fix(setup): correct PowerShell secret generation and broaden .env ignore#157
Merged
Conversation
Fix New-HexSecret on PowerShell 7 — case-insensitive variable lookup made the $Bytes parameter and $bytes local collide, breaking secret generation. Rename the local to $secretBytes (and the parameter to $ByteCount with a back-compat -Bytes alias) so existing callers like `New-HexSecret -Bytes 24` keep working. Broaden the .env ignore rule to cover generated `.env.backup-*` files while explicitly allowlisting the three tracked templates (`.env.example`, `.env.test`, `e2e/.env.real.example`). Migrated from #156 by @mrn55. The PowerShell 7 version check from that PR was already merged separately. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Migrated from #156 by @mrn55. Two salvageable fixes — the third (PowerShell 7 version check) was already added to master separately.
setup.ps1/New-HexSecret— PowerShell variable names are case-insensitive, so the$Bytesparameter and$byteslocal collided and broke secret generation on PS7. Rename the local to$secretBytesand the parameter to$ByteCountwith a-Bytesalias so existing call sites (New-HexSecret -Bytes 24at line 914) keep working..gitignore— broaden.envignore to cover the.env.backup-YYYYMMDD-HHMMSSZfiles thatsetup.ps1/setup.shgenerate, with explicit allowlist for the three tracked templates (.env.example,.env.test,e2e/.env.real.example).Verified
git ls-files | grep '\.env'still surfaces all three tracked templates after the change.Test plan
setup.ps1on PowerShell 7 — confirm secrets generate without the case-collision errorgit statusdoes not surface.env.backup-*after a setup run.env.example,.env.test,e2e/.env.real.examplestill show ingit ls-files🤖 Generated with Claude Code