Skip to content

Handle missing HUGGING_FACE_TOKEN gracefully in CI #1480

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MaxGhenis merged 1 commit into from
Jan 17, 2026
Merged

Handle missing HUGGING_FACE_TOKEN gracefully in CI #1480

MaxGhenis merged 1 commit into from
Jan 17, 2026

Conversation

@MaxGhenis
Copy link
Collaborator

@MaxGhenis MaxGhenis commented Jan 17, 2026

Summary

  • CI workflows now handle missing HUGGING_FACE_TOKEN gracefully
  • Fixes the httpx.LocalProtocolError: Illegal header value b'Bearer ' error that occurs when Dependabot PRs run without access to secrets

Problem

When Dependabot opens a PR, it doesn't have access to repository secrets. The HUGGING_FACE_TOKEN secret gets passed as an empty string, which causes:

  1. policyengine-core to return "" (empty string is not None)
  2. huggingface_hub to create a Bearer header (empty token)
  3. httpx to fail with Illegal header value

Solution

Pass the token through an intermediate env var (HF_TOKEN_VALUE) and only export it to HUGGING_FACE_TOKEN if non-empty:

if [ -n "$HF_TOKEN_VALUE" ]; then
  export HUGGING_FACE_TOKEN="$HF_TOKEN_VALUE"
fi

This allows tests that don't need microdata downloads to still pass.

Test plan

  • CI passes on this PR (won't have access to token either, ironically)
  • After merge, verify Dependabot PRs can run tests

🤖 Generated with Claude Code

@MaxGhenis @claude
Handle missing HUGGING_FACE_TOKEN gracefully in CI
2e2fcab 
Only export the token when it has a non-empty value. This prevents
the 'httpx.LocalProtocolError: Illegal header value b'Bearer '' error
that occurs when Dependabot PRs run without access to secrets.

The token is passed via an intermediate env var (HF_TOKEN_VALUE) and
only exported to HUGGING_FACE_TOKEN if non-empty, allowing tests that
don't need microdata downloads to still pass.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@MaxGhenis MaxGhenis mentioned this pull request Jan 17, 2026
Merged
3 tasks
@MaxGhenis MaxGhenis merged commit 3a9c139 into main Jan 17, 2026
3 checks passed
@MaxGhenis MaxGhenis deleted the fix/optional-huggingface-token branch January 17, 2026 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MaxGhenis