ci 공사중..

[nayonsoso]

User description

관련 이슈

• resolves: #이슈 번호

작업 내용

특이 사항

리뷰 요구사항 (선택)

---

PR Type

Enhancement, Tests, Configuration changes

---

Description

• Refactored AppleOAuthClientSecretProvider to use secretKey from properties.

• Added secretKey field to AppleOAuthClientProperties.

• Updated test configurations to remove ActiveProfiles and improve Redis TestContainer setup.

• Added CI workflow for Gradle builds and a dedicated application.yml for testing.

---

Changes walkthrough 📝

	Relevant files
Enhancement	2 files AppleOAuthClientSecretProvider.java Refactored to use `secretKey` from properties                        +8/-14    AppleOAuthClientProperties.java Added `secretKey` field for Apple OAuth                                    +2/-1
Tests	7 files CommentServiceTest.java Updated time comparison to ignore nanoseconds                        +8/-4      DatabaseConnectionTest.java Removed `ActiveProfiles` annotation                                            +0/-2      RedisConnectionTest.java Removed `ActiveProfiles` annotation                                            +0/-2      DatabaseCleaner.java Removed `ActiveProfiles` annotation                                            +0/-2      RedisTestContainer.java Improved Redis TestContainer initialization                            +15/-18  TestContainerDataJpaTest.java Removed `ActiveProfiles` annotation                                            +0/-2      TestContainerSpringBootTest.java Updated Redis TestContainer initialization                              +3/-3
Configuration changes	2 files ci.yml Added CI workflow for Gradle builds                                            +31/-0    application.yml Added test-specific application configuration                        +73/-0

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

Summary by CodeRabbit

• Chores
  • Added an automated continuous integration workflow for streamlined builds.
• New Features
  • Introduced a comprehensive configuration file covering database, cloud, OAuth, monitoring, and security settings.
• Refactor
  • Enhanced Apple OAuth authentication by transitioning from file-based key retrieval to property-driven generation with more precise error handling.
  • Adjusted timestamp precision to microseconds for consistent data records.
• Tests
  • Updated test setups and endpoint validations to better align with current application behavior.

[coderabbitai]

Walkthrough

The changes introduce a new GitHub Actions workflow for CI using Gradle, automate the build and test reporting process, and update key generation in the Apple OAuth client by replacing file-based key retrieval with direct property access and specific exception handling. The Apple OAuth client properties record now includes a new secretKey field. Multiple test classes have had the @ActiveProfiles("test") annotation removed. Additionally, the Redis test container is refactored for programmatic initialization, a comprehensive application configuration file is added, the ApplicantsQuery test endpoints are updated, and timestamp precision in BaseEntity is refined.

Changes

File(s)	Change Summary
.github/workflows/ci.yml	Added a new CI workflow file for Gradle builds and test reports triggered on pull requests targeting develop, release, and master branches.
src/.../auth/client/AppleOAuthClientSecretProvider.java	Replaced readPrivateKey() with generatePrivateKey(), eliminating file-based reading and refining exception handling; updated key initialization.
src/.../config/client/AppleOAuthClientProperties.java	Added a new field secretKey to the record.
src/test/java/com/example/solidconnection/{database,support}/[DatabaseConnectionTest.java, RedisConnectionTest.java, DatabaseCleaner.java, TestContainerDataJpaTest.java]	Removed @ActiveProfiles("test") annotations from multiple test classes.
src/test/java/com/example/solidconnection/support/{RedisTestContainer.java, TestContainerSpringBootTest.java}	Updated Redis container setup: RedisTestContainer now implements ApplicationContextInitializer with static container start and property initialization; TestContainerSpringBootTest uses @ContextConfiguration(initializers = RedisTestContainer.class) and revised imports.
src/test/resources/application.yml	Introduced a new configuration file with settings for database, cloud, OAuth, Sentry, JWT, CORS, and additional application properties.
src/test/java/com/example/solidconnection/e2e/ApplicantsQueryTest.java	Modified API endpoints from /applications to /applications/competitors and updated the expected response structures.
src/.../entity/common/BaseEntity.java	Adjusted onPrePersist and onPreUpdate to truncate timestamps to microseconds using ChronoUnit.MICROS.

