chore(docs): clean up environment variables (#36036)

Our environment variables are a bit of a mess, so cleaning them up: - We have duplicate environment variables that resolve to the same thing but just have different names, deduplicating all of these - We have a .env.development (for publicly safe variables) and a .env.example, we really only need one - Privately, we have a .env (for running scripts) and a .env.local (for Next.js). Changing the dotenv source for scripts, so again we only need one
2026-05-07 06:27:16 +08:00 · 2025-05-29 16:35:26 -04:00
parent 33b9e1ed29
commit f58eead769
13 changed files with 61 additions and 58 deletions
--- a/.github/workflows/docs-last-changed.yml
+++ b/.github/workflows/docs-last-changed.yml
@@ -19,7 +19,7 @@ jobs:

    env:
      NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.SEARCH_SUPABASE_URL }}
-      SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}
+      SUPABASE_SECRET_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}

    steps:
      - name: Check out repo
--- a/.github/workflows/docs-sync-troubleshooting.yml
+++ b/.github/workflows/docs-sync-troubleshooting.yml
@@ -17,9 +17,9 @@ jobs:
    runs-on: ubuntu-latest

    env:
-      SEARCH_GITHUB_APP_ID: ${{ secrets.SEARCH_GITHUB_APP_ID }}
-      SEARCH_GITHUB_APP_INSTALLATION_ID: ${{ secrets.SEARCH_GITHUB_APP_INSTALLATION_ID }}
-      SEARCH_GITHUB_APP_PRIVATE_KEY: ${{ secrets.SEARCH_GITHUB_APP_PRIVATE_KEY }}
+      DOCS_GITHUB_APP_ID: ${{ secrets.SEARCH_GITHUB_APP_ID }}
+      DOCS_GITHUB_APP_INSTALLATION_ID: ${{ secrets.SEARCH_GITHUB_APP_INSTALLATION_ID }}
+      DOCS_GITHUB_APP_PRIVATE_KEY: ${{ secrets.SEARCH_GITHUB_APP_PRIVATE_KEY }}
      NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.SEARCH_SUPABASE_URL }}
      SUPABASE_SECRET_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}

--- a/.github/workflows/search.yml
+++ b/.github/workflows/search.yml
@@ -29,12 +29,14 @@ jobs:
    runs-on: ubuntu-latest

    env:
-      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      DOCS_GITHUB_APP_ID: ${{ secrets.SEARCH_GITHUB_APP_ID }}
+      DOCS_GITHUB_APP_INSTALLATION_ID: ${{ secrets.SEARCH_GITHUB_APP_INSTALLATION_ID }}
+      DOCS_GITHUB_APP_PRIVATE_KEY: ${{ secrets.SEARCH_GITHUB_APP_PRIVATE_KEY }}
+      NEXT_PUBLIC_MISC_URL: ${{ secrets.NEXT_PUBLIC_MISC_URL}}
+      NEXT_PUBLIC_MISC_ANON_KEY: ${{ secrets.NEXT_PUBLIC_MISC_ANON_KEY }}
      NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.SEARCH_SUPABASE_URL }}
-      SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}
-      SEARCH_GITHUB_APP_ID: ${{ secrets.SEARCH_GITHUB_APP_ID }}
-      SEARCH_GITHUB_APP_INSTALLATION_ID: ${{ secrets.SEARCH_GITHUB_APP_INSTALLATION_ID }}
-      SEARCH_GITHUB_APP_PRIVATE_KEY: ${{ secrets.SEARCH_GITHUB_APP_PRIVATE_KEY }}
+      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+      SUPABASE_SECRET_KEY: ${{ secrets.SEARCH_SUPABASE_SERVICE_ROLE_KEY }}

    steps:
      - name: Check out repo
@@ -58,10 +60,6 @@ jobs:
      - name: Download dependencies
        run: pnpm i

-      # Need the miscellaneous use API, which is available publicly (by design) in www
-      - name: Copy environment variables
-        run: cp apps/www/.env.local.example apps/docs/.env
-
      - name: Update embeddings
        working-directory: ./apps/docs
        if: ${{ !inputs.refresh }}
--- a/apps/docs/.env.development
+++ b/apps/docs/.env.development
@@ -2,5 +2,17 @@
 # Only publicly available environment variables should be listed here.
 # Do not add secrets here. Use .env.local instead.

