home / skills / jeremylongshore / claude-code-plugins-plus-skills / clerk-ci-integration

clerk-ci-integration skill

safe

/plugins/saas-packs/clerk-pack/skills/clerk-ci-integration

This skill configures Clerk CI/CD with GitHub Actions and Playwright testing to automate authentication tests and build validation.

npx playbooks add skill jeremylongshore/claude-code-plugins-plus-skills --skill clerk-ci-integration

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

6.5 KB

---
name: clerk-ci-integration
description: |
  Configure Clerk CI/CD integration with GitHub Actions and testing.
  Use when setting up automated testing, configuring CI pipelines,
  or integrating Clerk tests into your build process.
  Trigger with phrases like "clerk CI", "clerk GitHub Actions",
  "clerk automated tests", "CI clerk", "clerk pipeline".
allowed-tools: Read, Write, Edit, Bash(gh:*)
version: 1.0.0
license: MIT
author: Jeremy Longshore <[email protected]>
---

# Clerk CI Integration

## Overview
Set up CI/CD pipelines with Clerk authentication testing.

## Prerequisites
- GitHub repository with Actions enabled
- Clerk test API keys
- npm/pnpm project configured

## Instructions

### Step 1: GitHub Actions Workflow
```yaml
# .github/workflows/test.yml
name: Test

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.CLERK_PUBLISHABLE_KEY_TEST }}
  CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY_TEST }}

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Type check
        run: npm run typecheck

      - name: Run unit tests
        run: npm test

      - name: Run integration tests
        run: npm run test:integration
        env:
          CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY_TEST }}

      - name: Build
        run: npm run build
```

### Step 2: E2E Testing with Playwright
```yaml
# .github/workflows/e2e.yml
name: E2E Tests

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  e2e:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install dependencies
        run: npm ci

      - name: Install Playwright
        run: npx playwright install --with-deps

      - name: Build application
        run: npm run build
        env:
          NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.CLERK_PUBLISHABLE_KEY_TEST }}

      - name: Run E2E tests
        run: npx playwright test
        env:
          NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.CLERK_PUBLISHABLE_KEY_TEST }}
          CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY_TEST }}
          CLERK_TEST_USER_EMAIL: ${{ secrets.CLERK_TEST_USER_EMAIL }}
          CLERK_TEST_USER_PASSWORD: ${{ secrets.CLERK_TEST_USER_PASSWORD }}

      - name: Upload test results
        uses: actions/upload-artifact@v4
        if: always()
        with:
          name: playwright-report
          path: playwright-report/
```

### Step 3: Test User Setup
```typescript
// scripts/setup-test-user.ts
import { clerkClient } from '@clerk/nextjs/server'

async function setupTestUser() {
  const client = await clerkClient()

  // Check if test user exists
  const { data: users } = await client.users.getUserList({
    emailAddress: ['[email protected]']
  })

  if (users.length === 0) {
    // Create test user
    const user = await client.users.createUser({
      emailAddress: ['[email protected]'],
      password: process.env.CLERK_TEST_USER_PASSWORD,
      firstName: 'Test',
      lastName: 'User'
    })
    console.log('Created test user:', user.id)
  } else {
    console.log('Test user already exists:', users[0].id)
  }
}

setupTestUser()
```

### Step 4: Playwright Test Configuration
```typescript
// playwright.config.ts
import { defineConfig, devices } from '@playwright/test'

export default defineConfig({
  testDir: './e2e',
  fullyParallel: true,
  forbidOnly: !!process.env.CI,
  retries: process.env.CI ? 2 : 0,
  workers: process.env.CI ? 1 : undefined,
  reporter: 'html',

  use: {
    baseURL: 'http://localhost:3000',
    trace: 'on-first-retry',
  },

  projects: [
    {
      name: 'chromium',
      use: { ...devices['Desktop Chrome'] },
    },
  ],

  webServer: {
    command: 'npm run start',
    url: 'http://localhost:3000',
    reuseExistingServer: !process.env.CI,
  },
})
```

### Step 5: Authentication Test Helpers
```typescript
// e2e/helpers/auth.ts
import { Page } from '@playwright/test'

export async function signIn(page: Page) {
  await page.goto('/sign-in')

  await page.fill('input[name="identifier"]', process.env.CLERK_TEST_USER_EMAIL!)
  await page.click('button:has-text("Continue")')

  await page.fill('input[name="password"]', process.env.CLERK_TEST_USER_PASSWORD!)
  await page.click('button:has-text("Continue")')

  // Wait for redirect to dashboard
  await page.waitForURL('/dashboard')
}

export async function signOut(page: Page) {
  await page.click('[data-clerk-user-button]')
  await page.click('button:has-text("Sign out")')
  await page.waitForURL('/')
}
```

