Skip to content

refactor(locations): replace env_token with direct-value token field#404

Merged
jimisola merged 4 commits into
mainfrom
feat/rename-env-token-to-token
Jun 2, 2026
Merged

refactor(locations): replace env_token with direct-value token field#404
jimisola merged 4 commits into
mainfrom
feat/rename-env-token-to-token

Conversation

@jimisola

@jimisola jimisola commented Jun 1, 2026

Copy link
Copy Markdown
Member

Summary

  • Renames env_tokentoken in all four location types (git, maven, pypi, npm)
  • Changes semantics: token now holds the value directly rather than an environment variable name — the os.getenv() indirection in each location class is removed
  • Users migrate by using ${VAR} interpolation (added in feat(locations): interpolate environment variables in YAML input (#158) #397): env_token: "GITLAB_TOKEN"token: "${GITLAB_TOKEN}"

Breaking change

YAML files using env_token: must be updated to use token: "${VAR}". The CLI flag --env_token / -t is also renamed to --token.

Files changed

  • requirements.schema.json + regenerated requirements_schema.py (codegen via hatch run dev:codegen)
  • All four location classes: removed import os, replaced os.getenv(self.env_token) with self.token
  • command.py: --env_token flag → --token
  • requirements_model_generator.py: keyword arg rename
  • All YAML test fixtures and unit/integration tests updated

Test plan

  • hatch run dev:pytest tests/unit — 794 passed
  • hatch run dev:codegen-check — schema/model consistent
  • CLI smoke test: hatch run python src/reqstool/command.py status local -p tests/resources/... — output unchanged
  • reqstool status git --help confirms --token flag with updated help text

Rename env_token → token across all location types (git, maven, pypi,
npm) and change semantics: the field now holds the token value directly
rather than an environment variable name. Users supply tokens via
\${VAR} interpolation introduced in #397 (e.g. token: \${GITLAB_TOKEN}).

Removes os.getenv() indirection from all location classes. Updates
JSON schema, generated Pydantic models, CLI flag (--env_token →
--token), model generator, all test fixtures, and unit / integration
tests accordingly.

Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
@jimisola jimisola requested a review from Jonas-Werne June 1, 2026 16:06
jimisola added 3 commits June 1, 2026 18:08
Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
- SecretStr: use pydantic.SecretStr for token field in all 4 location
  classes — prevents raw secret from appearing in repr/model_dump/
  ValidationError messages; callers extract value via .get_secret_value()
- Credentials: pass callbacks=None to clone_repository when no token,
  eliminating UserPass(password=None) passed to pygit2
- Schema: add writeOnly:true to all 4 token property definitions and
  regenerate models
- Docs examples: quote token interpolation as token: "${VAR}" to prevent
  YAML injection when env value contains structural characters
- Remote fixture: change literal token to token: "${GITLAB_TOKEN:-}"
- CLI help: fix $VAR → ${VAR} in all --token help strings
- CLI ternaries: simplify x if x else None → x or None (×4)
- Integration tests: fix choose_token() skipif; rename _GITHUB_TOKEN_ENV
  → _GITHUB_TOKEN_VAR_NAME
- Test fixtures: use clearly dummy token values (dummy-gitlab-token etc.)
- Exception message: use type(e).__name__ instead of {e} in pypi
- Copyright: add missing # Copyright © LFV header to pypi_location.py
- New tests: token forwarding for git/maven/pypi; empty-string no-auth;
  repr does not expose secret value; --token CLI flag for git/maven/pypi

Signed-off-by: Jimisola Laursen <jimisola@jimisola.com>
@jimisola jimisola merged commit 7c6bfd4 into main Jun 2, 2026
4 checks passed
@jimisola jimisola deleted the feat/rename-env-token-to-token branch June 2, 2026 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant