dotenvx · Mar 29, 2024 · Apr 3, 2024 · Apr 3, 2024 · Apr 3, 2024 · Apr 4, 2024
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -177,6 +177,8 @@ jobs:
   npm:
     needs: release
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       # Setup .npmrc file to publish to npm

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,11 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v0.28.0...main)
+## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v0.29.0...main)
+
+## 0.29.0
+
+* respect order for `--env-vault-file`, `--env-file` and `--env` flags (for example: `dotenvx run --env "HELLO=one" --env-file=.env` will prioritize `--env` flag. Add `--overload` here to prioritize `--env-file` or reverse the order.). you can now mix and match multiple flags in any complex order you wish and dotenvx will respect it. ([#155](https://github.com/dotenvx/dotenvx/pull/155))
 
 ## 0.28.0
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,5 +1,5 @@
 {
-  "version": "0.28.0",
+  "version": "0.29.0",
   "name": "@dotenvx/dotenvx",
   "description": "a better dotenv–from the creator of `dotenv`",
   "author": "@motdotla",
@@ -57,6 +57,7 @@
     "tap": "^18.7.0"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   }
 }
diff --git a/src/cli/actions/run.js b/src/cli/actions/run.js
@@ -3,8 +3,7 @@ const execa = require('execa')
 const which = require('which')
 const logger = require('./../../shared/logger')
 
-const RunDefault = require('./../../lib/services/runDefault')
-const RunVault = require('./../../lib/services/runVault')
+const Run = require('./../../lib/services/run')
 
 const REPORT_ISSUE_LINK = 'https://github.com/dotenvx/dotenvx/issues/new'
 
@@ -89,77 +88,53 @@ async function run () {
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
-  // load from .env.vault file
-  if (process.env.DOTENV_KEY && process.env.DOTENV_KEY.length > 0) {
-    try {
-      const {
-        envVaultFile,
-        parsed,
-        injected,
-        preExisted,
-        uniqueInjectedKeys
-      } = new RunVault(options.envVaultFile, options.env, process.env.DOTENV_KEY, options.overload).run()
-
-      logger.verbose(`loading env from encrypted ${envVaultFile} (${path.resolve(envVaultFile)})`)
-      logger.debug(`decrypting encrypted env from ${envVaultFile} (${path.resolve(envVaultFile)})`)
-
-      // debug parsed
-      logger.debug(parsed)
-
-      // verbose/debug injected key/value
-      for (const [key, value] of Object.entries(injected)) {
-        logger.verbose(`${key} set`)
-        logger.debug(`${key} set to ${value}`)
-      }
-
-      // verbose/debug preExisted key/value
-      for (const [key, value] of Object.entries(preExisted)) {
-        logger.verbose(`${key} pre-exists (protip: use --overload to override)`)
-        logger.debug(`${key} pre-exists as ${value} (protip: use --overload to override)`)
-      }
+  const envs = this.envs
 
-      logger.successv(`injecting env (${uniqueInjectedKeys.length}) from encrypted ${envVaultFile}`)
-    } catch (error) {
-      logger.error(error.message)
-      if (error.help) {
-        logger.help(error.help)
-      }
-    }
-  } else {
+  try {
     const {
-      files,
+      processedEnvs,
+      readableStrings,
       readableFilepaths,
       uniqueInjectedKeys
-    } = new RunDefault(options.envFile, options.env, options.overload).run()
+    } = new Run(envs, options.overload, process.env.DOTENV_KEY).run()
+
+    for (const processedEnv of processedEnvs) {
+      if (processedEnv.type === 'envVaultFile') {
+        logger.verbose(`loading env from encrypted ${processedEnv.filepath} (${path.resolve(processedEnv.filepath)})`)
+        logger.debug(`decrypting encrypted env from ${processedEnv.filepath} (${path.resolve(processedEnv.filepath)})`)
+      }
 
-    for (const file of files) {
-      const filepath = file.filepath
+      if (processedEnv.type === 'envFile') {
+        logger.verbose(`loading env from ${processedEnv.filepath} (${path.resolve(processedEnv.filepath)})`)
+      }
 
-      logger.verbose(`loading env from ${filepath} (${path.resolve(filepath)})`)
+      if (processedEnv.type === 'env') {
+        logger.verbose(`loading env from string (${processedEnv.string})`)
+      }
 
-      if (file.error) {
-        if (file.error.code === 'MISSING_ENV_FILE') {
-          logger.warnv(file.error)
-          logger.help(`? in development: add one with [echo "HELLO=World" > ${filepath}] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
+      if (processedEnv.error) {
+        if (processedEnv.error.code === 'MISSING_ENV_FILE') {
+          logger.warnv(processedEnv.error)
+          logger.help(`? in development: add one with [echo "HELLO=World" > ${processedEnv.filepath}] and re-run [dotenvx run -- ${commandArgs.join(' ')}]`)
           logger.help('? for production: set [DOTENV_KEY] on your server and re-deploy')
           logger.help('? for ci: set [DOTENV_KEY] on your ci and re-build')
         } else {
-          logger.warnv(file.error)
+          logger.warnv(processedEnv.error)
         }
       } else {
         // debug parsed
-        const parsed = file.parsed
+        const parsed = processedEnv.parsed
         logger.debug(parsed)
 
