From 5ac10aaa015f00cc442f31e251148724d7108ca3 Mon Sep 17 00:00:00 2001
From: Jeri Lane <jeri.lane@temporal.io>
Date: Thu, 4 Jun 2026 10:46:49 -0700
Subject: [PATCH] Split unit and integration test workflows

Run integration tests in an environment with approval
---
 .github/workflows/integ.yml | 61 +++++++++++++++++++++++++++++++++++++
 .github/workflows/test.yml  | 33 +-------------------
 2 files changed, 62 insertions(+), 32 deletions(-)
 create mode 100644 .github/workflows/integ.yml

diff --git a/.github/workflows/integ.yml b/.github/workflows/integ.yml
new file mode 100644
index 0000000..e60f3df
--- /dev/null
+++ b/.github/workflows/integ.yml
@@ -0,0 +1,61 @@
+name: integration
+
+on:
+  push:
+    branches:
+      - develop
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  integration:
+    name: Integration tests
+    runs-on: ubuntu-latest
+    environment:
+      name: integration
+      deployment: true # This is required to ensure a maintainer must approve all runs
+
+    env:
+      TEMPORAL_CLOUD_SERVER: ${{ vars.TEMPORAL_CLOUD_SERVER }}
+      TEMPORAL_API_KEY: ${{ secrets.TEMPORAL_API_KEY }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: "go.mod"
+          check-latest: true
+          cache: false
+
+      - name: Validate required environment variables and secrets
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          missing=0
+
+          if [[ -z "${TEMPORAL_CLOUD_SERVER:-}" ]]; then
+            echo "::error::TEMPORAL_CLOUD_SERVER is not set or is empty"
+            missing=1
+          fi
+
+
+          # Secret: check presence ONLY, never print or echo
+          if [[ -z "${TEMPORAL_API_KEY:-}" ]]; then
+            echo "::error::TEMPORAL_API_KEY is not set or is empty"
+            missing=1
+          fi
+
+          if [[ "$missing" -ne 0 ]]; then
+            exit 1
+          fi
+
+      - name: Run integration tests
+        run: |
+          make test-integration
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 43f542c..4e57d16 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -12,13 +12,9 @@ permissions:
 
 jobs:
   test:
-    name: Unit + Integration
+    name: Unit tests
     runs-on: ubuntu-latest
 
-    env:
-      TEMPORAL_CLOUD_SERVER: ${{ vars.TEMPORAL_CLOUD_SERVER }}
-      TEMPORAL_API_KEY: ${{ secrets.TEMPORAL_API_KEY }}
-
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -30,33 +26,6 @@ jobs:
           check-latest: true
           cache: false
 
-      - name: Validate required environment variables and secrets
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          missing=0
-
-          if [[ -z "${TEMPORAL_CLOUD_SERVER:-}" ]]; then
-            echo "::error::TEMPORAL_CLOUD_SERVER is not set or is empty"
-            missing=1
-          fi
-
-
-          # Secret: check presence ONLY, never print or echo
-          if [[ -z "${TEMPORAL_API_KEY:-}" ]]; then
-            echo "::error::TEMPORAL_API_KEY is not set or is empty"
-            missing=1
-          fi
-
-          if [[ "$missing" -ne 0 ]]; then
-            exit 1
-          fi
-
       - name: Run unit tests
         run: |
           make test
-
-      - name: Run integration tests
-        run: |
-          make test-integration