+NEXT_PUBLIC_SITE_URL="http://localhost:3001"
+NEXT_PUBLIC_BASE_PATH="/docs"
+
+# Whether to enable features available only on Supabase's own hosted services
+# Setting this to true requires certain secret keys
+NEXT_PUBLIC_IS_PLATFORM="false"
+
+# Supabase project containing integration information
 NEXT_PUBLIC_MISC_URL="https://obuldanrptloktxcffvn.supabase.co"
 NEXT_PUBLIC_MISC_ANON_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Im9idWxkYW5ycHRsb2t0eGNmZnZuIiwicm9sZSI6ImFub24iLCJpYXQiOjE3MTg2MTQ2ODUsImV4cCI6MjAzNDE5MDY4NX0.NFt49g6DFkc1X5khCzN5p01iAVo2TMxlx88cY1V0E2M"
+
+# Supabase project containing docs content information
+NEXT_PUBLIC_SUPABASE_URL="https://xguihxuzqibwxjnimxev.supabase.co"
+NEXT_PUBLIC_SUPABASE_ANON_KEY="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InhndWloeHV6cWlid3hqbmlteGV2Iiwicm9sZSI6ImFub24iLCJpYXQiOjE3MTgzNzc1MTgsImV4cCI6MjAzMzk1MzUxOH0.aIqjQ9V7djMxYit-DT1fYNV_VWMHSqldh_18XfX2_BE"
--- a/apps/docs/.env.example
+++ b/apps/docs/.env.example
@@ -1,14 +0,0 @@
-# PUBLIC
-NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
-NEXT_PUBLIC_SUPABASE_ANON_KEY=
-
-# PRIVATE
-OPENAI_API_KEY=
-SUPABASE_SERVICE_ROLE_KEY=
-SEARCH_GITHUB_APP_ID=
-SEARCH_GITHUB_APP_INSTALLATION_ID=
-SEARCH_GITHUB_APP_PRIVATE_KEY=
-
-# Set IS_PLATFORM to true if you have the api keys and urls
-NEXT_PUBLIC_IS_PLATFORM=false
-NEXT_PUBLIC_LOCAL_SUPABASE=false
--- a/apps/docs/features/docs/Troubleshooting.script.mjs
+++ b/apps/docs/features/docs/Troubleshooting.script.mjs
@@ -7,6 +7,8 @@
 * Discussions.
 */

+import _configureDotEnv from '../../scripts/utils/dotenv'
+
 import { createAppAuth } from '@octokit/auth-app'
 import { Octokit } from '@octokit/core'
 import { createClient } from '@supabase/supabase-js'
@@ -20,13 +22,12 @@ import { gfm } from 'micromark-extension-gfm'
 import { mdxjs } from 'micromark-extension-mdxjs'
 import { readFile, writeFile } from 'node:fs/promises'
 import { parse, stringify } from 'smol-toml'
-
 import {
  getAllTroubleshootingEntriesInternal as getAllTroubleshootingEntries,
  getArticleSlug,
 } from './Troubleshooting.utils.common.mjs'

