feat: Allow environment variables to override config values #1332
Conversation
ghost
requested review from
| export const config = new Configstore(pkg.name); | ||
|
|
||
| class ConfigStoreWithEnvironmentVariables extends Configstore { | ||
| constructor(id, defaults = undefined, options = {}) { |
There was a problem hiding this comment.
Copied from configstore.
src/lib/user-config.ts
Outdated
| } | ||
|
|
||
| public get(key: string) { | ||
| const env_key = `SNYK_${key.replace('-', '_').toUpperCase()}` |
There was a problem hiding this comment.
We need to do a bit of string replace here so we can support things like disable-analytics which becomes SNYK_CFG_DISABLE_ANALYTICS.
mladkau
force-pushed
the
feat/config-env-value-override
branch
3 times, most recently
from
219b6f5
to
2f03ffc
Compare
|
Is it From an aesthetic point of view, the former of these is much nicer. |
|
The comment was outdated. It is The comment points out that I had to substitute hyphens in config values with underscores for equivalent environment variables because hyphens are not allowed in environment variables. |
mladkau
force-pushed
the
feat/config-env-value-override
branch
from
2f03ffc
to
2662595
Compare
src/lib/user-config.ts
Outdated
|
|
||
| public get(key: string) { | ||
| const envKey = `SNYK_CFG_${key.replace(/-/g, '_').toUpperCase()}`; | ||
| return process.env[envKey] || super.get(key); |
There was a problem hiding this comment.
Are we worried about types here?
Afaik, configstore can return types like bool or number as well, but process.env will always be a string?
There was a problem hiding this comment.
For disableSuggestions I can see the following code:
const disableSuggestions = userConfig.get('disableSuggestions');
if (disableSuggestions) {
config.disableSuggestions = disableSuggestions;
}
...
let dockerSuggestion = '';
if (options.docker && config.disableSuggestions !== 'true') {
Which suggests we look for a string here but in other cases we might not. We could try to eval the environment value but this will have security implications. We could also try to do a parseInt, parseBool here and try to parse integer and boolean values (everything which cannot be parsed would be a string). WDYT?
There was a problem hiding this comment.
Or the other way around, cast everything from configstore as String to be consistent? Currently it's not typed at all and on many places we are already doing the conversion in code…
There was a problem hiding this comment.
I've checked the places in the code which I could find and converting everything into a string or undefined should work ... (famous last words)
mladkau
force-pushed
the
feat/config-env-value-override
branch
from
2662595
to
073d679
Compare
|
I think Boost having a firedrill might make the tests fail in the moment... |
mladkau
force-pushed
the
feat/config-env-value-override
branch
3 times, most recently
from
44042b7
to
905878f
Compare
src/lib/config.ts
Outdated
| config.timeout = +timeout ? +timeout : DEFAULT_TIMEOUT; | ||
| let timeoutString = userConfig.get('timeout'); | ||
| if (timeoutString) { | ||
| let timeout = parseInt(timeoutString); |
There was a problem hiding this comment.
Wanted to make the string conversion here a bit more explicit - can remove if anyone disagrees ...
There was a problem hiding this comment.
(actually nevermind)
mladkau
force-pushed
the
feat/config-env-value-override
branch
2 times, most recently
from
2409531
to
c10fae2
Compare
mladkau
force-pushed
the
feat/config-env-value-override
branch
from
c10fae2
to
16fc432
Compare
| @@ -52,7 +52,7 @@ if (!config.org && org) { | |||
| // invalid (non-numeric) value will fallback to the default | |||
| const timeout = userConfig.get('timeout'); | |||
| if (!config.timeout) { | |||
| config.timeout = +timeout ? +timeout : DEFAULT_TIMEOUT; | |||
| config.timeout = timeout && +timeout ? +timeout : DEFAULT_TIMEOUT; | |||
There was a problem hiding this comment.
I opted in the end for this as it doesn't require too much code change and seems to be ok with the now explicit typing.
|
🎉 This PR is included in version 1.376.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
What does this PR do?
Adding a wrapper around configstore to allow environment variables to override config values.
How should this be manually tested?
You can run the following to disable suggestions:
Any background context you want to provide?
What are the relevant tickets?
https://snyksec.atlassian.net/browse/DC-881
Screenshots
Additional questions