feat: support isSecret in syncEnvVars#4203
Conversation
🦋 Changeset detectedLatest commit: e084f22 The changes in this PR will be included in the next version bump. This PR includes changesets to release 27 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📜 Recent review details⏰ Context from checks skipped due to timeout. (32)
WalkthroughThis PR adds support for marking environment variables synced via 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
@trigger.dev/build
trigger.dev
@trigger.dev/core
@trigger.dev/python
@trigger.dev/react-hooks
@trigger.dev/redis-worker
@trigger.dev/rsc
@trigger.dev/schema-to-json
@trigger.dev/sdk
commit: |
What
Adds per-variable secret support to the
syncEnvVarsbuild extension. Return{ name, value, isSecret: true }and the variable is stored as a secret (redacted in the dashboard, value non-revealable), just like a manually created secret env var. Secret and non-secret variables can be mixed in one callback.How
Env vars flow through the build pipeline as a flat name→value map, and the import API's
isSecretis per-call. So secret vars are carried through the layer + manifest in parallelsecretEnv/secretParentEnvmaps, and at deploy time they go up in a secondimportEnvVarscall withisSecret: true(the plain vars in the first call). The record form ({ KEY: "value" }) is unchanged and stays non-secret.Commits
feat(core): carry secret env vars through the build layer + manifest schemafeat(build): partitionisSecretvars insyncEnvVarsfeat(cli): merge secret layers and import them withisSecret: trueat deploytest(build): cover the partitioning + documentisSecretTesting
isSecret: true) and the plain var visible.Closes TRI-11099