fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors

[manavgup]

Summary

This PR fixes Pydantic validation errors that occur when the SKIP_AUTH secret is empty, which was causing backend deployment failures.

Problem

When the SKIP_AUTH GitHub secret is not set or is empty, the backend receives an empty string '', causing this Pydantic validation error during Code Engine application startup:

Input should be a valid boolean, unable to interpret input
[type=bool_parsing, input_value='', input_type=str]

This error prevented the backend from starting and caused deployment failures.

Solution

Added a default value 'false' to the SKIP_AUTH environment variable in the deployment workflow:

Before:

SKIP_AUTH: ${{ secrets.SKIP_AUTH }}

After:

SKIP_AUTH: ${{ secrets.SKIP_AUTH || 'false' }}

Now when the secret is empty or unset, the backend receives 'false' instead of '', which Pydantic can successfully parse as a boolean.

Changes

• .github/workflows/deploy_complete_app.yml (line 346): Added default value to SKIP_AUTH

Testing

This fix will be validated in the CI pipeline. Expected behavior:

✅ If SKIP_AUTH secret is set: Uses the configured value
✅ If SKIP_AUTH secret is empty/unset: Defaults to 'false'
✅ Backend starts successfully: No Pydantic validation errors

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Deployment fix

Related PRs

This is part of the focused PR strategy to replace PR #641:

• PR fix(backend): Backend Docker build fixes for AutoModelForImageTextToText #642: Backend Docker fixes (transformers[vision] + numpy cleanup)
• PR fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors #643 (this PR): SKIP_AUTH default value fix
• PR fix(prod): Fix production deployment configuration for make build-all and prod-start #644 (pending): Workflow Dockerfile path fix

Checklist

• Code follows the style guidelines of this project
• Change is focused and addresses a single issue
• Commit message follows conventional commits format
• No breaking changes introduced
• CI workflows will validate the change

---

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

[github-actions]

🚀 Development Environment Options

This repository supports Dev Containers for a consistent development environment.

Option 1: GitHub Codespaces (Recommended)

Create a cloud-based development environment:

1. Click the green Code button above
2. Select the Codespaces tab
3. Click Create codespace on fix/skip-auth-validation
4. Wait 2-3 minutes for environment setup
5. Start coding with all tools pre-configured!

Option 2: VS Code Dev Containers (Local)

Use Dev Containers on your local machine:

1. Install Docker Desktop
2. Install VS Code
3. Install the Dev Containers extension
4. Clone this PR branch locally
5. Open in VS Code and click "Reopen in Container" when prompted

Option 3: Traditional Local Setup

Set up the development environment manually:

# Clone the repository
git clone https://github.com/manavgup/rag_modulo.git
cd rag_modulo
git checkout fix/skip-auth-validation

# Initialize development environment
make dev-init
make dev-build
make dev-up
make dev-validate

Available Commands

Once in your development environment:

make help           # Show all available commands
make dev-validate   # Validate environment setup
make test-atomic    # Run atomic tests
make test-unit      # Run unit tests
make lint          # Run linting

Services Available

When running make dev-up:

• Backend API: http://localhost:8000
• Frontend: http://localhost:3000
• MLflow: http://localhost:5001

---

This automated message helps reviewers quickly set up the development environment.

[github-actions]

Code Review - PR #643

Summary

This PR fixes a critical Pydantic validation error that occurs during backend deployment when the SKIP_AUTH GitHub secret is empty or unset. The fix adds a default value of 'false' to prevent empty string validation errors.

---

✅ Strengths

1. Root Cause Identified: Correctly identifies that empty GitHub secrets pass empty strings ('') to environment variables, causing Pydantic's boolean parser to fail.

2. Clean Solution: The fix uses GitHub Actions' null coalescing operator (||) to provide a sensible default value, which is a standard pattern.

3. Aligns with Codebase Conventions: The fix matches the existing pattern used in docker-compose.yml:29

4. Focused PR Strategy: Part of a well-organized effort to break down PR fix: Add ICR auth for Trivy scans, improve error handling, optimize disk usage #641 into focused, reviewable chunks (PRs fix(backend): Backend Docker build fixes for AutoModelForImageTextToText #642, fix(workflow): Add SKIP_AUTH default value to prevent Pydantic validation errors #643, fix(prod): Fix production deployment configuration for make build-all and prod-start #644).

5. Clear Documentation: Excellent PR description with problem statement, solution, and testing plan.

---

🔍 Issues Found

Critical: Inconsistent Fix Across Workflows

Location: .github/workflows/deploy_code_engine.yml:105

The same issue exists in another workflow file but was not fixed in this PR. The deploy_code_engine.yml workflow will still fail with the same Pydantic validation error if SKIP_AUTH secret is empty.

Recommendation: Apply the same fix to deploy_code_engine.yml:105

---

📋 Additional Observations

1. Formatting Change: The PR also reformats the ICR_REGION ternary expression (lines 88-90) by splitting it across multiple lines. While this improves readability, it's technically unrelated to the fix.

2. Backend Configuration: The backend's Pydantic model at backend/core/config.py:286 correctly defines skip_auth with a default of False. However, Pydantic validates the input before applying the default, so an empty string still causes validation errors.

3. Security Considerations: The default value 'false' is the correct security-conscious choice. This aligns with the project's security guidelines.

4. Testing Gap: There are no automated tests that verify the behavior when SKIP_AUTH is an empty string.

---

🎯 Recommendations

Priority 1 (Blocking):

• Apply the same fix to .github/workflows/deploy_code_engine.yml:105

Priority 2 (Nice to have):

• Add a test case to verify empty string handling
• Update commit message to mention the ICR_REGION formatting change

---

📊 Code Quality Assessment

Category	Rating	Notes
Correctness	7/10	Fix works but incomplete (missing deploy_code_engine.yml)
Security	10/10	Defaults to 'false' - security-conscious
Maintainability	9/10	Clear, follows existing patterns
Testing	6/10	No automated test for this edge case
Documentation	9/10	Excellent PR description

---

🏁 Verdict

Status: ⚠️ CHANGES REQUESTED

The fix is correct and well-implemented for deploy_complete_app.yml, but the same issue exists in deploy_code_engine.yml and needs to be fixed to prevent deployment failures.

Once the deploy_code_engine.yml fix is applied, this PR will be APPROVED for merge.

---

🤖 Generated with Claude Code