From cec0cc57cabd2d5ccc3e27084abe0151d9ad5207 Mon Sep 17 00:00:00 2001
From: Vlada Dusek <v.dusek96@gmail.com>
Date: Sun, 22 Feb 2026 09:22:22 +0100
Subject: [PATCH 1/2] ci: Fix integration tests failing on fork PRs

The integration tests were failing on fork PRs with "Secret
APIFY_TEST_USER_PYTHON_SDK_API_TOKEN is required, but not provided"
because GitHub validates required secrets of nested reusable workflows
at compile time, before evaluating job-level `if` conditions.

Inline the integration test steps directly in _tests.yaml instead of
calling the external reusable workflow. Regular job steps that reference
secrets just get empty strings for fork PRs (no compile-time validation),
and the `if` condition properly skips the job.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/_tests.yaml | 61 +++++++++++++++++++++++++++++------
 1 file changed, 51 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/_tests.yaml b/.github/workflows/_tests.yaml
index 0fce88bd..4f45dfa4 100644
--- a/.github/workflows/_tests.yaml
+++ b/.github/workflows/_tests.yaml
@@ -14,7 +14,6 @@ jobs:
   unit_tests:
     name: Unit tests
     uses: apify/workflows/.github/workflows/python_unit_tests.yaml@main
-    secrets: inherit
     with:
       python_versions: '["3.11", "3.12", "3.13", "3.14"]'
       operating_systems: '["ubuntu-latest", "windows-latest"]'
@@ -22,18 +21,60 @@ jobs:
       operating_system_for_codecov: ubuntu-latest
       tests_concurrency: "16"
 
+  # Integration tests are inlined (not calling the reusable workflow) to avoid
+  # GitHub's compile-time secret validation for nested reusable workflows, which
+  # fails on fork PRs where repo secrets are not available.
   integration_tests:
     name: Integration tests
     if: >-
       ${{
         (github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login == 'apify') ||
-        (github.event_name == 'push' && github.ref == 'refs/heads/master')
+        (github.event_name == 'push' && github.ref == 'refs/heads/master') ||
+        github.event_name == 'workflow_dispatch'
       }}
-    uses: apify/workflows/.github/workflows/python_integration_tests.yaml@main
-    secrets: inherit
-    with:
-      python_versions: '["3.11", "3.14"]'
-      operating_systems: '["ubuntu-latest"]'
-      python_version_for_codecov: "3.14"
-      operating_system_for_codecov: ubuntu-latest
-      tests_concurrency: "16"
+    concurrency:
+      group: integration_tests
+    strategy:
+      matrix:
+        os: ["ubuntu-latest"]
+        python-version: ["3.11", "3.14"]
+      max-parallel: 1
+    runs-on: ${{ matrix.os }}
+    env:
+      TESTS_CONCURRENCY: "1"
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Set up uv package manager
+        uses: astral-sh/setup-uv@v7
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install Python dependencies
+        run: uv run poe install-dev
+
+      - name: Run integration tests
+        run: uv run poe integration-tests-cov
+        env:
+          APIFY_TEST_USER_API_TOKEN: ${{ secrets.APIFY_TEST_USER_PYTHON_SDK_API_TOKEN }}
+          APIFY_TEST_USER_2_API_TOKEN: ${{ secrets.APIFY_TEST_USER_2_API_TOKEN }}
+
+      - name: Upload integration test coverage
+        if: >-
+          ${{
+            matrix.os == 'ubuntu-latest' &&
+            matrix.python-version == '3.14' &&
+            env.CODECOV_TOKEN != ''
+          }}
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ env.CODECOV_TOKEN }}
+          files: coverage-integration.xml
+          flags: integration

From 3a6d39ce181e8f467d7990837ffa2e6906f538ea Mon Sep 17 00:00:00 2001
From: Vlada Dusek <v.dusek96@gmail.com>
Date: Fri, 6 Mar 2026 11:26:33 +0100
Subject: [PATCH 2/2] Update

---
 .github/workflows/_tests.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/_tests.yaml b/.github/workflows/_tests.yaml
index 4f45dfa4..37bceaf2 100644
--- a/.github/workflows/_tests.yaml
+++ b/.github/workflows/_tests.yaml
@@ -21,28 +21,28 @@ jobs:
       operating_system_for_codecov: ubuntu-latest
       tests_concurrency: "16"
 
-  # Integration tests are inlined (not calling the reusable workflow) to avoid
-  # GitHub's compile-time secret validation for nested reusable workflows, which
-  # fails on fork PRs where repo secrets are not available.
+  # Integration tests are inlined (not calling the reusable workflow) to avoid GitHub's compile-time secret
+  # validation for nested reusable workflows, which fails on fork PRs where repo secrets are not available.
   integration_tests:
-    name: Integration tests
+    name: Integration tests (${{ matrix.python-version }}, ${{ matrix.os }})
     if: >-
       ${{
         (github.event_name == 'pull_request' && github.event.pull_request.head.repo.owner.login == 'apify') ||
         (github.event_name == 'push' && github.ref == 'refs/heads/master') ||
         github.event_name == 'workflow_dispatch'
       }}
-    concurrency:
-      group: integration_tests
+
     strategy:
       matrix:
         os: ["ubuntu-latest"]
         python-version: ["3.11", "3.14"]
-      max-parallel: 1
+
     runs-on: ${{ matrix.os }}
+
     env:
-      TESTS_CONCURRENCY: "1"
+      TESTS_CONCURRENCY: "16"
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v6