-import 'dotenv/config'
+const _ = _configureDotEnv

 const REPOSITORY_ID = 'MDEwOlJlcG9zaXRvcnkyMTQ1ODcxOTM='
 const TROUBLESHOOTING_CATEGORY_ID = 'DIC_kwDODMpXOc4CUvEr'
@@ -52,9 +53,9 @@ function octokit() {
    octokitInstance = new Octokit({
      authStrategy: createAppAuth,
      auth: {
-        appId: process.env.SEARCH_GITHUB_APP_ID,
-        installationId: process.env.SEARCH_GITHUB_APP_INSTALLATION_ID,
-        privateKey: process.env.SEARCH_GITHUB_APP_PRIVATE_KEY,
+        appId: process.env.DOCS_GITHUB_APP_ID,
+        installationId: process.env.DOCS_GITHUB_APP_INSTALLATION_ID,
+        privateKey: process.env.DOCS_GITHUB_APP_PRIVATE_KEY,
      },
    })
  }
--- a/apps/docs/scripts/last-changed.ts
+++ b/apps/docs/scripts/last-changed.ts
@@ -11,7 +11,7 @@
 *  the last Git commit date.
 */

-import 'dotenv/config'
+import _configureDotEnv from './utils/dotenv'

 import { createClient, type SupabaseClient } from '@supabase/supabase-js'
 import matter from 'gray-matter'
@@ -25,6 +25,8 @@ import { SimpleGit, simpleGit } from 'simple-git'
 import { parse } from 'smol-toml'
 import { Section } from './helpers.mdx.js'

+const _ = _configureDotEnv
+
 interface Options {
  reset: boolean
 }
@@ -47,7 +49,7 @@ type SectionWithChecksum = Omit<Section, 'heading'> &

 const REQUIRED_ENV_VARS = {
  SUPABASE_URL: 'NEXT_PUBLIC_SUPABASE_URL',
-  SERVICE_ROLE_KEY: 'SUPABASE_SERVICE_ROLE_KEY',
+  SERVICE_ROLE_KEY: 'SUPABASE_SECRET_KEY',
 } as const

 const __dirname = path.dirname(fileURLToPath(import.meta.url))
--- a/apps/docs/scripts/llms.ts
+++ b/apps/docs/scripts/llms.ts
@@ -1,3 +1,5 @@
+import _configureDotEnv from './utils/dotenv'
+
 import 'dotenv/config'
 import fs from 'node:fs/promises'
 import { fileURLToPath } from 'node:url'
@@ -13,6 +15,8 @@ import {
  type SearchSource,
 } from './search/sources/index.js'

+const _ = _configureDotEnv
+
 interface Source {
  title: string
  /**
--- a/apps/docs/scripts/search/generate-embeddings.ts
+++ b/apps/docs/scripts/search/generate-embeddings.ts
@@ -1,11 +1,14 @@
+import _configureDotenv from '../utils/dotenv'
+
 import { createClient } from '@supabase/supabase-js'
-import 'dotenv/config'
 import { parseArgs } from 'node:util'
 import { OpenAI } from 'openai'
 import { v4 as uuidv4 } from 'uuid'
 import type { Json, Section } from '../helpers.mdx.js'
 import { fetchAllSources } from './sources/index.js'

+const _ = _configureDotenv
+
 const args = parseArgs({
  options: {
    refresh: {
@@ -18,19 +21,20 @@ async function generateEmbeddings() {
  const shouldRefresh = Boolean(args.values.refresh)

  const requiredEnvVars = [
+    'DOCS_GITHUB_APP_ID',
+    'DOCS_GITHUB_APP_INSTALLATION_ID',
+    'DOCS_GITHUB_APP_PRIVATE_KEY',
+    'NEXT_PUBLIC_MISC_ANON_KEY',
+    'NEXT_PUBLIC_MISC_URL',
    'NEXT_PUBLIC_SUPABASE_URL',
-    'SUPABASE_SERVICE_ROLE_KEY',
    'OPENAI_API_KEY',
-    'NEXT_PUBLIC_MISC_USE_URL',
-    'NEXT_PUBLIC_MISC_USE_ANON_KEY',
-    'SEARCH_GITHUB_APP_ID',
-    'SEARCH_GITHUB_APP_INSTALLATION_ID',
-    'SEARCH_GITHUB_APP_PRIVATE_KEY',
+    'SUPABASE_SECRET_KEY',
  ]

