aio-cli
aio-cli copied to clipboard
adobe
env vars can be read in aio app dev creating confusion
Expected Behaviour
dev command mimics runtime env
Actual Behaviour
action code that references process.env can see the env used to run the app, there is no indication that this is not expected behavior so if this is discovered and used the app will break when deployed to Runtime. In some cases the value of .env will be built right into the action as webpack thinks it is doing us a favor.
We need to do a couple things potentially:
- make aio app dev use a clean env when running actions
- prevent devs from accidentally building secrets into their action code
Reproduce Scenario (including but not limited to)
Steps to Reproduce
Environment Info
System:
OS: macOS 15.4.1
CPU: (10) arm64 Apple M1 Max
Memory: 221.25 MB / 32.00 GB
Shell: 5.9 - /bin/zsh
Binaries:
Node: 18.20.4 - ~/.nvm/versions/node/v18.20.4/bin/node
Yarn: 1.22.19 - ~/.bun/bin/yarn
npm: 10.7.0 - ~/.nvm/versions/node/v18.20.4/bin/npm
Virtualization:
Docker: 20.10.17 - /usr/local/bin/docker
npmGlobalPackages:
@adobe/aio-cli: 10.3.1
