20626659897
78%

Ran 31 Dec 2025 08:29PM UTC

Jobs 27

Files 129

Run time 1min

Badge

Embed ▾

Committed 31 Dec 2025 08:29PM UTC coverage: 76.192%. First build

Build # 20626659897

Build Type

push

github

Committed by

web-flow

Commit Message

Add automated JWT key generation via Key Vault deployment script (#663)

* Add automated JWT key generation via Key Vault deployment script

- Add jwtkeys.bicep module to generate RSA 2048 keypair per deployment using openssl in Azure CLI container
- Store generated keys as secrets in Key Vault for auth service consumption
- Grant deployment script identity write permissions on Key Vault secrets
- Wire JWT secret URIs into Container Apps auth service environment
- Add jwtForceUpdateTag parameter to main.bicep for key regeneration control
- Create dedicated UAMI for deployment script execution with KV write access
- Fix BCP318 warnings with non-null assertions on conditional modules

Related to #647. Future enhancement tracked in #655 for Key Vault sign operations.

Signed-off-by: GitHub Copilot <copilot@github.com>

* Fix JWT key secret handling and add Key Vault provider support

- Add trap for explicit temp directory cleanup in deployment script
- Configure Container Apps to use Azure Key Vault provider directly instead of env vars
- Revert auth.json JWT keys to use secret provider (source: secret)
- Pass Key Vault name to Container Apps via AZURE_KEYVAULT_NAME env var
- Remove Key Vault secret URI parameters from Container Apps
- Add 'azurekeyvault' alias to secret provider factory
- Update jwtkeys module outputs to return Key Vault name instead of secret URIs

This ensures secrets are pulled directly from Key Vault by containers using
managed identity authentication, rather than being exposed via environment
variables. Follows security best practice of not sharing secrets via env vars.

Addresses PR review comments.

Signed-off-by: GitHub Copilot <copilot@github.com>

* Fix secret naming convention to use underscores

Revert JWT secret names from hyphenated (jwt-private-key) to underscore
convention (jwt_private_key) to match original schema and codebase standards.

Signed-off-by: GitHub Copilot <copilot@github.com>

* feat(secrets): Add automatic... (continued)

Run Details

5930 of 7783 relevant lines covered (76.19%)

0.85 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	copilot_embedding - 20626659897.1	31 Dec 2025 08:31PM UTC	3	92.0	GitHub Action Run
2	copilot_config - 20626659897.2	31 Dec 2025 08:29PM UTC	14	75.33	GitHub Action Run
3	copilot_archive_fetcher - 20626659897.3	31 Dec 2025 08:31PM UTC	9	67.49	GitHub Action Run
4	copilot_vectorstore_integration - 20626659897.4	31 Dec 2025 08:29PM UTC	8	20.29	GitHub Action Run
5	copilot_metrics - 20626659897.5	31 Dec 2025 08:31PM UTC	6	41.74	GitHub Action Run
6	summarization - 20626659897.6	31 Dec 2025 08:30PM UTC	2	90.7	GitHub Action Run
7	copilot_schema_validation_integration - 20626659897.7	31 Dec 2025 08:30PM UTC	7	40.75	GitHub Action Run
8	copilot_summarization - 20626659897.8	31 Dec 2025 08:31PM UTC	8	96.73	GitHub Action Run
9	copilot_archive_fetcher_integration - 20626659897.9	31 Dec 2025 08:30PM UTC	9	45.68	GitHub Action Run
10	copilot_auth - 20626659897.10	31 Dec 2025 08:31PM UTC	12	43.59	GitHub Action Run
11	copilot_events_integration - 20626659897.11	31 Dec 2025 08:30PM UTC	11	35.15	GitHub Action Run
12	embedding - 20626659897.12	31 Dec 2025 08:30PM UTC	2	90.17	GitHub Action Run
13	copilot_schema_validation - 20626659897.13	31 Dec 2025 08:30PM UTC	7	87.46	GitHub Action Run
14	reporting - 20626659897.14	31 Dec 2025 08:31PM UTC	2	89.97	GitHub Action Run
15	copilot_draft_diff - 20626659897.15	31 Dec 2025 08:31PM UTC	6	98.77	GitHub Action Run
16	copilot_storage_integration - 20626659897.16	31 Dec 2025 08:30PM UTC	6	36.16	GitHub Action Run
17	orchestrator - 20626659897.17	31 Dec 2025 08:30PM UTC	2	67.65	GitHub Action Run
18	copilot_reporting - 20626659897.18	31 Dec 2025 08:31PM UTC	5	73.17	GitHub Action Run
19	chunking - 20626659897.19	31 Dec 2025 08:30PM UTC	2	83.25	GitHub Action Run
20	copilot_consensus - 20626659897.20	31 Dec 2025 08:31PM UTC	3	98.67	GitHub Action Run
21	copilot_events - 20626659897.21	31 Dec 2025 08:30PM UTC	11	60.44	GitHub Action Run
22	ingestion - 20626659897.22	31 Dec 2025 08:30PM UTC	5	82.34	GitHub Action Run
23	parsing - 20626659897.23	31 Dec 2025 08:31PM UTC	7	84.27	GitHub Action Run
24	copilot_chunking - 20626659897.24	31 Dec 2025 08:30PM UTC	2	93.75	GitHub Action Run
25	copilot_logging - 20626659897.25	31 Dec 2025 08:31PM UTC	7	71.7	GitHub Action Run
26	copilot_vectorstore - 20626659897.26	31 Dec 2025 08:30PM UTC	8	71.73	GitHub Action Run
27	copilot_storage - 20626659897.27	31 Dec 2025 08:30PM UTC	6	67.51	GitHub Action Run

Alan-Jowett / CoPilot-For-Consensus / 20626659897
78%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 20626659897

Alan-Jowett / CoPilot-For-Consensus / 20626659897 78%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 20626659897

Alan-Jowett / CoPilot-For-Consensus / 20626659897
78%

README BADGES
x