Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Chore/externalize env config vars #68

Closed
wants to merge 1 commit into from
Closed

Chore/externalize env config vars #68

wants to merge 1 commit into from

Conversation

cjpillsbury
Copy link

@cjpillsbury cjpillsbury commented Jul 17, 2023
edited
Loading

Pulled out our local dev env variables into a properties file that isn't tracked by github I think using best practices.

@cjpillsbury
chore: Pulling out env config variables to avoid modifying tracked fi…
816a7b0 
…les and potentially unintentionally committing secrets.
@cjpillsbury cjpillsbury changed the base branch from main to releases/v0.4.1 July 17, 2023 19:17
@cjpillsbury
Copy link
Author

boo looks like our CI tries to build app. Not sure what best practices are here (I can see value add for ensuring build/compile as a basic smoke test, but this may not be the best way?). I suspect I should update build.gradle to not have a hard assumption on the existence of the file and maybe provide some defaults?

@cjpillsbury cjpillsbury marked this pull request as draft July 17, 2023 19:21
@cjpillsbury
Copy link
Author

converting to a draft for now so it can be a learning ground in its current state

cjpillsbury
cjpillsbury commented Jul 17, 2023
View reviewed changes
app/build.gradle
@@ -2,6 +2,15 @@ plugins {
id 'com.android.application'
id 'org.jetbrains.kotlin.android'
}
// Creates a variable called keystorePropertiesFile, and initializes it to the
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick(blocking): Copied over example/reference code comments when digging into best practices. Will remove.

cjpillsbury
cjpillsbury commented Jul 17, 2023
View reviewed changes
app/build.gradle
@@ -24,6 +33,12 @@ android {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
buildConfigField("String", "ACCESS_TOKEN_ID", "\"${localEnvProperties['ACCESS_TOKEN_ID']}\"")
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Should these be duplicated? How does "defaulting" and "overriding" config values work here (/best practices for gradle)

Copy link
Collaborator

@daytime-em daytime-em Jul 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Each module has its own BuildConfig file, there is no duplication or overriding of BuildConfig files between modules.

cjpillsbury
cjpillsbury commented Jul 17, 2023
View reviewed changes
local-env.properties.example

# For help on creating Mux Access tokens, see: https://docs.mux.com/guides/system/make-api-requests#access-token-permissions
ACCESS_TOKEN_ID=YOUR_MUX_TOKEN_ID
ACCESS_TOKEN_SECRET=YOUR_MUX_TOKEN_SECRET
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick(blocking): Will add newline before EOF

cjpillsbury
cjpillsbury commented Jul 17, 2023
View reviewed changes
app/build.gradle
@@ -2,6 +2,15 @@ plugins {
id 'com.android.application'
id 'org.jetbrains.kotlin.android'
}
// Creates a variable called keystorePropertiesFile, and initializes it to the
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question(blocking): Since this file isn't guaranteed to exist but "should" exist for a functioning app, how should we handle this case? A hard failure on the build task is informative for local dev, but (at least currently) we also build the example app on our CI builds, which currently fails as a result of this change. Would love input/suggestions/best practices here.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a real production app, you're definitely on the right track. Templates for properties files are the way to go, and it's reasonable to expect programmers to copy over the files. For our case, this confers no benefit; customer keys don't make their way upstream. My best advice is to just commit a real .properties with "YOUR KEY HERE" or (better) "SET THIS IN local-env.properties" placeholders.

My second-best advice is to print a warning to the logs if the file is missing, and provide default values when you're declaring your buildConfigFields so nothing melts. "" would be just fine for this. Failing the build here might be seen as an unnecessary "gotcha," so please prefer to log at the warning level, which I think should even surface in the IDE.

daytime-em
daytime-em requested changes Jul 17, 2023
View reviewed changes
Copy link
Collaborator

@daytime-em daytime-em left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great research! This is basically what you do when you want to put keys and stuff into your build. (but!)

Because app is an example app, I think we can make things a little easier than we would for a real app. I left two suggestions at different levels of complexity for inspiration

app/build.gradle
@@ -2,6 +2,15 @@ plugins {
id 'com.android.application'
id 'org.jetbrains.kotlin.android'
}
// Creates a variable called keystorePropertiesFile, and initializes it to the
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a real production app, you're definitely on the right track. Templates for properties files are the way to go, and it's reasonable to expect programmers to copy over the files. For our case, this confers no benefit; customer keys don't make their way upstream. My best advice is to just commit a real .properties with "YOUR KEY HERE" or (better) "SET THIS IN local-env.properties" placeholders.

My second-best advice is to print a warning to the logs if the file is missing, and provide default values when you're declaring your buildConfigFields so nothing melts. "" would be just fine for this. Failing the build here might be seen as an unnecessary "gotcha," so please prefer to log at the warning level, which I think should even surface in the IDE.

@daytime-em
Copy link
Collaborator

@cjpillsbury Re: verifying that app builds: It definitely doesn't feel good when someone needs our example app and it doesn't even build. I am very sure that we need to catch this case because (trust me) it doesn't feel good to read that bug report either ;)

Overall, yes I think you should provide some sane defaults (enough to build) and warn to the logs. This seems more in-line with the expectations people would have of example code.

@cjpillsbury
Copy link
Author

Closing since this was a POC spike and is stale.

@cjpillsbury cjpillsbury closed this Oct 2, 2023
@daytime-em daytime-em deleted the chore/externalize-env-config-vars branch October 30, 2023 22:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daytime-em daytime-em daytime-em requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cjpillsbury @daytime-em