-  if (requiredEnvVars.some((name) => !process.env[name])) {
+  const missingEnvVars = requiredEnvVars.filter((name) => !process.env[name])
+  if (missingEnvVars.length > 0) {
    throw new Error(
-      `Environment variables ${requiredEnvVars.join(
+      `Environment variables ${missingEnvVars.join(
        ', '
      )} are required: skipping embeddings generation`
    )
@@ -38,8 +42,7 @@ async function generateEmbeddings() {

  const supabaseClient = createClient(
    process.env.NEXT_PUBLIC_SUPABASE_URL,
-    // eslint-disable-next-line turbo/no-undeclared-env-vars
-    process.env.SUPABASE_SERVICE_ROLE_KEY,
+    process.env.SUPABASE_SECRET_KEY,
    {
      auth: {
        persistSession: false,
--- a/apps/docs/scripts/search/sources/github-discussion.ts
+++ b/apps/docs/scripts/search/sources/github-discussion.ts
@@ -25,11 +25,9 @@ export type DiscussionsResponse = {
  }
 }

-const appId = process.env.SEARCH_GITHUB_APP_ID ?? process.env.DOCS_GITHUB_APP_ID
-const installationId =
-  process.env.SEARCH_GITHUB_APP_INSTALLATION_ID ?? process.env.DOCS_GITHUB_APP_INSTALLATION_ID
-const privateKey =
-  process.env.SEARCH_GITHUB_APP_PRIVATE_KEY ?? process.env.DOCS_GITHUB_APP_PRIVATE_KEY
+const appId = process.env.DOCS_GITHUB_APP_ID
+const installationId = process.env.DOCS_GITHUB_APP_INSTALLATION_ID
+const privateKey = process.env.DOCS_GITHUB_APP_PRIVATE_KEY

 /**
 * Fetches GitHub discussions for a repository + category
--- a/apps/docs/scripts/search/sources/partner-integrations.ts
+++ b/apps/docs/scripts/search/sources/partner-integrations.ts
@@ -8,9 +8,8 @@ type PartnerData = {
  overview: string // The Markdown content for indexing
 }

-const supabaseUrl = process.env.NEXT_PUBLIC_MISC_USE_URL ?? process.env.NEXT_PUBLIC_MISC_URL
-const supabaseAnonKey =
-  process.env.NEXT_PUBLIC_MISC_USE_ANON_KEY ?? process.env.NEXT_PUBLIC_MISC_ANON_KEY
+const supabaseUrl = process.env.NEXT_PUBLIC_MISC_URL
+const supabaseAnonKey = process.env.NEXT_PUBLIC_MISC_ANON_KEY

 let supabaseClient: SupabaseClient
 function getSupabaseClient() {
--- a/apps/docs/scripts/utils/dotenv.ts
+++ b/apps/docs/scripts/utils/dotenv.ts
@@ -0,0 +1,5 @@
+import dotenv from 'dotenv'
+
+dotenv.config({ path: '.env.local' })
+
+export default undefined
--- a/apps/docs/turbo.json
+++ b/apps/docs/turbo.json
@@ -17,9 +17,7 @@
        "NEXT_PUBLIC_SUPABASE_URL",
        "NEXT_PUBLIC_SUPABASE_ANON_KEY",
        "NEXT_PUBLIC_MISC_URL",
-        "NEXT_PUBLIC_MISC_USE_URL",
        "NEXT_PUBLIC_MISC_ANON_KEY",
-        "NEXT_PUBLIC_MISC_USE_ANON_KEY",
        "NODE_ENV",
        "NEXT_PUBLIC_API_URL",
        "NEXT_PUBLIC_BASE_PATH",
@@ -48,9 +46,6 @@
        "DOCS_REVALIDATION_OVERRIDE_KEYS",
        "FORCE_ASSET_CDN",
        "OPENAI_API_KEY",
-        "SEARCH_GITHUB_APP_ID",
-        "SEARCH_GITHUB_APP_INSTALLATION_ID",
-        "SEARCH_GITHUB_APP_PRIVATE_KEY",
        "SITE_NAME",
        "SUPABASE_SECRET_KEY"
      ],