Renovate: Provide custom environment variable configuration option
What would you like Renovate to be able to do?
With trustLevel set to low, no environment variables are passed through.
With trustLevel set to high, all environment variables are passed through.
I'd love to see another option, where custom environment variables can be provided.
Did you already have any implementation ideas?
One approach would be for config.js to have a new option, "environment" demonstrated by this configuration:
module.exports = {
environment: {
MY_VAR: "my value",
PASSED_THROUGH: process.env.PASSED_THROUGH
}
}
Ideally, this would work with trustLevel set to low.
Are there any workarounds or alternative ideas you've tried to avoid needing this feature?
Not really... setting trustLevel to high exposes all environment variables, and there are some that I really don't want to expose (such as the git private key).
Is this a feature you'd be interested in implementing yourself?
Probably not? I'm fluent in a number of languages, but typescript isn't currently one of them.
candrews
All 5 comments
You forgot to fill which renovate version and platform are you using. So please fill the full issue template. Thanks
viceice
on 15 Jul 2020
renovate version and platform
Renovate Open Source CLI (Self hosted, docker, renovate/renovate:latest)
$ renovate --version
21.29.3
Thanks!
candrews
on 15 Jul 2020
I think a new admin option could be ok: an array of strings, that lists env variables to pass through for child processes.
I had also been thinking about letting repo configs specify literal env variable values to pass through, until I saw this article that made me think we need some controls: https://www.elttam.com/blog/env/
rarkins
on 16 Jul 2020
I think a new admin option could be ok: an array of strings, that lists env variables to pass through for child processes.
I think instead of only allowing pass through, it would be better to specify both name and values for environment variables available to the child processes as given in the description of this issue. That way, the admin could calculate new environment variables, or modify existing ones, as appropriate. For example, I have a use case where I have an environment variable containing a username, another containing a password, and a third containing a URL, and I'd like to use javascript in config.js to combine the 3 into a new environment variable containing a URL with the username and password embedded in it.
I had also been thinking about letting repo configs specify literal env variable values to pass through, until I saw this article that made me think we need some controls: https://www.elttam.com/blog/env/
Agreed - this should be an admin-only config.js configuration option.
candrews
on 17 Jul 2020
Proposed solution:
Add a new admin option customEnvValues which is an object of key/value strings. If configured, these env values will be added to every child process env, regardless of trustLevel. I think probably best to apply them after other env values, so that they can be used to override (although I can't think of a use case for that yet).
rarkins
on 20 Jul 2020
Related issues
ptbrowne
路
3Comments
zephraph
路
3Comments
jgarec
路
3Comments
OmgImAlexis
路
4Comments
jeromelachaud
路
3Comments
Most helpful comment
Proposed solution:
Add a new admin option
customEnvValueswhich is an object of key/value strings. If configured, these env values will be added to every child process env, regardless oftrustLevel. I think probably best to apply them after other env values, so that they can be used to override (although I can't think of a use case for that yet).