Sequence Diagram(s)

sequenceDiagram
    participant PR as "GitHub PR"
    participant CI as "CI Workflow"
    participant Code as "Repository Code"
    participant Build as "Gradle Build"
    PR->>CI: PR event on develop/release/master
    CI->>Code: Checkout repository
    CI->>CI: Set up JDK 17 (Temurin)
    CI->>CI: Install Gradle
    CI->>Build: Execute './gradlew build'
    Build-->>CI: Return build & test reports
    CI->>PR: Report outcome

Loading

sequenceDiagram
    participant Context as "Spring Application Context"
    participant RTC as "RedisTestContainer"
    participant Env as "Application Environment"
    Context->>RTC: Call initialize()
    RTC->>RTC: Start Redis container on port 6379
    RTC->>Context: Set Redis properties via TestPropertyValues
    Context-->>RTC: Continue with test initialization

Loading

Poem

In my burrow of bytes, I've hopped into change,
CI wheels spin and tests rearrange.
Keys now spring from properties so keen,
As containers start with a fresh new scene.
I nibble on configs with a joyful heart—
CodeRabbit cheers for a hoppy restart! 🥕🌙

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Free

📥 Commits

Reviewing files that changed from the base of the PR and between 0960ce0 and 8c45739.

📒 Files selected for processing (1)

• src/main/java/com/example/solidconnection/entity/common/BaseEntity.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/com/example/solidconnection/entity/common/BaseEntity.java

---

Note

🎁 Summarized by CodeRabbit Free

Your organization has reached its limit of developer seats under the Pro Plan. For new users, CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please add seats to your subscription by visiting https://app.coderabbit.ai/login.If you believe this is a mistake and have available seats, please assign one to the pull request author through the subscription management page using the link above.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This pull request updates test configurations and container setups while introducing modifications to client secret generation for Apple OAuth. Key changes include:

• Adding a new application.yml configuration file for test resources.
• Removing the usage of @activeprofiles("test") in favor of more explicit container initializers and context configurations.
• Refactoring AppleOAuthClientSecretProvider to generate the private key using a secret key from properties rather than reading from a file.

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/test/resources/application.yml	Adds configuration for database, cloud, OAuth, and other test-specific settings.
src/test/java/com/example/solidconnection/support/TestContainerSpringBootTest.java	Replaces @activeprofiles with @ContextConfiguration and refactors test container imports.
src/test/java/com/example/solidconnection/support/TestContainerDataJpaTest.java	Removes the ActiveProfiles test annotation to streamline test context setup.
src/test/java/com/example/solidconnection/support/RedisTestContainer.java	Modifies the container startup using a static block and implements ApplicationContextInitializer.
src/test/java/com/example/solidconnection/support/DatabaseCleaner.java, RedisConnectionTest.java, DatabaseConnectionTest.java	Removes ActiveProfiles annotations.
src/test/java/com/example/solidconnection/community/comment/service/CommentServiceTest.java	Adjusts timestamp assertions using withNano(0) to compare datetimes consistently.
src/main/java/com/example/solidconnection/config/client/AppleOAuthClientProperties.java	Introduces a new property for secretKey to support OAuth client secret generation.
src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java	Refactors private key generation to use the secret key from properties and adapts exception handling.
.github/workflows/ci.yml	Adds a CI workflow for building the project with Gradle on pull requests.

Comments suppressed due to low confidence (1)

src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java:63

• The error code 'FAILED_TO_READ_APPLE_PRIVATE_KEY' is misleading as the private key is now generated from properties rather than read from a file. Consider updating this error code and its corresponding message to reflect the new implementation.

throw new CustomException(FAILED_TO_READ_APPLE_PRIVATE_KEY);

[qodo-code-review]

Qodo Merge was enabled for this repository. To continue using it, please link your Git account with your Qodo account here.

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 PR contains tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Exception Handling The catch block in generatePrivateKey() catches specific exceptions but throws a generic CustomException. Consider logging the original exception details for better debugging. } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new CustomException(FAILED_TO_READ_APPLE_PRIVATE_KEY); Resource Management The Redis container is started in a static block but there's no mechanism to stop it after tests complete, which could lead to resource leaks. static { CONTAINER.start(); }

[qodo-code-review]

Qodo Merge was enabled for this repository. To continue using it, please link your Git account with your Qodo account here.

