Skip to content

Remove default env variables #1511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 26, 2025
Merged

Remove default env variables #1511

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions apps/cyberstorm-remix/.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ SENTRY_PROJECT=
SENTRY_AUTH_TOKEN=
ENABLE_BROKEN_PAGES=

VITE_SITE_URL=https://thunderstore.io
VITE_API_URL=https://thunderstore.io
VITE_AUTH_BASE_URL=https://auth.thunderstore.io
VITE_AUTH_RETURN_URL=https://new.thunderstore.io
VITE_SITE_URL=
VITE_API_URL=
VITE_AUTH_BASE_URL=
VITE_AUTH_RETURN_URL=
Comment on lines +7 to +10
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Double-check env precedence in your pipelines before merging

Depending on how Vite/dotenv are invoked in your build, a blank value in .env can still take precedence over system envs or vice versa. Verify what your CI/CD actually injects and whether there are any .env.[mode]* files that should win.

Run this repo-safe script to audit usages and potential fallbacks:

If this shows no fallbacks and no CI provisioning, consider adding a small runtime/build-time env schema check to fail fast.

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) List env files for this app (to infer precedence):"
fd -H -a '^\.env(\..+)?(\.local)?$' apps/cyberstorm-remix || true

echo -e "\n2) Find references to the removed defaults (TS/JS/TSX/JSX):"
rg -nP --glob 'apps/cyberstorm-remix/**' --type-add 'web:*.{ts,tsx,js,jsx}' \
   -tweb -C2 'import\.meta\.env\.(VITE_SITE_URL|VITE_API_URL|VITE_AUTH_BASE_URL|VITE_AUTH_RETURN_URL)'

echo -e "\n3) Heuristic: look for explicit fallbacks (?? or ||) near those vars:"
rg -nP --glob 'apps/cyberstorm-remix/**' -C1 '(VITE_SITE_URL|VITE_API_URL|VITE_AUTH_BASE_URL|VITE_AUTH_RETURN_URL).*(\?\?|\|\|)'

echo -e "\n4) Check workflows for these vars being supplied by CI:"
rg -n --glob '.github/workflows/**' 'VITE_(SITE_URL|API_URL|AUTH_BASE_URL|AUTH_RETURN_URL)' -n -C2 || true

Length of output: 12621

Ensure CI injects all VITE_ variables and add fallbacks or schema checks

  • We only have a single .env at apps/cyberstorm-remix/.env—no .env.local or mode-specific files are present. Blank entries there will be applied by Vite and could override any system-level variables in your build environment.
  • Nearly every usage of import.meta.env.VITE_API_URL, VITE_AUTH_BASE_URL, and VITE_AUTH_RETURN_URL lacks a fallback; only VITE_SITE_URL is guarded via ?? "https://thunderstore.io" in app/root.tsx (lines 111 & 200).
  • We didn’t detect these variables being set in any .github/workflows files—confirm your CI/CD pipelines actually supply VITE_API_URL, VITE_AUTH_BASE_URL, and VITE_AUTH_RETURN_URL.
  • To prevent silent misconfiguration, either remove the blank declarations from .env so pipeline-provided values take effect, or introduce a dedicated env schema validation (e.g. with Zod or a custom check) that errors out at build or startup when any VITE_* var is missing or empty.
🧰 Tools
🪛 dotenv-linter (3.3.0)

[warning] 8-8: [UnorderedKey] The VITE_API_URL key should go before the VITE_SITE_URL key

(UnorderedKey)

[warning] 9-9: [UnorderedKey] The VITE_AUTH_BASE_URL key should go before the VITE_SITE_URL key

(UnorderedKey)

[warning] 10-10: [UnorderedKey] The VITE_AUTH_RETURN_URL key should go before the VITE_SITE_URL key

(UnorderedKey)

🤖 Prompt for AI Agents 
In apps/cyberstorm-remix/.env around lines 7-10 the VITE_ variables are declared
blank which will override system/CI-provided envs and lead to missing values at
build/runtime; remove these empty entries so CI-injected vars take effect, or
replace them with explicit defaults only when appropriate, and add an env
validation step (Zod or a simple runtime/build check) that throws a clear error
when VITE_API_URL, VITE_AUTH_BASE_URL, or VITE_AUTH_RETURN_URL are
missing/empty; also update code sites that use import.meta.env.VITE_* to use
safe fallbacks (e.g., ?? throw-or-default) or rely on the validation to
guarantee presence, and confirm your GitHub Actions/CI workflow sets these
secrets/envs.

VITE_CLIENT_SENTRY_DSN=
Loading