-
Notifications
You must be signed in to change notification settings - Fork 287
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build is dependent on a committed ENV file, and doesn't obey system ENV vars for GQL url #718
Comments
I think this should go into two separate issues, as the fact pages are statically generated at build time won't compromise security of environment vars. We don't necessarily need to provide env vars from file with static generation, although those used inside the client bundle as defined in next.config.js would be inlined at build time and not change until maybe the page is revalidated. Regarding how .env vars could be handled, I brought that up here: #691 (comment) and there: #667 (comment). |
Regarding the static pages: As discussed in the slack channel, skipping the render of static pages during build time currently seems to be no possibility. The fact that it still renders each page on build time with the stub data could be seen as an additional test ensuring each page actually renders, although sadly none that can be cleanly skipped like usual test steps and isn’t really separated. We could use two env vars that default to true, one to remove build time pages at the end of the build, and one to skip the build time test rendering. (or just couple them into one var) What I would like about this approach, although still a bit long-winded, is that it would still allow vercel deployments, and also still allow to go the build time pages way with these env vars set to false, a way other typical nextjs user might actually expect their deployment step to behave. We could get a bit more developer friendly this way, e.g. stating something like: |
Has there been any resolution to this, just encountered this when upgrading the images used by our helm chart ? Have had to rollback for now - whilst most people would opt to build their own images, I feel that being able to use a set of stock images gives people the opportunity to experiment in a quick start sort of fashion. For me I want to be able to store these values as secrets and be able to regularly rotate them without having to tie deployment phase credential management into ci; anything other than being able to load these values at runtime, breaks this for me. |
@dcrdev There's multiple ways how the env vars could be handled outside of the repo, this was an initial way to have something to be able to test production builds, as there was some confusion back then on how this could be handled. In the meantime, I'd suggest everyone struggling with this to have a look at the nextjs docs regarding handling of environment variables and static generation, and figure out a way that works best for them. |
There is a new I just realized, that this I made quick codesandbox example to demo this: |
Per Next Docs you're going to want to do something like:
Where ConfigMap items (not Secrets) are included in the bundle because of the prefix |
@janus-reith could you help us understand your logic behind including items in the |
@balibebas No, not at all a hack or something, and not really that relevant for the earlier issue outlined above. The example-storefront/next.config.js Line 5 in a7d6383
We could start to use the more recent NEXT_PUBLIC_ prefix instead and not explicitly list them in next.config.js , but it doesnt really make a difference. It's no hack or workaround, but simply how you provided env vars to the browser code.(The nextjs doc also mention that at the top, referencing to the previous docs ) The only thing NEXT_PUBLIC_ adds here is that it is easier to comprehend which vars might land on the client due to their name and that you save some lines of code in your next.config.js .You can easily verify that by looking at the nextjs codebase, this is the only relevant place where it is used: https://github.com/vercel/next.js/blob/04f37d0978e5fc9939012c1d771ef4e6535e7787/packages/next/build/webpack-config.ts#L974_L988 Same outcome as listing them in config.env , but that being said I'd be open to consider using NEXT_PUBLIC_ and rename some public env variables.
Regarding the actual underlying issues, the logic regarding which env is used where also remains the same, unrelated to that: API functions running on the server will always use the env they currently have and not have any baked in, so that would be that from runtime usually (They shouldnt really be called during build).
|
Perfect, thank you. That's helpful. Considering the major release seems like a good time to make a breaking change with the ENVs. Fancy a pull or are you still waiting for opinions? |
I guess I'm not making the decisions, maybe wait for some core team member to chime in. |
I am using a dirty fix that still lets me end up with .env.prod on the container so I do not have to change the code,
Called this env-populate and placed it in /bin. This file I call at a build step, while I insert the vars from a k8s secret. |
Type: critical
This is a blocker for releases
Describe the bug
The
BUILD_GRAPHQL_URL
and/or EXTERNAL_GRAPHQL_URL env var is being baked into the JS bundle, likely due to theNext.js
/webpack
/ static build. This bakes unchangeable configuration into the app, which leads to the built docker image on docker hub, being useless if you aren't using the default variables.Part of the solution for enabling the
Next.js
static build was maintaining a.env.prod
to supply those variables at build time for the production build. This env file is an anti-pattern for the following reasons.ENV vars should always come from the system, and never be in a file that is committed to source control. The
.env
and.env.example
files are a convenience local development only.Because of the
.env.prod
file and theNext.js
static build process, we're not able to use our generic Docker image published to Docker hub to run in our test environments, and generic users cannot use it as is without rebuilding.Expected behavior
Next.js
. This might be related to Optionally allow blocking fallback rendering #716.env.prod
and make the build not dependent on that file. It should get its vars from the environment, whether you put them there in a prefix to the command, orcat
them into the env, or set them in CI.Next.js
API route so we can take advantage of system environment varsThe text was updated successfully, but these errors were encountered: