Skip auth-dependent tests when DEEPL_AUTH_KEY is absent and wire key into CI pytest job

[Copilot]

CI was running pytest without a configured DEEPL_AUTH_KEY, causing fixture-backed test setup to instantiate deepl.Translator/DeepLClient with an empty key and fail with ValueError: auth_key must not be empty. This change keeps runtime auth validation intact and makes test/CI behavior credential-aware.

• Test fixture gating for real-server auth

  • Updated tests/conftest.py so both translator and deepl_client fixtures skip cleanly when:
    • running against a real server, and
    • DEEPL_AUTH_KEY is not configured.
  • This avoids setup-time hard failures across auth-dependent test modules.

• Auth-independent user-agent tests

  • Updated tests/test_general.py user-agent tests to use a fallback test key (TEST_AUTH_KEY) instead of direct os.environ["DEEPL_AUTH_KEY"] access.
  • Keeps these mocked HTTP tests runnable without external credentials.

• Additional direct auth-path test guards

  • Updated tests/test_cli.py runner fixture to skip when real-server auth is missing.
  • Updated tests/test_translate_text.py::test_skip_language_check to skip under the same condition.

• Workflow config for integration credentials

  • Updated .github/workflows/python-package.yml pytest step to pass:
    • DEEPL_AUTH_KEY: ${{ secrets.DEEPL_AUTH_KEY }}
  • Ensures integration-style tests can execute when the repository secret is available.

@pytest.fixture
def translator(server):
    if not server.is_mock_server and not server.auth_key:
        pytest.skip("this test requires DEEPL_AUTH_KEY for real server usage")
    return _make_translator(server)

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• api.deepl.com
  • Triggering command: /home/REDACTED/.cache/pypoetry/virtualenvs/deepl-mg71yGZ3-py3.12/bin/pytest /home/REDACTED/.cache/pypoetry/virtualenvs/deepl-mg71yGZ3-py3.12/bin/pytest (dns block)
  • Triggering command: /home/REDACTED/.cache/pypoetry/virtualenvs/deepl-mg71yGZ3-py3.12/bin/pytest /home/REDACTED/.cache/pypoetry/virtualenvs/deepl-mg71yGZ3-py3.12/bin/pytest -q tests/test_general.py tests/test_glossary.py tests/test_multilingual_glossary.py tests/test_rephrase_text.py tests/test_style_rules.py tests/test_translate_document.py tests/test_translate_text.py (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

The GitHub Actions job in repository AKB0700/deepl-python is failing because the pytest suite runs without a configured DEEPL_AUTH_KEY, but many tests instantiate deepl.Translator through shared fixtures that pass through an empty auth key. This causes ValueError: auth_key must not be empty to be raised from deepl/translator.py during test setup.

Please create a pull request that fixes the failing CI job.

Constraints and expectations:

• Preserve the validation in deepl/translator.py that rejects an empty auth key.
• Fix the test/CI behavior instead of weakening runtime auth validation.
• Prefer making auth-dependent tests skip cleanly when no real API key is configured.
• Investigate both translator and deepl_client fixtures in tests/conftest.py, since both are backed by the same auth configuration path.
• Update GitHub Actions workflow configuration if needed so integration tests can run when a secret is available.
• Keep the change minimal and targeted to the CI/test failure.

Relevant failure details:

• Workflow: .github/workflows/python-package.yml
• Failing tests include many in tests/test_general.py, tests/test_glossary.py, tests/test_multilingual_glossary.py, tests/test_rephrase_text.py, tests/test_style_rules.py, tests/test_translate_document.py, and tests/test_translate_text.py.
• Error: ValueError: auth_key must not be empty
• The failure occurs from the default test fixture path in tests/conftest.py calling into deepl.Translator(...).

Please implement the fix and open a PR with a concise title and summary.

The following is the prior conversation context from the user's chat exploration (may be truncated):

User: Please find a solution for this failing job. Use the logs, job definition, and any referenced files where the failure occurred. Keep your response focused on the solution and include code suggestions when appropriate.

Assistant: Root cause: the CI job is running the full pytest suite without providing a DeepL auth key, but many tests create a real Translator from the default config path, and Translator.__init__() hard-fails on an empty key.

Key evidence:

• Failing tests all error with ValueError: auth_key must not be empty.
• That exception is raised in deepl/translator.py at lines 95–96.
• The default translator fixture pulls auth_key from env-backed config and passes it through directly in tests/conftest.py lines 176–180, via _make_translator() in tests/conftest.py lines 138–154.
• The workflow does not set DEEPL_AUTH_KEY before running poetry run pytest in .github/workflows/python-package.yml lines 37–39.

Solution
Use one of these two fixes, depending on the intended CI behavior:

Preferred fix: only run integration tests when a key is available

These tests clearly require external credentials / server access, so gate them in CI.

Update the workflow

- name: Test with pytest
  env:
    DEEPL_AUTH_KEY: ${{ secrets.DEEPL_AUTH_KEY }}
  run: |
    poetry run pytest

If the secret is not always configured, split tests so unit tests always run and integration tests only run when the secret exists.

Example:

- name: Test unit tests
  run: |
    poetry run pytest -m "not needs_real_server"

- name: Test integration tests
  if: ${{ secrets.DEEPL_AUTH_KEY != '' }}
  env:
    DEEPL_AUTH_KEY: ${{ secrets.DEEPL_AUTH_KEY }}
  run: |
    poetry run pytest

Better test-suite fix: skip auth-dependent tests when no key is configured

Right now, many tests are not marked as requiring real credentials even though they use the shared translator fixture. That causes hard failures instead of skips.

Add a guard in the translator fixture in tests/conftest.py:

@pytest.fixture
def translator(server):
    """Returns a deepl.Translator to use in all tests taking a parameter
    'translator'."""
    if not server.is_mock_server and not server.auth_key:
        pytest.skip("DEEPL_AUTH_KEY is required for tests using the real API")
    return _make_translator(server)

Do the same for deepl_client if needed:

@pytest.fixture
def deepl_client(server):
    """Returns a deepl.DeepLClient to use in all tests taking a parameter
    'deepl_client'."""
    if not server.is_mock_server and not server.auth_key:
        pytest.skip("DEEPL_AUTH_KEY is required for tests using the real API")
    return _make...

</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>