
Security News
PodRocket Podcast: Inside the Recent npm Supply Chain Attacks
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
tailored-gitlab-env
Advanced tools
Small helper library for setting environment variables based on other, branch name prefixed env vars
This is a small helper library used by tailored apps in gitlab CI pipelines for frontend applications. Since gitlab does not currently support branch specific environment variables, but frontend builds often need to know various branch-specific things at build time (e.g. an API base URL that has a different value in a dev build than in a stage or prod build), a bandaid solution is to prefix gitlab env vars with the branch name (e.g. DEVELOP_API_BASE_URL
, STAGE_API_BASE_URL
, MASTER_API_BASE_URL
).
However, since frontend code should be as environment agnostic as possible, and since we use node-config for config management, our goal was to simply read configuration from a predefined set of unchanging environment variables when building an app (e.g. API_BASE_URL
).
This script will generate a list of bash export
statements for each variable in a custom-environment-variables.yml
file and a supplied prefix. Each variable found in the YML file with a correspondingly prefixed variable in the current environment will generate one export
statement.
npm install -g tailored-gitlab-env
[gitlab-ci@some-runner] $ eval "`ta-gitlab-env --yml-file=/path/to/custom-environment-variables.yml --prefix=prefix_string --fallback=fallback_prefix`"
Note the double quotes around the command - this makes sure newlines, which this script uses to separate commands, are passed to eval
correctly.
fallback_prefix
will be used if the prefix supplied via --prefix
did not produce any output. This can be used, for instance, to set prefix
to $CI_BUILD_REF_NAME
(i.e. branch- or tag name) in gitlab CI and fallback
to master
. What this will achieve is that, for instance, tag builds will use values from master
(since you'll likely not want to define a set of prefixed vars for each and every tag).
custom-environment-variables.yml
port: PORT
api:
baseUrl: API_BASE_URL
token: API_TOKEN
admin:
defaultPassword: DEFAULT_ADMIN_PASSWORD
Process environment:
MASTER_API_BASE_URL=https://prod.my.api/v1
STAGE_API_BASE_URL=https://stage.my.api/v1
DEVELOP_API_BASE_URL=https://dev.my.api/v1
MASTER_API_TOKEN=very_secret
STAGE_API_TOKEN=also_secret
DEVELOP_API_TOKEN=not_so_secret
DEVELOP_PORT=6000
Output
ta-gitlab-env --yml-file=/path/to/custom-environment-variables.yml --prefix=master
export API_BASE_URL="https://prod.my.api/v1"
export API_TOKEN="very_secret"
ta-gitlab-env --yml-file=/path/to/custom-environment-variables.yml --prefix=stage
export API_BASE_URL="https://stage.my.api/v1"
export API_TOKEN="also_secret"
ta-gitlab-env --yml-file=/path/to/custom-environment-variables.yml --prefix=develop
export API_BASE_URL="https://dev.my.api/v1"
export API_TOKEN="also_secret"
export PORT="6000"
FAQs
Small helper library for setting environment variables based on other, branch name prefixed env vars
We found that tailored-gitlab-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.