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix PostConstruct method visibility The @PostConstruct method should not be declared as private according to Java specifications. While it may work in some environments, it's not guaranteed to be invoked in all JVM implementations. Change the method visibility to public or remove the access modifier entirely. src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java [36-39] @PostConstruct -private void initPrivateKey() { +public void initPrivateKey() { privateKey = generatePrivateKey(); } Apply this suggestion Suggestion importance[1-10]: 8 __ Why: Using private visibility with @PostConstruct is against Java specifications and could lead to the method not being invoked in some JVM implementations. This is a legitimate issue that could cause runtime failures, making this a high-impact suggestion.	Medium
General	Rename method for clarity The method name generatePrivateKey() is misleading as it doesn't actually generate a new key but rather loads an existing one from properties. Rename it to loadPrivateKey() to better reflect its actual functionality. src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java [56-66] -private PrivateKey generatePrivateKey() { +private PrivateKey loadPrivateKey() { try { String secretKey = appleOAuthClientProperties.secretKey(); byte[] encoded = Base64.decodeBase64(secretKey); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded); KeyFactory keyFactory = KeyFactory.getInstance("EC"); return keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw new CustomException(FAILED_TO_READ_APPLE_PRIVATE_KEY); } } Apply this suggestion Suggestion importance[1-10]: 7 __ Why: The method name "generatePrivateKey()" is indeed misleading as it doesn't generate a new key but loads an existing one from properties. Renaming to "loadPrivateKey()" would improve code clarity and maintainability by accurately reflecting the method's purpose.	Medium
	✅ Add test results publishing Suggestion Impact: The commit implemented test results publishing as suggested, but used a different action (dorny/test-reporter instead of EnricoMi/publish-unit-test-result-action) with slightly different configuration code diff: + - name: Test Report + uses: dorny/test-reporter@v2 + if: success() || failure() + with: + name: JUnit Tests + path: build/test-results/test/*.xml + reporter: java-junit The CI workflow doesn't include any step to publish test results, which makes it harder to diagnose failures. Add a step to publish test results as GitHub checks for better visibility of test outcomes. .github/workflows/ci.yml [30-31] - name: Build with Gradle Wrapper run: ./gradlew build + +- name: Publish Test Results + uses: EnricoMi/publish-unit-test-result-action@v2 + if: always() + with: + files: "**/build/test-results/**/*.xml" [Suggestion has been applied] Suggestion importance[1-10]: 6 __ Why: Adding test result publishing to the CI workflow would improve visibility of test outcomes and make it easier to diagnose failures. This is a valuable enhancement to the development workflow, though not critical to the application's functionality.	Low
Update

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (8)

src/main/java/com/example/solidconnection/config/client/AppleOAuthClientProperties.java (1)

13-14: Add comma after keyId field and add Javadoc for the new property

The addition of the secretKey field is correctly implemented syntactically. However, you should consider adding documentation to explain the purpose and expected format of this new field, especially since it appears to store sensitive information based on the application.yml configuration.

        String clientId,
        String teamId,
-        String keyId,
-        String secretKey
+        String keyId,
+        /** The private key for Apple OAuth in base64 encoded format */
+        String secretKey

.github/workflows/ci.yml (2)

1-31: Good implementation of CI workflow with room for improvement

The CI workflow looks good overall. It correctly sets up JDK 17, Gradle, and runs the build process. However, there are a few improvements that could be made:

1. Add caching for Gradle dependencies to speed up subsequent builds:

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4
+       with:
+         cache-read-only: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/develop' && github.ref != 'refs/heads/release' }}

2. Add test result reporting for better visibility of test failures:

      - name: Build with Gradle Wrapper
        run: ./gradlew build
+
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v3
+        if: success() || failure()
+        with:
+          report_paths: '**/build/test-results/test/TEST-*.xml'

---

3-5: Consider adding workflow_dispatch trigger for manual runs

Currently, the workflow only runs on pull requests. Adding a workflow_dispatch trigger would allow for manual execution when needed.

