Some commands should be able to run without argumetized secrets

[igor-alexandrov]

Hello, we use MRSK to build and deploy Rails app with GitHub Actions (local build directly on Actions runners). Everything generally works and looks great.

However, there is a place for a slight improvement.

In deploy.yml, we have secrets defined:

env:
  secret:
    - RAILS_MASTER_KEY
    - DATABASE_URL
    - REDIS_URL

These variables are populated in Actions before the mrsk deploy command, but we also run various MRSK commands from our working machines (mrsk traefik log etc.). These commands do not need any credentials since they only fetch information from hosts, however now, they require all vars to be defined:

➜  onetribe git:(feature/mrsk) mrsk traefik log
  ERROR (KeyError): key not found: "RAILS_MASTER_KEY"

Now we get round of this by passing dummy values before running:

➜  onetribe git:(feature/mrsk) RAILS_MASTER_KEY=1 DATABASE_URL=1 mrsk traefik log

I suggest introducing a set of commands that should not argumentize config and make it available to run without providing all defined secrets.

Thanks in advance!

[igor-alexandrov]

@djmb please take a look at this idea when you have time. I am open to any discussion.

[djmb]

@igor-alexandrov - you could use mrsk envify for this and include a .env.erb file that generates dummy values. Then from your work machines, you'll only need to run that once per environment.

[igor-alexandrov]

Yes, this also may work, but this will prevent Rails from loading correctly in development since DATABASE_URL will be wrong.

[igor-alexandrov]

I created Draft PR #339 to illustrate my idea.

[djmb]

Thanks @igor-alexandrov! I also had a go at this. We already have a with_lock block so it renames that to mutating and moves the env args check there - #342.

[igor-alexandrov]

@djmb you found a great solution! Thank you.