Skip to content

v7.0.0 getCredentials() ignores CF_API_KEY/CF_URL when ~/.cfconfig has a context (unexpected precedence) #45

New issue
New issue
Closed
Closed
v7.0.0 getCredentials() ignores CF_API_KEY/CF_URL when ~/.cfconfig has a context (unexpected precedence)#45
@alexaladov-codefresh

Description

@alexaladov-codefresh
alexaladov-codefresh
opened on Oct 21, 2025

Description

When both environment variables (CF_API_KEY and CF_URL) and a local ~/.cfconfig file are present, getCredentials() appears to prefer the file-based currentContext and overwrites the env-derived credentials. This makes it impossible to force credentials via environment variables (e.g., in CI) if a machine has a ~/.cfconfig lying around.

Affected code: src/logic/codefresh.ts – the logic first reads env vars, then loads ~/.cfconfig and, if currentContext exists, replaces the credentials with values from the file. See the lines around the getCredentials() implementation. (GitHub)

Steps to Reproduce

  1. Export valid env vars:

    export CF_API_KEY=env-token
export CF_URL=https://g.codefresh.io

  2. Ensure ~/.cfconfig exists with a different currentContext (e.g., stale token or different URL).

  3. Run any command/path that calls getCredentials() (e.g., invoking the support package logic).

  4. Observe that the credentials used match the ~/.cfconfig context, not the env vars.

Expected Behavior

  • If CF_API_KEY and CF_URL are both set, they should take precedence over file-based context (common pattern for CLI tools).

Actual Behavior

  • File-based currentContext overrides env-provided credentials when present.
  • Possible exception when ~/.cfconfig is missing/unreadable (no graceful fallback).

Impact

  • Hard to run reliably or when users want to temporarily override local config with env vars.
  • Confusing experience: env vars appear to be ignored.

Proposed Fixes

  • Precedence change: If both CF_API_KEY and CF_URL are set, use them and skip reading ~/.cfconfig, or at least do not overwrite.
  • Resilience: Wrap config-file read with try/catch and fallback to env vars on error.
  • Observability: Log which credential source was selected (env vs file) to aid troubleshooting.
  • Docs: Clarify intended precedence in README/usage notes.

Environment

  • Package version / commit: c7c823f4e2f7c3857eca1aa3c58e0479eb7f332d (linked above). (GitHub)

Additional Notes

If the current behavior is intentional, please document the precedence rules.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions