best practices and is consistent with the existing workflow patterns.

---

Automated review generated by Claude Code