Always send the clear env to the container

Secret and clear env variables have different lifecycles. The clear ones are part of the repo, so it makes sense to always deploy them with the rest of the repo. The secret ones are external so we can't be sure that they are up to date, therefore they require an explicit push via `envify` or `env push`. We'll keep the env file, but now it just contains secrets. The clear values are passed directly to `docker run`.
2024-03-20 16:37:09 +00:00
parent 5f58575b62
commit 49afdbb09a
17 changed files with 201 additions and 200 deletions
--- a/lib/kamal/configuration/accessory.rb
+++ b/lib/kamal/configuration/accessory.rb
@@ -42,23 +42,13 @@ class Kamal::Configuration::Accessory
  end

  def env
-    specifics["env"] || {}
-  end
-
-  def env_file
-    Kamal::EnvFile.new(env)
-  end
-
-  def host_env_directory
-    File.join config.host_env_directory, "accessories"
-  end
-
-  def host_env_file_path
-    File.join host_env_directory, "#{service_name}.env"
+    Kamal::Configuration::Env.from_config \
+      config: specifics.fetch("env", {}),
+      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env")
  end

  def env_args
-    argumentize "--env-file", host_env_file_path
+    env.args
  end

  def files
@@ -111,10 +101,10 @@ class Kamal::Configuration::Accessory
    end

    def with_clear_env_loaded
-      (env["clear"] || env).each { |k, v| ENV[k] = v }
+      env.clear.each { |k, v| ENV[k] = v }
      yield
    ensure
-      (env["clear"] || env).each { |k, v| ENV.delete(k) }
+      env.clear.each { |k, v| ENV.delete(k) }
    end

    def read_dynamic_file(local_file)