         // verbose/debug injected key/value
-        const injected = file.injected
+        const injected = processedEnv.injected
         for (const [key, value] of Object.entries(injected)) {
           logger.verbose(`${key} set`)
           logger.debug(`${key} set to ${value}`)
         }
 
         // verbose/debug preExisted key/value
-        const preExisted = file.preExisted
+        const preExisted = processedEnv.preExisted
         for (const [key, value] of Object.entries(preExisted)) {
           logger.verbose(`${key} pre-exists (protip: use --overload to override)`)
           logger.debug(`${key} pre-exists as ${value} (protip: use --overload to override)`)
@@ -168,10 +143,20 @@ async function run () {
     }
 
     let msg = `injecting env (${uniqueInjectedKeys.length})`
-    if (readableFilepaths.length > 0) {
-      msg += ` from ${readableFilepaths}`
+    if (readableFilepaths.length > 0 && readableStrings.length > 0) {
+      msg += ` from ${readableFilepaths.join(', ')}, and --env flag${readableStrings.length > 1 ? 's' : ''}`
+    } else if (readableFilepaths.length > 0) {
+      msg += ` from ${readableFilepaths.join(', ')}`
+    } else if (readableStrings.length > 0) {
+      msg += ` from --env flag${readableStrings.length > 1 ? 's' : ''}`
     }
+
     logger.successv(msg)
+  } catch (error) {
+    logger.error(error.message)
+    if (error.help) {
+      logger.help(error.help)
+    }
   }
 
   // Extract command and arguments after '--'

diff --git a/src/cli/dotenvx.js b/src/cli/dotenvx.js
@@ -15,6 +15,15 @@ if (notice.update) {
   logger.warn(`Update available ${notice.packageVersion} → ${notice.latestVersion} [see changelog](dotenvx.com/changelog)`)
 }
 
+// for use with run
+const envs = []
+function collectEnvs (type) {
+  return function (value, previous) {
+    envs.push({ type, value })
+    return previous.concat([value])
+  }
+}
+
 // global log levels
 program
   .option('-l, --log-level <level>', 'set log level', 'info')
@@ -52,14 +61,19 @@ program
   .version(packageJson.version)
 
 // dotenvx run -- node index.js
+const runAction = require('./actions/run')
 program.command('run')
   .description('inject env at runtime [dotenvx run -- yourcommand]')
   .addHelpText('after', examples.run)
-  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', '.env')
-  .option('-fv, --env-vault-file <path>', 'path to your .env.vault file', '.env.vault')
-  .option('-e, --env <strings...>', 'environment variable(s) set as string (example: "HELLO=World")')
+  .option('-e, --env <strings...>', 'environment variable(s) set as string (example: "HELLO=World")', collectEnvs('env'), [])
+  .option('-f, --env-file <paths...>', 'path(s) to your env file(s)', collectEnvs('envFile'), [])
+  .option('-fv, --env-vault-file <paths...>', 'path(s) to your .env.vault file(s)', collectEnvs('envVaultFile'), [])
   .option('-o, --overload', 'override existing env variables')
-  .action(require('./actions/run'))
+  .action(function (...args) {
+    this.envs = envs
+
+    runAction.apply(this, args)
+  })
 
 // dotenvx encrypt
 program.command('encrypt')

diff --git a/src/lib/helpers/parseExpandAndEval.js b/src/lib/helpers/parseExpandAndEval.js
@@ -2,7 +2,7 @@ const dotenv = require('dotenv')
 const dotenvExpand = require('dotenv-expand')
 const dotenvEval = require('./dotenvEval')
 
-function parseExpandAndEval (src, overload) {
+function parseExpandAndEval (src) {
   // parse
   const parsed = dotenv.parse(src)
 
@@ -13,16 +13,9 @@ function parseExpandAndEval (src, overload) {
   }
   const evaled = dotenvEval.eval(inputParsed).parsed
 
-  // consider moving this logic straight into dotenv-expand
-  let evalParsed = {}
-  if (overload) {
-    evalParsed = { ...process.env, ...evaled }
-  } else {
-    evalParsed = { ...evaled, ...process.env }
-  }
   const expandPlease = {
     processEnv: {},
-    parsed: evalParsed
+    parsed: { ...process.env, ...evaled } // always treat as overload, then later in the code the inject method takes care of actually setting on process.env via overload or not. this functions job is just to determine what the value would be
   }
   const expanded = dotenvExpand.expand(expandPlease).parsed