fix: read ENVIO_PG_PASSWORD with fallback to ENVIO_POSTGRES_PASSWORD#1098
Open
akandic47 wants to merge 9 commits intoenviodev:mainfrom
Open
fix: read ENVIO_PG_PASSWORD with fallback to ENVIO_POSTGRES_PASSWORD#1098akandic47 wants to merge 9 commits intoenviodev:mainfrom
akandic47 wants to merge 9 commits intoenviodev:mainfrom
Conversation
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughReplaced direct environment lookup for the Postgres password in Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
packages/cli/src/persisted_state/db.rs (1)
20-20: Please add a focused regression test for env var precedence.Line 20 changes runtime config behavior; a small unit test for
get_env_with_fallback(primary set, fallback-only set, neither set) would lock this in and prevent future regressions.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/cli/src/persisted_state/db.rs` at line 20, Add a focused unit test for get_env_with_fallback covering three scenarios: (1) primary env var set (ENVIO_PG_PASSWORD) and fallback also set — assert primary wins; (2) only fallback env var set (ENVIO_POSTGRES_PASSWORD) — assert fallback is returned; (3) neither set — assert default "testing" is returned. Use a test that sets and unsets the environment variables (std::env::set_var/remove_var) around each case and call get_env_with_fallback to assert expected results; place the test in the same module or a tests mod so it runs with cargo test to prevent regressions in the runtime config precedence.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@packages/cli/src/persisted_state/db.rs`:
- Line 20: Add a focused unit test for get_env_with_fallback covering three
scenarios: (1) primary env var set (ENVIO_PG_PASSWORD) and fallback also set —
assert primary wins; (2) only fallback env var set (ENVIO_POSTGRES_PASSWORD) —
assert fallback is returned; (3) neither set — assert default "testing" is
returned. Use a test that sets and unsets the environment variables
(std::env::set_var/remove_var) around each case and call get_env_with_fallback
to assert expected results; place the test in the same module or a tests mod so
it runs with cargo test to prevent regressions in the runtime config precedence.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e4a9c711-0422-4191-8603-446b299a86cd
📒 Files selected for processing (1)
packages/cli/src/persisted_state/db.rs
akandic47
force-pushed
the
fix/envio-pg-password-env-var
branch
from
ae49460 to
49e964d
Compare
The persisted_state db.rs was reading ENVIO_POSTGRES_PASSWORD while every other Postgres env var follows the ENVIO_PG_* convention. This caused db-migrate up to fail with auth errors when only ENVIO_PG_PASSWORD was set. Now reads ENVIO_PG_PASSWORD first (matching docs and Env.res), falling back to ENVIO_POSTGRES_PASSWORD for backwards compatibility. Fixes enviodev#1097
akandic47
force-pushed
the
fix/envio-pg-password-env-var
branch
from
49e964d to
d04dd70
Compare
Member
|
Looks like CI fails because it doesn't get access to secrets. I'll investigate how we can solve it for internal contributors on Tuesday when I'm back from my vacation. |
Author
Thnx... We had some problems with propagating migrations so decided to investigate further and came up to this :D |
Member
|
/ok-to-test baeef6d |
Member
@akandic47 Please ignore the noise. I'm trying to bypass the CI secrets limitation while finishing other changes for the next release. I'll make sure it's merged and included to the next release anyways. |
Member
|
/ok-to-test fe3e955 |
Member
|
/ok-to-test 047643d |
Member
|
/ok-to-test 81d8e0b |
DZakh
pushed a commit
that referenced
this pull request
Apr 16, 2026
Add `pending-status` job: on `pull_request` events from forks, posts a `build-verify: pending` commit status to the fork PR's head SHA. This solves two problems observed on PR #1098: 1. Fork PR had all checks "Skipped" (because the gate blocks forks on `pull_request` events). GitHub branch protection treats "Skipped" as passing → PR was mergeable without any CI running. With the pending status, branch protection (configured to require `build-verify`) sees "pending" → blocks merge. 2. After /ok-to-test triggered CI via `issue_comment`, the native check runs attached to the default-branch SHA (invisible on the PR). The `report` job already posts `build-verify: success/failure` to the fork PR's head SHA — this overrides the pending status, and is the only status branch protection needs to require. Each new fork push re-triggers `pull_request` → re-posts pending → re-blocks merge until a reviewer re-approves via /ok-to-test. After merging, configure branch protection: Settings → Branches → main → Require status checks → add `build-verify` as a required context.
DZakh
pushed a commit
that referenced
this pull request
Apr 16, 2026
Add `pending-status` job: on `pull_request` events from forks, posts a `build-verify: pending` commit status to the fork PR's head SHA. This solves two problems observed on PR #1098: 1. Fork PR had all checks "Skipped" (because the gate blocks forks on `pull_request` events). GitHub branch protection treats "Skipped" as passing → PR was mergeable without any CI running. With the pending status, branch protection (configured to require `build-verify`) sees "pending" → blocks merge. 2. After /ok-to-test triggered CI via `issue_comment`, the native check runs attached to the default-branch SHA (invisible on the PR). The `report` job already posts `build-verify: success/failure` to the fork PR's head SHA — this overrides the pending status, and is the only status branch protection needs to require. Each new fork push re-triggers `pull_request` → re-posts pending → re-blocks merge until a reviewer re-approves via /ok-to-test. After merging, configure branch protection: Settings → Branches → main → Require status checks → add `build-verify` as a required context.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
packages/cli/src/persisted_state/db.rsENVIO_PG_PASSWORDfirst (matching docs,Env.res, and every otherENVIO_PG_*variable), with a fallback toENVIO_POSTGRES_PASSWORDfor backwards compatibilityProblem
get_pg_pool()was readingENVIO_POSTGRES_PASSWORDwhile all other variables use theENVIO_PG_*convention. This causedenvio local db-migrate upto fail with "password authentication failed" when onlyENVIO_PG_PASSWORDwas set.Fixes #1097
Summary by CodeRabbit