-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: updates snaplet to ensure COPYCAT_SECRET #4
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm but not 100% sure about taskfile syntax
also wondering what is the COPYCAT_SECRET needed for?? Doesn't copycat just generate fake email/other PII? I hope they don't have an API that you have to pay to request bogus@bogus.com
Edit: I should read PR descriptions instead of just files changed
# Load our project specific variables from .env.taskit + .env.taskit-secrets | ||
dotenv: | ||
- .env.taskit | ||
- .env.taskit-secrets |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is taskit/snaplet typically run? Can we pass these in a way other than .env files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm wondering for 12-factor purposes, but it looks like taskfile is the one handling the .env
import rather than us, so any 12-factor concerns are left on their plate, which I'm cool with
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're typically running snaplet tasks in our client infra project where these files are either present or in the case of the taskit-secrets
file it can be created easily if needed. If these files don't exist, task / taskit works as normal. They're purely optional and supplementary which works nicely if we are using taskit in a project that doesn't use the snaplet:*
tasks.
internal: true | ||
cmds: | ||
- | | ||
if [[ -z "{{.COPYCAT_SECRET}}" ]]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this {{.name}}
syntax is how you reference env variables in taskfile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, more info here: https://taskfile.dev/usage/#variables
Copycat is a small open source project from the folks at Snaplet: https://github.com/snaplet/copycat. Without setting that env var, you get a message from snaplet on each This work to ensure that env var is set is so that we just quiet down that warning AND provide a means by which we can easily pass secrets to taskit going forward. I could see this new pattern evolving in the future where we passing a SOPS file and taskit is responsible for pulling all the secrets from that SOPS file given that the invoker has access to the key to decrypt. But that is a possible future if we need to build this out further, for now this is a fast path towards done and leaves us open to using it elsewhere. |
@kevcube you know I love a good PR description ❤️ |
1 similar comment
@kevcube you know I love a good PR description ❤️ |
Info
snaplet:capture
to ensure we have theCOPYCAT_SECRET
env var set before running that task. This is required as it is the encryption seed forcopycat
usage within Snaplet.snaplet
vars so they incorporate theSNAPSHOT_ENV
var and fixes support for overriding their values..env.taskit-secrets
file which is used to store local secrets in a taskit repository that should not be checked into git. This is added to our gitignore script + thedotenv
items of ourTaskfile.dist.yaml
so we now have a pattern for sharing secrets easily withtaskit
.References