CI/CD Testing
Run Wocha auth tests in CI with the offline emulator, test-mode API keys, and @wocha/testing
Wocha supports fully automated auth testing in CI pipelines without touching production tenants or live user data. Combine the offline auth emulator, test-mode API keys, and @wocha/testing utilities for reliable, repeatable builds.
Overview
| Approach | Best for | Requires cloud |
|---|---|---|
wocha emulator | OAuth flows, SDK integration tests, E2E | No |
wocha_test_ API keys | Customer API / management SDK tests against cloud | Yes (sandboxed) |
@wocha/testing | Unit tests, component tests, webhook fixtures | No |
Most teams use the emulator for auth flow tests and test-mode keys when CI must exercise the real Customer API.
Quick start: emulator in CI
The auth emulator runs entirely on the CI runner — no Docker, no internet, no cloud credentials.
Pre-seeded credentials:
- Email:
test@example.com - Password:
password123
GitHub Actions example
See GitHub Actions integration for a reusable composite action and matrix testing across frameworks.
Using @wocha/testing
Install the testing utilities in your dev dependencies:
Mock provider for React / Next.js
Wrap components under test with a mock auth context — no network calls required:
Playwright / Cypress
Use session helpers to seed authenticated browser state without walking through OAuth on every test:
Webhook fixtures
Generate signed webhook payloads for handler unit tests:
Test-mode API keys in CI
Test-mode keys use the wocha_test_ prefix and are automatically scoped to your tenant's test environment. They cannot access live production data.
Create a test key
Via the Console → Settings → API Keys, choose Test mode when creating a key.
Via the Customer API:
Store the returned wocha_test_… value as a CI secret (e.g. WOCHA_TEST_API_KEY).
Use in CI
Test keys set testMode: true on the request context server-side, ensuring mutations and reads stay within the test environment.
Environment variable reference
| Variable | Description |
|---|---|
WOCHA_EMULATOR | Set to true to route SDK auth to the local emulator |
WOCHA_EMULATOR_URL | Emulator base URL (default: http://127.0.0.1:4400) |
WOCHA_CLIENT_ID | OAuth client ID (wocha-emulator for the CLI emulator) |
WOCHA_CLIENT_SECRET | OAuth client secret |
WOCHA_ISSUER | Overridden automatically when emulator mode is active |
WOCHA_TEST_API_KEY | Convention for storing a wocha_test_ key in CI secrets |
Recommendations
- Prefer the emulator for OAuth and SDK flow tests — it is faster and requires no secrets.
- Use test-mode keys when CI must validate against the real Customer API (webhooks, org management, etc.).
- Never commit secrets — use your CI provider's secret store for
wocha_test_andwocha_mgmt_keys. - Wait for health — poll
/api/v1/healthbefore running tests against the emulator. - Isolate test data — test keys are scoped to the test environment; keep live keys out of CI entirely.