I have seen some medium blogs and StackOverflow answers that I shouldn't add .env file to the versioning.
I quite understand why that is needed.
But how about when dealing with a Reactjs project?
Reactjs is for the frontend and all the environment variables are public even it is bundled for production and anyone can read it using a web browser.
I have 2 env files, .env.production for production and .env.staging for staging. The environment variable values are put to the bundled version while building. These files are the same across all other team members.
Actually there is no secret at all in these files.
The question is:
Should I add these 2 files to versioning or do I have to distribute these files manually to other team members? Then why?
No.
Preferred way is to have a file called .env.sample This will contain all the keys with random or no values in it. Any developer who clones the repo, will get to know the env_vars that are needed to run/build the project.
Within the teams, have a secrets sharing mechanism. There are lots of tools available to solve this.
First time after cloning the repo, the developers needs to run cp .env.sample .env and copy the values from the secret manager.
Make sure to add .env to .gitignore so no-one accidently pushes the .env containing secrets to the repo.
No you don't. .env file should be put on server in a separated way. Otherwise whoever can access to your source code repository can read or even modify .env file.
Related
I made a website with NextJS that I'd like to make open source, but I have a .env file with read-only credentials to my DB.
I don't think it would be a huge issue to make those credentials public as I wouldn't mind people querying my DB, but it still seems risky and I'd rather not.
Keep in mind that I use Vercel to deploy the website, which gets the code from the git repo.
I've thought about cloning the private repo, deleting the .env file and making this new repo public, but that's not an ideal solution since I'd end up with two repos.
I assume your .env file has already been committed to the repo?
Add it to .gitignore, and use BFG (usage instructions at that link) to delete the file from your repo. A normal delete will not work, as the file will still be in the git history. Using BFG, it'll be erased from the repo entirely.
I'm working on an old react project, which I need to add functionality to, but when deploying the react build on the server, it fails, claiming it cannot find several css and js files, although I published all files within the build folder. I tried different things:
First, I kept the old service-worker.js in the production folder the IIS uses, but replaced everything else.
Then, I tried also deleting the service-worker.js, since I thought it was optional, and my npm run build didn't create a service-worker.js file.
Then, I tried copying the service-worker.js file that existed on production, and manually changing it to point to my css and js files in the /static/ folder of my build folder.
All of these solutions have yielded the same result. So I have a few questions:
Is the service worker necessary? If not, could this error relate to something entirely different other than the service worker?
If it is necessary, why could my npm run build command not create the service worker with the rest of the files in the build folder?
If I do need it, how can I manually add it to a project that already exists?
If the production folder already had a service worker, and my build is not building it, I can also assume maybe my react version is newer, but I find that odd, since the computer I use is one an older employee in my company used, and I didn't manually change anything about this project.
I am using X-Code 10 as a C IDE. I am doing a group project and we must use GitLab to share the code. To work in Xcode there are a lot of files to make Xcode work, but none that I need to share with my partners who are using their own IDE and who just need the .c files we are working on. How do I make Git not upload ALL files and just the .c?
There are ways to handle the excludes for a git project. There is the .gitignore file where you can create rules for what files should be excluded from your project. This file will be tracked by git, so you and your teammates will be sharing this file.
For your own personal excludes, you can put them into the .git/info/exclude file. This will not be tracked by git and will affect only your own local repository. This is a good place put rules that are specific to your own workflow.
I have an app ready for production. For it to work, each client needs to set a unique url to access their data. How would i prepare the app for making it easy to add a url as an access point to the clients?
Would a correct way to do this be to add it in the manifest.json file and somehow reference it from there? (Until now in development i've only used a global URL in a js file)
You need to install the package dotenv package and create a .env file in your root directory which should contain your environment variables.
Assuming that the URl you are referring to is http://localhost:3000/some/url on your localhost, then your .env file might look like:
MY_URL=http://localhost:3000/some/url
Then in your react application, you can get the value of MY_URL by doing:
const url = process.env.MY_URL
Note that if you are using the create-react-app package, then you do not need to install the dotenv package since it already comes with the create-react-app package. Also you need to change it:
REACT_APP_MY_URL=http://localhost:3000/some/url
Also make sure to add the .env file to your .gitignore file so that you do not push it to your repo.
Assuming that you are deploying your application to Heroku. Heroku provides a simple interface which allows you to add your environment variables which looks like:
That's it.
Maybe you could store them in environment variables?
that way you can always edit them later without having to change components.
When running gcloud init, it creates a directory named "default" where it clones the sources.
Maybe a silly question, but why is it named "default"?
Is there a way to change the name or clone sources in the current directory (without creating a new one)?
The 'gcloud init' command currently only clones a single repo, which is named default. in the future you may be able to host multiple repos, each with their own name.
Also, we may add the ability to nicely import other assets into your project as well, which would not necessarily live in your repo.
So, the primary Google-hosted repository is one asset that is part of your local developer workspace, and since we intend to bring in more in the future, it gets put in its own directory 'default' (which is the name of that repo) so that it does not have conflicts with future assets.