Conversation
…ronment variables
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0c904f61b6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| PYGEOAPI_POSTGRES_PASSWORD: |- | ||
| ${PYGEOAPI_POSTGRES_PASSWORD} |
There was a problem hiding this comment.
In the Render app.yaml step of both .github/workflows/CD_staging.yml and .github/workflows/CD_production.yml, envsubst < .github/app.template.yaml > app.yaml performs raw substitution, and this new |- form means only the first substituted line is indented. If any of these secrets contain a newline, the next line starts at column 1, producing invalid YAML and causing deployment (gcloud app deploy app.yaml) to fail; this affects each variable converted to block-scalar style here.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Updates the App Engine app.yaml template used by the CD workflows to render secret-like environment variables more safely during envsubst, avoiding YAML quoting/escaping pitfalls for arbitrary secret contents.
Changes:
- Switched select
env_variablesentries from quoted scalars to YAML literal block scalars (|-) for safer rendering of secret values. - Applied this to
PYGEOAPI_POSTGRES_PASSWORD,GCS_SERVICE_ACCOUNT_KEY, andSESSION_SECRET_KEY.
Why
This PR addresses the following problem / context:
How
Implementation summary - the following was changed / added / removed:
Notes
Any special considerations, workarounds, or follow-up work to note?