trigger.dev icon indicating copy to clipboard operation
trigger.dev copied to clipboard
Published 1 week ago verified publisher icon triggerdotdev

feat(build): add support for marking env vars as secrets in syncEnvVars

Open julienvanbeveren opened this issue 4 months ago • 2 comments

  • Added isSecret flag to SyncEnvVarsBody type
  • Updated CLI's syncEnvVarsWithServer to pass secret flags
  • Modified backend API endpoint to handle secret flags
  • Added documentation for the new feature

julienvanbeveren avatar Aug 19 '25 09:08 julienvanbeveren

🦋 Changeset detected

Latest commit: 4a13ef6140d46908e6e796d55018259ce1843848

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 23 packages
Name Type
trigger.dev Minor
@trigger.dev/build Minor
d3-chat Patch
references-d3-openai-agents Patch
references-nextjs-realtime Patch
@trigger.dev/python Minor
@trigger.dev/core Minor
@trigger.dev/react-hooks Minor
@trigger.dev/redis-worker Minor
@trigger.dev/rsc Minor
@trigger.dev/schema-to-json Minor
@trigger.dev/sdk Minor
@trigger.dev/database Minor
@trigger.dev/otlp-importer Minor
@internal/cache Patch
@internal/clickhouse Patch
@internal/redis Patch
@internal/replication Patch
@internal/run-engine Patch
@internal/schedule-engine Patch
@internal/testcontainers Patch
@internal/tracing Patch
@internal/zod-worker Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

changeset-bot[bot] avatar Aug 19 '25 09:08 changeset-bot[bot]

Walkthrough

Adds per-variable secret support across sync/import flows. New changeset added. API schema and client types gain optional secrets, parentSecrets, and parentVariables fields. The webapp import route reads body.secrets / body.parentSecrets and sets isSecret on imported variables; EnvironmentVariablesRepository.create signature now accepts isSecret. The build extension syncEnvVars accepts isSecret on items and tracks secrets and parentEnvSecrets alongside env / parentEnv. The CLI exposes and forwards secrets and parentSecrets. Some template/string formatting tweaks were also applied.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The pull request description does not follow the repository’s required template and is missing key sections such as the issue closure line, the checklist, testing steps, changelog, and screenshots. Please update the description to use the provided template by including the “Closes #” reference, the checklist items, a detailed testing section, a concise changelog entry, and any relevant screenshots.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (1 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title clearly and concisely describes the main feature introduced, specifying that support for marking environment variables as secrets has been added to the syncEnvVars function.
✨ Finishing touches
  • [ ] 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 142a6852529fd8f398ed035518f02a3002b2bd91 and 4a13ef6140d46908e6e796d55018259ce1843848.

📒 Files selected for processing (2)
  • packages/cli-v3/src/commands/deploy.ts (5 hunks)
  • packages/core/src/v3/schemas/api.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • packages/core/src/v3/schemas/api.ts
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/*.{ts,tsx}: Always prefer using isomorphic code like fetch, ReadableStream, etc. instead of Node.js specific code For TypeScript, we usually use types over interfaces Avoid enums No default exports, use function declarations

Files:

  • packages/cli-v3/src/commands/deploy.ts
🧬 Code graph analysis (1)
packages/cli-v3/src/commands/deploy.ts (1)
packages/cli-v3/src/utilities/cliOutput.ts (2)
  • isLinksSupported (7-7)
  • chalkError (24-26)
🔇 Additional comments (2)
packages/cli-v3/src/commands/deploy.ts (2)

603-619: Function implementation looks good.

The signature extension and parameter forwarding are implemented correctly. The optional parameters follow TypeScript best practices and are properly passed to the API client.

353-359: No secrets fields in BuildManifest; call site is correct. The deploy.sync schema only defines env and parentEnv—there are no secrets or parentEnvSecrets to extract or pass here.

Likely an incorrect or invalid review comment.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Aug 19 '25 09:08 coderabbitai[bot]