feat: Load .env.*.local envs
#55
Conversation
|
This would be super useful to have for local development with serverless-offline as that plugin no longer automatically sets an dherault/serverless-offline#959 So being able to set it manually in a |
|
hi @danilofuchs. I’m not that familiar with the CRA recommendations and it seems counter intuitive to me though I looked into it. I’m not wrapping my head around the benefits but it seems most of the purported benefits have to do with client side app bundling. For serverless apps I’m not seeing where there would be similar benefits but rather see that as highly insecure. I apologize for not understanding but can you clear this up more for me? Thanks. |
User StoryAs a developer working on a project with my team of 5 developers, I share common development envs, such as endpoint URLs, non-sensitive configuration data for a third party integration and default feature toggles in an My own use caseI need to set some shared (commited) env vars in a In this file, I do not commit any credentials. However, when working locally some things must be overwritten. For instance, I need to change the port of a local server endpoint as it conflicts with other projects only I use on my machine. I store all production credentials on SSM. But, they are not available on a local environment. It is possible to default the credentials to a env value, but it is unwise to commit these credentials to The current alternative is to not commit and
This approach was actually first proposed and addopted in Rails, a monolithic server-side framework.
My use case states that credentials are not commited to the repo. This is exactly why I agree this may not be the usual way of handling envs, and as such I think it is fair to put this feature behind a flag or enable it via the paths parameter. We can discuss how to better conciliate this behaviour. I hope I made myself clear! |
|
I think I'm starting to get it knowing that I often struggle with the same thing. Project variables are split between secrets and general configuration, especially for local development. The standard convention has been to put both inside a single env file that does not get committed. There needs to be a way to commit env files for config/non-secret variables and exclude env files for secrets only. Basically, you need to parse two env files instead of one. The dotenv library does not really have a way to parse multiple env files but your code change maps over the available files then use dotenv to parse each of them one at a time. Would you mind setting up an example app in the PR under the examples folder that demonstrates what files will get committed and which ones will not? |
|
I think the thing that is tripping me up is the naming convention of the files. The |
|
I believe this could be a breaking change since it always loads the |
I totally get what you mean. I think that, as this is the standard approach on other widely used libs, I would rather keep it consistent. What do you propose as an alternative? |
|
Apparently, Symfony and Vue CLI also adopt the same approach https://symfony.com/doc/current/configuration/dot-env-changes.html |
I wasn't suggesting an alternative. I definitely prefer to stick to community conventions. |
|
It looks like next.js has recently adopted the same convention, too. |
|
@colynb can we move along with this PR? You mentioned I could create an example app, but honestly I don't know the best way to show the user which files must be commited if I need to commit the example to this repo. I could write a Readme inside the example folder and commit the .local files with comments stating these files should be in gitignore... |
|
Note: This will conflict with the changes in #48 |
That's ok. I can take care of this release but probably not until this weekend. I do think it's an important release so know that I will not drop it. Also, I think it is more important than the changes in #48 which I will do after this one. Thanks for your patience. |
|
Ah yes, this will be super helpful! |
|
Respectfully bumping this again I'm going live with something next week and would love to get off @danilofuchs's branch and back onto the mainline before that happens – is there anything the community can help with? 🙏 |
|
@danilofuchs would you have some time today to pair program with me to get this released? I could really use a 2nd pair of eyes. |
Sure thing! |
|
@danilofuchs THANK YOU for your help, I'm really glad we did the call! |
Really happy to be able to contribute! Keep up with the great work, the open source community grows a lot when people take their time to make projects go forward. 🚀 |
|
I published version 3.0 to npm :-D
I also created a new page on my site for the changelog.
https://colyn.dev/serverless-dotenv-plugin-changelog/
…On Fri, Jul 24, 2020 at 4:50 PM Danilo Campana Fuchs < ***@***.***> wrote:
@danilofuchs <https://github.com/danilofuchs> *THANK YOU* for your help,
I'm really glad we did the call!
Really happy to be able to contribute! Keep up with the great work, the
open source community grows a lot when people take their time to make
projects go forward. 🚀
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#55 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIAEJFPHJMT3BLR3Q2JTELR5IM5HANCNFSM4ML4JZ5A>
.
--
---
*"A man who dares to waste one hour of time has not discovered the value of
life." -- **Charles Darwin*
|
Closes #54 (allows local env files)
Addresses #29 (allows
config.pathto be an array)My approach automatically resolves env files in the following order (forked from create-react-app):
.env: Default..env.local: Local overrides. This file is loaded for all environments except test..env.development,.env.test,.env.production: Environment-specific settings..env.development.local,.env.test.local,.env.production.local: Local overrides of environment-specific settings.Users are advised to commit
.env*to their repos, except for.env.*.local.This, however, introduces a breaking change, since
.envfile will always be loaded in any environment.I can enable this feature behind a flag, if you think it's a safer option.