Skip to content

Limit exposure of implementation detail env vars to NodeJS#45

Merged
Silic0nS0ldier merged 7 commits intomainfrom
jordan-mele_limit-impl-env-var-exposure
Feb 13, 2024
Merged

Limit exposure of implementation detail env vars to NodeJS#45
Silic0nS0ldier merged 7 commits intomainfrom
jordan-mele_limit-impl-env-var-exposure

Conversation

@Silic0nS0ldier
Copy link
Copy Markdown
Contributor

@Silic0nS0ldier Silic0nS0ldier commented Jan 2, 2024
edited
Loading

These changes will hide env vars created by the launcher script, providing a cleaner environment.

Before:

{
  RUNFILES: '/[...].sh.runfiles',
  PWD: '[...]',
  NODE_REPOSITORY_ARGS: '--preserve-symlinks',
  TMPDIR: '/tmp',
  RUNFILES_MANIFEST_FILE: '/[...].sh.runfiles_manifest',
  BAZEL_NODE_RUNFILES_HELPER: '[...]',
  BAZEL_NODE_PATCH_REQUIRE: '[...]',
  BAZEL_TARGET: '[...]',
  NM_SYMLINKS: '/tmp/tmp.ocMuRFoTpU/nm-symlinks.json',
  SHLVL: '0',
  BAZEL_NODE_MODULES_ROOTS: '[...]',
  _RLOCATION_ISABS_PATTERN: '^/.*',
  BAZEL_PATCH_ROOTS: '[...]',
  PATH: '/nix/store/[...]/bin',
  BAZEL_WORKSPACE: '[...]',
  'BASH_FUNC_rlocation%%': '[...]',
  'BASH_FUNC_runfiles_export_envvars%%': '[...]',
  _: '[...]',
  __CF_USER_TEXT_ENCODING: '0x1F5:0:15'
}

After:

{
  NODE_REPOSITORY_ARGS: '--preserve-symlinks',
  PATH: '/nix/store/[...]/bin',
  TMPDIR: '/tmp',
  NM_SYMLINKS: '/tmp/tmp.UOHRoIIOwQ/nm-symlinks.json',
  // macOS thing
  __CF_USER_TEXT_ENCODING: '0x1F5:0:15',
  // For coverage support
  //NODE_V8_COVERAGE (tests only)
  // For NodeJS patcher
  RUNFILES_DIR: '[...]',
  RUNFILES: '[...]',
  BAZEL_PATCH_ROOTS: '[...]',
}

@Silic0nS0ldier Silic0nS0ldier marked this pull request as ready for review January 17, 2024 23:58
christianscott
christianscott approved these changes Jan 18, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@christianscott christianscott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Silic0nS0ldier
Copy link
Copy Markdown
Contributor Author

Silic0nS0ldier commented Feb 8, 2024

Testing flushed out some issues which have now been fixed. Reduction isn't as significant now, but it is still less.

Also included now is a fix for pkg_npm which like all actions by default lacked PATH, meaning OS default tools were picked up.

@Silic0nS0ldier Silic0nS0ldier merged commit 3ecd2d1 into main Feb 13, 2024
@Silic0nS0ldier Silic0nS0ldier mentioned this pull request Mar 13, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@christianscott christianscott christianscott approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Silic0nS0ldier @christianscott