DEV: do not include secrets in envrc files

Author: featheredtoast

docker_compose.go

@@ -155,14 +155,17 @@ func WriteEnvConfig(configs []config.Config, dir string) error {
 func ExportEnv(configs []config.Config) string {
 	builder := []string{}
 	// prioritize the first configs for env
+	// last write wins, so load the first config last
 	slices.Reverse(configs)
 	for _, config := range configs {
 		// Sort env within a config
 		configEnv := []string{}
 		for k, v := range config.Env {
-			val := strings.ReplaceAll(v, "\\", "\\\\")
-			val = strings.ReplaceAll(val, "\"", "\\\"")
-			configEnv = append(configEnv, "export "+k+"=\""+val+"\"")
+			if !slices.Contains(utils.KnownSecrets, k) {
+				val := strings.ReplaceAll(v, "\\", "\\\\")
+				val = strings.ReplaceAll(val, "\"", "\\\"")
+				configEnv = append(configEnv, "export "+k+"=\""+val+"\"")
+			}
 		}
 		slices.Sort(configEnv)
 		builder = append(builder, strings.Join(configEnv, "\n"))

main_test.go

@@ -62,7 +62,9 @@ var _ = Describe("Generate", func() {
 		Expect(err).To(BeNil())
 		out, err := os.ReadFile(testDir + "/.envrc")
 		Expect(err).To(BeNil())
-		Expect(string(out[:])).To(ContainSubstring("export DISCOURSE_HOSTNAME"))
+		// envrc does not export secrets since we don't build with them
+		Expect(string(out[:])).ToNot(ContainSubstring("export DISCOURSE_DB_PASSWORD"))
+		Expect(string(out[:])).To(ContainSubstring("export RAILS_ENV"))
 		out, err = os.ReadFile(testDir + "/test.yaml")
 		Expect(err).To(BeNil())
 		Expect(string(out[:])).To(ContainSubstring("DISCOURSE_DEVELOPER_EMAILS: '[email protected],[email protected]'"))
@@ -89,16 +91,6 @@ var _ = Describe("Generate", func() {
 		Expect(string(out[:])).To(ContainSubstring(`export LANG="en_US.UTF-8"
 export LANGUAGE="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"
-export DISCOURSE_DB_HOST="data"
-export DISCOURSE_DB_PASSWORD="SOME_SECRET"
-export DISCOURSE_DB_PORT=""
-export DISCOURSE_DB_SOCKET=""
-export DISCOURSE_DEVELOPER_EMAILS="[email protected],[email protected]"
-export DISCOURSE_HOSTNAME="discourse.example.com"
-export DISCOURSE_REDIS_HOST="data"
-export DISCOURSE_SMTP_ADDRESS="smtp.example.com"
-export DISCOURSE_SMTP_PASSWORD="pa$$word"
-export DISCOURSE_SMTP_USER_NAME="[email protected]"
 export LANG="en_US.UTF-8"
 export LANGUAGE="en_US.UTF-8"
 export LC_ALL="en_US.UTF-8"