chore: refactor environment variables #234
Conversation
| }), | ||
| 30000 | ||
| ).value; | ||
| export const HIDE_QUERY_COST: boolean = |
There was a problem hiding this comment.
I don't really understand what this one was doing in the original code, but I think this functions the same.
| export default async function installSSR(app: Express) { | ||
| // @ts-ignore Next had a bad typing file, they claim `export default` but should have `export =` | ||
| // Ref: https://unpkg.com/[email protected]/dist/server/next.js |
There was a problem hiding this comment.
This and the comment at the top of this file seem to have been resolved. Also // Foo below may have been resolved 🤔 .
DylanVann
force-pushed
the
refactor-environment-variables
branch
2 times, most recently
from
daa29f1 to
78daf3a
Compare
|
I don't know that much about the docker setup. A hint about how to make sure the docker tests get Doesn't the docker version currently need the |
DylanVann
force-pushed
the
refactor-environment-variables
branch
2 times, most recently
from
5d83d70 to
12e6dca
Compare
| * Validation functions for environment variables. | ||
| * | ||
| * `name` is passed with `value` so that bundlers that replace | ||
| * process.env.MY_VAR with the value will still provide useful error messages. |
There was a problem hiding this comment.
A mini validation framework:
requireddefaultNumberminLengthparseInteger
Other options were using envalid, io-ts, etc. I think it's simple enough that isn't needed.
DylanVann
force-pushed
the
refactor-environment-variables
branch
from
12e6dca to
dbcb5d8
Compare
There was a problem hiding this comment.
Interesting approach. I'm concerned about this being easily misused; could you move most of the new variables to a new path @app/config/server so that it makes it very obvious it should not be required in the client? (You'll may need to create a server.js file that just contains module.exports = require('./dist/server.js') so you can write a src/server.ts. I'm not ready to use the fancy package.json module mapping features yet.)
This isn't a full review.
| export const fromEmail: string = `"PostGraphile Starter" <[email protected]>`; | ||
| export const awsRegion: string = "us-east-1"; | ||
| export const projectName: string = packageJson.name.replace(/[-_]/g, " "); | ||
| export const companyName: string = projectName; // For copyright ownership | ||
| export const emailLegalText: string = |
There was a problem hiding this comment.
I'm surprised the linter does not complain about unnecessary type definitions here (since they can be implied by the values).
There was a problem hiding this comment.
I'd usually go for inferred but I wanted to ensure that people changing the validators didn't accidentally do something like change the exported type from string to string | undefined without making it explicit.
|
This approach might not be the best since it enforces variables whenever Another concern is that it references all envvars in any place any of them are referenced, whereas the previous code only references the required envvars in each place (so if you just run the worker you only read the envvars relevant to the worker). This may or may not have an effect on webpacking your server/etc. It will have an effect if you only expose the envvars each service needs to that service (e.g. the server has different envvar requirements to the worker, in an advanced deployment you might like to separate these out but this would prevent you doing that). |
|
Thank you for the feedback! I'll take a second attempt at this soon. I think you're right that this ties too many things together. The different components should only validate the environment variables they need. |
|
[semi-automated message] Hi, there has been no activity in this issue for a while so I'm closing it to keep the issues/pull requests manageable. If this is still an issue, please re-open with additional details. |
Description
This is refactors environment variables so that all validation of them is done in one location (
@app/config/src/index.ts).This is only used by the server package in this PR, if accepted a followup can change the usage in other packages as well.
Performance impact
In the Express docs:
Some notes about this in relation to React SSR.
I haven't profiled as I don't think it would make a big difference, but that makes some intuitive sense.
Security impact
Developers need to be careful not to import secrets from
@app/configin client code, or their secrets could get leaked, I believe Next.js might prevent this though, by not passing through environment variables to the browser. I can check thisChecklist
yarn lint:fixpasses.yarn testpasses.RELEASE_NOTES.mdfile (if one exists).