Skip to content

env vars can be read in aio app dev creating confusion #749

New issue
New issue
Open
Open
env vars can be read in aio app dev creating confusion#749
Labels
bugSomething isn't working
@purplecabbage

Description

@purplecabbage
purplecabbage
opened on May 6, 2025

Expected Behaviour

dev command mimics runtime env

Actual Behaviour

action code that references process.env can see the env used to run the app, there is no indication that this is not expected behavior so if this is discovered and used the app will break when deployed to Runtime.
In some cases the value of .env will be built right into the action as webpack thinks it is doing us a favor.

We need to do a couple things potentially:

  • make aio app dev use a clean env when running actions
  • prevent devs from accidentally building secrets into their action code

Reproduce Scenario (including but not limited to)

Steps to Reproduce

Environment Info

  System:
    OS: macOS 15.4.1
    CPU: (10) arm64 Apple M1 Max
    Memory: 221.25 MB / 32.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.20.4 - ~/.nvm/versions/node/v18.20.4/bin/node
    Yarn: 1.22.19 - ~/.bun/bin/yarn
    npm: 10.7.0 - ~/.nvm/versions/node/v18.20.4/bin/npm
  Virtualization:
    Docker: 20.10.17 - /usr/local/bin/docker
  npmGlobalPackages:
    @adobe/aio-cli: 10.3.1

Sample Code that illustrates the problem

Logs taken while reproducing problem

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions