Skip to content

chore(dev): add dotenv ignore and secret setup recipe fixes#9

Open
elasticdotventures wants to merge 1 commit intomainfrom
chore/push-local-changes
Open

chore(dev): add dotenv ignore and secret setup recipe fixes#9
elasticdotventures wants to merge 1 commit intomainfrom
chore/push-local-changes

Conversation

@elasticdotventures
Copy link
Copy Markdown
Member

@elasticdotventures elasticdotventures commented Apr 3, 2026

No description provided.

Copilot AI review requested due to automatic review settings April 3, 2026 09:53
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates local developer tooling around environment variables and GitHub Actions secret management, aligning the repo’s release/publish workflows (crates.io + PyPI tokens) with an easier local setup flow.

Changes:

  • Enable just dotenv loading so .env values are automatically available to recipes.
  • Add just recipes to help set/update GitHub repo/org secrets (CRATES_IO_TOKEN, PYPI_API_TOKEN) via gh.
  • Ignore .env and .env.* files in git to prevent accidental secret commits.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.

File Description
Justfile Enables dotenv auto-load and adds gh-secrets-* helper recipes for setting GitHub secrets from local env vars.
.gitignore Adds ignore rules for .env / .env.* to keep local secrets out of the repo.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Justfile
Comment on lines +54 to +55
if gh secret list -R "{{repo}}" | awk '{print $1}' | grep -qx "$name"; then \
if [ "{{force}}" = "true" ]; then \
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existence check parses gh secret list human-formatted output via awk '{print $1}', which is brittle if gh changes formatting/headers. Consider using gh secret list -R {{repo}} --json name --jq '.[].name' (or -q query) and matching against that instead for a stable interface.

Copilot uses AI. Check for mistakes.
Justfile
echo "SKIP $name: not set in .env"; \
continue; \
fi; \
if gh secret list --org "{{org}}" | awk '{print $1}' | grep -qx "$name"; then \
Copy link

Copilot AI Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above: this org-secret existence check relies on parsing gh secret list tabular output with awk, which can break if the CLI output format changes. Prefer gh secret list --org {{org}} --json name --jq '.[].name' (or -q query) for a stable machine-readable check.

Suggested change
if gh secret list --org "{{org}}" | awk '{print $1}' | grep -qx "$name"; then \
if gh secret list --org "{{org}}" --json name --jq '.[].name' | grep -qx "$name"; then \

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticdotventures @promptexecutionerr