How do I handle env variable imports when building from within a Github Action? #7265
Replies: 12 comments 12 replies
-
| Temporary SolutionFor now I've been able to get around this by moving the app build step out of the Docker image build. dockerfile package.json scripts Further Research / NotesI tried playing around with the Vite Env Mode, and got  Unfortunately I couldn't get this to work. I'm guessing that once a SvelteKit app is built the env variables are part of the built package. I could maybe get around this by using  Idk, I'm mostly a backend dev that doesn't spend much time with JS or Vite. | 
Beta Was this translation helpful? Give feedback.
-
| Did you ever find a better solution? I have a similar problem where I've got a sveltekit app that I'm containerising with a multi-stage dockerfile. I definitely don't want to use different container images per-environment, but I'd rather not use  I could grab application variables on startup and squirt them into a static file that I reference directly, but that seems awfully manual. It seems worth a little time searching for an easier way. | 
Beta Was this translation helpful? Give feedback.
-
| Anyone that has a better solution for this? I'm currently struggling with this exact issue on my project. I've tried setting the values as Github Secrets in my workflow and other solutions but to no avail. | 
Beta Was this translation helpful? Give feedback.
-
| I overcame the errors by adding a  in my repository, and a local   | 
Beta Was this translation helpful? Give feedback.
-
| I had similar kind of problem, when with $env/static/public variables which are passed on build time. Locally I use .env file obviously, but didn't want to push it to repo. In my application I use sveltekit, github actions to build it and deploy as azure static web app. I came up with following solution: 
 Following is example in practice what yaml file looks like on build section (example environment variable is named PUBLIC_ERROR_MESSAGE) | 
Beta Was this translation helpful? Give feedback.
-
| In my workflow, I have a step that copies a  
 | 
Beta Was this translation helpful? Give feedback.
-
| All of the above approaches, as far as I can see, still end up baking in the secrets in the docker image. I ended up using  Basically, added this code as early as possible: try {
  const { env: dynamicEnv } = await import("$env/dynamic/private");
  const staticEnv = await import("$env/static/private");
  // Iterate these objects as PUBLIC_ vars are split out already
  Object.keys(staticEnv ?? {}).forEach(k => dynamicEnv[k] ??= process.env[k] ?? staticEnv[k])
  // ^^^ SAME for public vars
} catch () {}The  Separately, because I didn't want to update the usages everywhere in code to be prefixed with  import { env } from "$env/dynamic/private";
const {
	API_KEY,
} = env;I wish I didn't have to do this :( | 
Beta Was this translation helpful? Give feedback.
-
| The way environment variables seem to be handled in sveltekit is very odd to me because it almost forces you to bake all your env vars and secrets right into the build, which is kind of a big nono for both security and the ability to reuse Docker images in different environments... For example, if I wanted to have an automated pipeline that deploys a docker image to a staging environment, run e2e tests on it, then take that same image and deploy it to production I can't - I'm forced to rebuild the entire image and inject a different set of variables right into the container. Also, if anyone got a hold of my container all the secrets are cached in the build. On top of all that, I still have to use dotenv in order to build/deploy the images since the node adapter doesn't seem to support env vars out of the box, so we're not even getting huge value from using this built-in version of env var handling? I don't understand why we have regressed on a solved problem here? Why can't we have a simple interface to get an env var from a .env first then fallback to process.env on the backend, and do the same but pre-render public env vars for the front end? I don't understand why they have to be considered extra network cost when none of the other variables that sveltekit is pre-rendering are? It kind of just seems like the authors like .env files and want to force us to use them? It kind of seems like the only solution here is to use dynamic env vars and eat whatever this extra network cost is on the front end... | 
Beta Was this translation helpful? Give feedback.
-
| I think maybe we tried to be too smart about injecting the  The way I solve it was coping my  name: CI
on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  workflow_dispatch:
jobs:
  ci:
    runs-on: ubuntu-latest
    name: Test and Build
    steps:
      - uses: actions/checkout@v4
      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: 1.0.17
      - name: 🚧 Install
        run: bun install
      - name: 🏗️ Build
        run: |
          cp ./.env.example ./.env
          bun run buildI still not convinced, I want to just setup the env variables on the CI but is not possible because the prerendering throws an error, so I suppose I need to do this  | 
Beta Was this translation helpful? Give feedback.
-
| Maybe use this? 
 | 
Beta Was this translation helpful? Give feedback.
-
| I agree with @ryanovas. It's still a struggle. My approach when having a container based deployment is: 
 Currently with these limitations it's hard to reason about building and deploying SvelteKit containers. I understand that .env for "public" values is an easy abstraction to pick when developing for Front End (and what i used when developing pure FrontEnd apps), but now SvelteKit has a Front End and Back End part and that means secrets and their usage throughout the whole chain need to be in the consideration too. | 
Beta Was this translation helpful? Give feedback.
-
| Agreed with @ryanovas. Should this be made into a separate issue? How can we get movement here? Isn't this, like, a super common use case and a pretty big security concern? | 
Beta Was this translation helpful? Give feedback.

Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
My SvelteKit frontend is a microservice that's part of a larger application. I have a GitHub Action which builds and publishes my frontend as a Docker image. The action encounters this error while building the SvelteKit app:
It makes sense considering that I don't include a
.envfile in the repository. Instead I include a.env.exampleand create a real.envfile for my dev machine and production host (it gets mounted through Docker).How can I have an automated build step for my frontend without actually committing any env variables to my repo?
Beta Was this translation helpful? Give feedback.
All reactions