Ensure envify templates aren't polluted by existing env

Setting `GITHUB_TOKEN` as in the docs results in reusing the existing `GITHUB_TOKEN` since `gh` returns that env var if it's set: ```bash GITHUB_TOKEN=junk gh config get -h github.com oauth_token junk ``` Using the original env ensures that the templates will be evaluated the same way regardless of whether envify had been previously invoked.
2024-06-25 10:48:31 -07:00
parent 9a1379be6c
commit 13409ada5a
3 changed files with 48 additions and 12 deletions
--- a/lib/kamal/cli/base.rb
+++ b/lib/kamal/cli/base.rb
@@ -25,12 +25,17 @@ module Kamal::Cli
    def initialize(*)
      super
      @original_env = ENV.to_h.dup
-      load_envs
+      load_env
      initialize_commander(options_with_subcommand_class_options)
    end

    private
-      def load_envs
+      def reload_env
+        reset_env
+        load_env
+      end
+
+      def load_env
        if destination = options[:destination]
          Dotenv.load(".env.#{destination}", ".env")
        else
@@ -38,10 +43,27 @@ module Kamal::Cli
        end
      end

-      def reload_envs
+      def reset_env
+        replace_env @original_env
+      end
+
+      def replace_env(env)
        ENV.clear
-        ENV.update(@original_env)
-        load_envs
+        ENV.update(env)
+      end
+
+      def with_original_env
+        keeping_current_env do
+          reset_env
+          yield
+        end
+      end
+
+      def keeping_current_env
+        current_env = ENV.to_h.dup
+        yield
+      ensure
+        replace_env(current_env)
      end

      def options_with_subcommand_class_options
--- a/lib/kamal/cli/main.rb
+++ b/lib/kamal/cli/main.rb
@@ -191,10 +191,12 @@ class Kamal::Cli::Main < Kamal::Cli::Base
    end

    if Pathname.new(File.expand_path(env_template_path)).exist?
-      File.write(env_path, ERB.new(File.read(env_template_path), trim_mode: "-").result, perm: 0600)
+      # Ensure existing env doesn't pollute template evaluation
+      content = with_original_env { ERB.new(File.read(env_template_path), trim_mode: "-").result }
+      File.write(env_path, content, perm: 0600)

      unless options[:skip_push]
-        reload_envs
+        reload_env
        invoke "kamal:cli:env:push", options
      end
    else