on:
  pull_request:
    branches: [ "develop", "release", "master" ]
+  workflow_dispatch:

src/test/resources/application.yml (5)

9-17: Reconsider using "create" for ddl-auto in test environment

Using ddl-auto: create will recreate the schema every time the application starts. For tests, consider using create-drop instead to ensure a clean state between test runs.

  jpa:
    hibernate:
-      ddl-auto: create
+      ddl-auto: create-drop
    generate-ddl: true
    show-sql: true

---

67-70: Improve security for JWT secret

The JWT secret should be more complex and ideally loaded from an environment variable, even in test environments.

jwt:
  secret:
-    1234567-1234-1234-1234-12345678901
+    ${JWT_SECRET:a-more-complex-default-secret-for-testing-purposes-only-do-not-use-in-production}

---

23-26: Use placeholder values for AWS credentials

Even though these are test credentials, it's better to use clearly labeled placeholder values to prevent accidental usage of these values in other environments.

  aws:
    credentials:
-      access-key: access-key
-      secret-key: access-key
+      access-key: test-access-key
+      secret-key: test-secret-key

---

47-59: Structure OAuth configuration consistently

The Kakao OAuth configuration is not properly indented, making it inconsistent with the Apple OAuth configuration.

oauth:
  apple:
    token-url: "https://appleid.apple.com/auth/token"
    client-secret-audience-url: "https://appleid.apple.com"
    public-key-url: "https://appleid.apple.com/auth/keys"
    client-id: client-id
    team-id: team-id
    key-id: key-id
    redirect-url: "https://localhost:8080/auth/apple"
    secret-key: MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAfGIQ3TtNYAZG7i3m72odmdhfymkM9wAFg2rEL2RKUEA==
-kakao:
-    redirect-url: "http://localhost:8080/auth/kakao"
-    client-id: client-id
-    token-url: "https://kauth.kakao.com/oauth/token"
-    user-info_url: "https://kapi.kakao.com/v2/user/me"
+  kakao:
+    redirect-url: "http://localhost:8080/auth/kakao"
+    client-id: client-id
+    token-url: "https://kauth.kakao.com/oauth/token"
+    user-info_url: "https://kapi.kakao.com/v2/user/me"

🧰 Tools

🪛 Gitleaks (8.21.2)

54-54: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

55-59: Fix typo in Kakao OAuth user info URL property name

There's a typo in the property name: user-info_url should be either user-info-url (kebab-case) or user_info_url (snake_case), but not a mix of both.

kakao:
    redirect-url: "http://localhost:8080/auth/kakao"
    client-id: client-id
    token-url: "https://kauth.kakao.com/oauth/token"
-    user-info_url: "https://kapi.kakao.com/v2/user/me"
+    user-info-url: "https://kapi.kakao.com/v2/user/me"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2117baa and 2e0aca4.

📒 Files selected for processing (11)

• .github/workflows/ci.yml (1 hunks)
• src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java (3 hunks)
• src/main/java/com/example/solidconnection/config/client/AppleOAuthClientProperties.java (1 hunks)
• src/test/java/com/example/solidconnection/community/comment/service/CommentServiceTest.java (2 hunks)
• src/test/java/com/example/solidconnection/database/DatabaseConnectionTest.java (0 hunks)
• src/test/java/com/example/solidconnection/database/RedisConnectionTest.java (0 hunks)
• src/test/java/com/example/solidconnection/support/DatabaseCleaner.java (0 hunks)
• src/test/java/com/example/solidconnection/support/RedisTestContainer.java (1 hunks)
• src/test/java/com/example/solidconnection/support/TestContainerDataJpaTest.java (0 hunks)
• src/test/java/com/example/solidconnection/support/TestContainerSpringBootTest.java (2 hunks)
• src/test/resources/application.yml (1 hunks)

💤 Files with no reviewable changes (4)

• src/test/java/com/example/solidconnection/database/RedisConnectionTest.java
• src/test/java/com/example/solidconnection/support/DatabaseCleaner.java
• src/test/java/com/example/solidconnection/support/TestContainerDataJpaTest.java
• src/test/java/com/example/solidconnection/database/DatabaseConnectionTest.java

🧰 Additional context used

🪛 Gitleaks (8.21.2)

src/test/resources/application.yml

54-54: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build

🔇 Additional comments (10)

src/test/java/com/example/solidconnection/support/TestContainerSpringBootTest.java (1)

16-20:

Details

❓ Verification inconclusive

Verify Redis configuration after changing how the container is initialized

The test configuration has been modified to use RedisTestContainer as an initializer instead of importing it directly. This is a good approach for container initialization, but ensure that all tests dependent on this annotation still work correctly with the new configuration.