### Step 6: Sample E2E Tests
```typescript
// e2e/auth.spec.ts
import { test, expect } from '@playwright/test'
import { signIn, signOut } from './helpers/auth'

test.describe('Authentication', () => {
  test('user can sign in and access dashboard', async ({ page }) => {
    await signIn(page)
    await expect(page).toHaveURL('/dashboard')
    await expect(page.locator('h1')).toContainText('Dashboard')
  })

  test('user can sign out', async ({ page }) => {
    await signIn(page)
    await signOut(page)
    await expect(page).toHaveURL('/')
  })

  test('unauthenticated user is redirected', async ({ page }) => {
    await page.goto('/dashboard')
    await expect(page).toHaveURL(/\/sign-in/)
  })
})
```

## Output
- GitHub Actions workflows configured
- E2E tests with Playwright
- Test user management
- CI/CD pipeline ready

## Secret Configuration

Required GitHub Secrets:
- `CLERK_PUBLISHABLE_KEY_TEST` - Test publishable key
- `CLERK_SECRET_KEY_TEST` - Test secret key
- `CLERK_TEST_USER_EMAIL` - Test user email
- `CLERK_TEST_USER_PASSWORD` - Test user password

## Error Handling
| Error | Cause | Solution |
|-------|-------|----------|
| Secret not found | Missing GitHub secret | Add secret in repo settings |
| Test user not found | User not created | Run setup script first |
| Timeout on sign-in | Slow response | Increase timeout, check network |
| Build fails | Missing env vars | Check all NEXT_PUBLIC vars set |

## Resources
- [GitHub Actions Docs](https://docs.github.com/en/actions)
- [Playwright Testing](https://playwright.dev)
- [Clerk Testing Guide](https://clerk.com/docs/testing/overview)

## Next Steps
Proceed to `clerk-deploy-integration` for deployment platform setup.

Overview

This skill configures Clerk CI/CD integration with GitHub Actions to run unit, integration, and end-to-end tests using Playwright. It includes workflows, test user management, and Playwright configuration so authentication flows are validated in CI. Use it to automate Clerk-related test coverage and keep auth regressions out of production.

How this skill works

The skill provides GitHub Actions workflows for unit/integration tests and a separate E2E workflow that installs Playwright, builds the app, and runs browser tests. It adds a test user setup script using the Clerk server SDK and Playwright helpers to sign in and sign out. Secrets are injected via GitHub repository secrets so tests run against Clerk test keys without exposing credentials.

When to use it

You want automated CI for a Clerk-protected app with GitHub Actions.
You need repeatable end-to-end tests for authentication flows using Playwright.
You need to run Clerk integration tests in pull requests and on main.
You want a reproducible test user created programmatically for E2E runs.

Best practices

Store all Clerk keys and test user credentials in GitHub Secrets and never commit them.
Run Playwright with --with-deps in CI and keep worker counts low to avoid resource contention.
Use a dedicated test user and run a setup script before E2E tests to ensure the account exists.
Add retries and limit workers in CI to reduce flakiness; enable trace on first retry for debugging.
Expose only NEXT_PUBLIC_* vars in the build environment; keep secret keys in job-level env.

Example use cases

Add a test workflow that runs type checks, unit tests, integration tests, and build on push and PR.
Run Playwright E2E tests that sign in with a Clerk test user to validate protected routes and redirects.
Create a CI job that programmatically creates or verifies a test user via the Clerk server SDK.
Upload Playwright HTML reports as artifacts for failed E2E runs to inspect failures.
Use the workflows as a template when migrating another app to Clerk authentication.

FAQ

Which GitHub secrets are required?

You need CLERK_PUBLISHABLE_KEY_TEST, CLERK_SECRET_KEY_TEST, CLERK_TEST_USER_EMAIL, and CLERK_TEST_USER_PASSWORD in repo secrets.

How do I avoid flaky E2E tests?

Limit workers in CI, add retries, increase timeouts where needed, and enable traces on first retry for diagnostics.

Can I run Playwright locally with the same config?

Yes. The Playwright config uses environment variables for CI-specific behavior; locally you can omit CI env and reuse the same config.