---

🏁 Script executed:

#!/bin/bash
# Check for Redis-dependent tests that might be affected by this change
echo "Searching for tests using Redis..."
rg -l "RedisTestContainer|TestContainerSpringBootTest" --type java src/test

Length of output: 2321

---

Action Required: Validate Redis Container Initialization in All Affected Tests

The test configuration now uses RedisTestContainer as a context initializer instead of importing it directly, which is a good approach for container initialization. However, the grep results show that several tests reference RedisTestContainer (e.g., in GeneralUniversityRecommendServiceTest.java, RedisTestContainer.java, and others). Please verify that every test dependent on Redis is correctly initialized and functions as expected with this change.

• Confirm that tests under src/test/java/com/example/solidconnection/support/ and other Redis-related tests (listed in the grep output) execute properly.
• Double-check integration flows that rely on Redis to ensure no unintended side effects occurred from the altered initialization strategy.

src/test/java/com/example/solidconnection/community/comment/service/CommentServiceTest.java (2)

74-77: Improved timestamp comparison for robust testing

The modification to ignore nanoseconds in timestamp comparisons is a good practice. This prevents test failures due to minor precision differences that aren't functionally relevant.

---

94-97: Consistent timestamp assertion pattern applied to child comments

Good consistency in applying the same nanosecond-ignoring pattern to child comment timestamp assertions, ensuring all timestamp comparisons are equally robust.

src/main/java/com/example/solidconnection/auth/client/AppleOAuthClientSecretProvider.java (4)

13-15: Improved exception handling with specific exception imports

Adding specific exception imports enhances code clarity for the exception handling in the private key generation method.

---

22-22: Grammar correction in documentation comment

Minor grammatical improvement in the Korean documentation comment.

---

38-38: Method name change reflects new implementation approach

Changed from readPrivateKey() to generatePrivateKey() to better reflect the actual implementation that no longer reads from a file.

---

56-66: Refactored key generation to use property-based configuration

This is a significant improvement that:

1. Eliminates file I/O operations which could fail due to file access issues
2. Makes configuration more flexible through property-based approach
3. Improves security by not requiring key files on disk
4. Provides more precise exception handling

The implementation is clean and properly handles potential exceptions.

src/test/java/com/example/solidconnection/support/RedisTestContainer.java (3)

3-8: Improved test container initialization through ApplicationContextInitializer

This change adopts a more programmatic approach to test container initialization by implementing the ApplicationContextInitializer interface, giving more control over the container lifecycle.

---

10-16: Simplified container configuration with explicit port mapping

The new approach:

1. Defines a constant for the original Redis port
2. Configures the container with explicit port exposure
3. Uses a static initialization block for immediate container startup

This provides clearer and more deterministic container configuration.

---

18-24: Programmatic property injection for Redis test configuration

The implementation of the initialize method uses TestPropertyValues to inject Redis host and port settings directly into the application context, making the test configuration more explicit and closely tied to the container lifecycle.

[coderabbitai]

⚠️ Potential issue

Security risk: Private key exposed in the configuration file

The secret-key property for Apple OAuth contains what appears to be a base64-encoded private key directly in the configuration file. Even for a test environment, it's a security risk to include private keys in source code.

Consider using environment variables or a secure vault solution even for test environments:

-    secret-key: MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAfGIQ3TtNYAZG7i3m72odmdhfymkM9wAFg2rEL2RKUEA==
+    secret-key: ${APPLE_SECRET_KEY:test-key}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	secret-key: MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCAfGIQ3TtNYAZG7i3m72odmdhfymkM9wAFg2rEL2RKUEA==
	secret-key: ${APPLE_SECRET_KEY:test-key}

🧰 Tools

🪛 Gitleaks (8.21.2)

54-54: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)