[feat] replaced our wonky env setup with infisical (#170)

Co-authored-by: Codebuff <noreply@codebuff.com>

Author: brandonkachen

.env.example

@@ -2,7 +2,6 @@
 # Tests are parallelized to run faster by splitting them into separate jobs that run concurrently
 #
 # See the workflow visualization in knowledge file
-# ```
 
 name: CI
 
@@ -12,11 +11,6 @@ on:
   pull_request:
     branches: ['main']
 
-env:
-  CODEBUFF_GITHUB_ACTIONS: 'true'
-  NEXT_PUBLIC_CB_ENVIRONMENT: 'local'
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 # Define reusable job template
 jobs:
   build:
@@ -44,14 +38,28 @@ jobs:
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
-      - name: Set Environment Variables
+      - name: Set environment variables
+        env:
+          SECRETS_CONTEXT: ${{ toJSON(secrets) }}
         run: |
-          echo "${{ secrets.ENV_LOCAL }}" > .env.local
+          VAR_NAMES=$(node scripts/generate-ci-env.js)
+          echo "$SECRETS_CONTEXT" | jq -r --argjson vars "$VAR_NAMES" '
+            to_entries | .[] | select(.key as $k | $vars | index($k)) | .key + "=" + .value
+          ' >> $GITHUB_ENV
+          echo "CODEBUFF_GITHUB_ACTIONS=true" >> $GITHUB_ENV
+          echo "NEXT_PUBLIC_CB_ENVIRONMENT=test" >> $GITHUB_ENV
+          echo "NEXT_PUBLIC_INFISICAL_UP=true" >> $GITHUB_ENV
+          echo "CODEBUFF_GITHUB_TOKEN=${{ secrets.CODEBUFF_GITHUB_TOKEN }}" >> $GITHUB_ENV
 
       - name: Build and typecheck
         run: |
           bun run build
 
+      # - name: Open interactive debug shell
+      #   if: ${{ failure() }}
+      #   uses: mxschmitt/action-tmate@v3
+      #   timeout-minutes: 15 # optional guard
+
   # Template for test jobs
   test:
     needs: build
@@ -87,18 +95,87 @@ jobs:
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
-      - name: Set Environment Variables
+      - name: Set environment variables
+        env:
+          SECRETS_CONTEXT: ${{ toJSON(secrets) }}
         run: |
-          echo "${{ secrets.ENV_LOCAL }}" > .env.local
+          VAR_NAMES=$(node scripts/generate-ci-env.js)
+          echo "$SECRETS_CONTEXT" | jq -r --argjson vars "$VAR_NAMES" '
+            to_entries | .[] | select(.key as $k | $vars | index($k)) | .key + "=" + .value
+          ' >> $GITHUB_ENV
+          echo "CODEBUFF_GITHUB_ACTIONS=true" >> $GITHUB_ENV
+          echo "NEXT_PUBLIC_CB_ENVIRONMENT=test" >> $GITHUB_ENV
+          echo "NEXT_PUBLIC_INFISICAL_UP=true" >> $GITHUB_ENV
+          echo "CODEBUFF_GITHUB_TOKEN=${{ secrets.CODEBUFF_GITHUB_TOKEN }}" >> $GITHUB_ENV
 
       - name: Run ${{ matrix.package }} tests
         uses: nick-fields/retry@v3
         with:
           timeout_minutes: 10
           max_attempts: 5
-          command: cd ${{ matrix.package }} && bun test $(find src -name *.test.ts)
+          command: cd ${{ matrix.package }} && bun test $(find src -name '*.test.ts' ! -name '*.integration.test.ts')
 
       # - name: Open interactive debug shell
       #   if: ${{ failure() }}
       #   uses: mxschmitt/action-tmate@v3
       #   timeout-minutes: 15 # optional guard
+
+  # Template for test jobs
+  # test-integration:
+  #   needs: build
+  #   strategy:
+  #     matrix:
+  #       package: [npm-app, backend, common]
+  #       include:
+  #         - package: npm-app
+  #         - package: backend
+  #         - package: common
+  #   name: test-integration-${{ matrix.package }}
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Checkout repository
+  #       uses: actions/checkout@v3
+
+  #     - name: Set up Bun
+  #       uses: oven-sh/setup-bun@v2
+  #       with:
+  #         bun-version: '1.2.12'
+
+  #     - name: Cache dependencies
+  #       uses: actions/cache@v3
+  #       with:
+  #         path: |
+  #           node_modules
+  #           */node_modules
+  #           packages/*/node_modules
+  #         key: ${{ runner.os }}-deps-${{ hashFiles('**/bun.lockb') }}
+  #         restore-keys: |
+  #           ${{ runner.os }}-deps-
+
+  #     - name: Install dependencies
+  #       run: bun install --frozen-lockfile
+
+  #     - name: Set environment variables
+  #       env:
+  #         SECRETS_CONTEXT: ${{ toJSON(secrets) }}
+  #       run: |
+  #         VAR_NAMES=$(node scripts/generate-ci-env.js)
+  #         echo "$SECRETS_CONTEXT" | jq -r --argjson vars "$VAR_NAMES" '
+  #           to_entries | .[] | select(.key as $k | $vars | index($k)) | .key + "=" + .value
+  #         ' >> $GITHUB_ENV
+  #         echo "CODEBUFF_GITHUB_ACTIONS=true" >> $GITHUB_ENV
+  #         echo "NEXT_PUBLIC_CB_ENVIRONMENT=test" >> $GITHUB_ENV
+  #         echo "NEXT_PUBLIC_INFISICAL_UP=true" >> $GITHUB_ENV
+  #         echo "CODEBUFF_GITHUB_TOKEN=${{ secrets.CODEBUFF_GITHUB_TOKEN }}" >> $GITHUB_ENV
+
+  #     - name: Run ${{ matrix.package }} tests
+  #       uses: nick-fields/retry@v3
+  #       with:
+  #         timeout_minutes: 10
+  #         max_attempts: 5
+  #         command: cd ${{ matrix.package }} && bun test $(find src -name '*.integration.test.ts')
+
+  #     # - name: Open interactive debug shell
+  #     #   if: ${{ failure() }}
+  #     #   uses: mxschmitt/action-tmate@v3
+  #     #   timeout-minutes: 15 # optional guard

.github/workflows/ci.yml

@@ -12,6 +12,7 @@ tags
 node_modules
 dev
 dist
+dist-env
 tsconfig.tsbuildinfo
 .manicode
 __mock-projects__

.gitignore

@@ -0,0 +1,5 @@
+{
+  "workspaceId": "d1bc0497-df33-483e-b55c-0fd3eaca705f",
+  "defaultEnvironment": "dev",
+  "gitBranchToEnvironmentMapping": null
+}

.infisical.json

@@ -66,7 +66,11 @@ If you want to set up Codebuff for local development:
 
 1. Clone the repository and navigate to the project directory.
 
-2. Create a new `.env` file in the root directory. Copy the `.env.example` file and fill in the values for your environment.
+2. Set up your [Infisical](https://infisical.com/) user. Ask one of us to add you to the project. Then:
+  1. Install the Infisical CLI: `npm install -g @infisical/cli`
+  2. Log in to Infisical: `infisical login`
+  3. When prompted, select the "US" region.
+  4. After logging in, you can run any service. Infisical will automatically inject the necessary environment variables.
 
 3. Install dependencies and build packages in order:
 

README.md

@@ -12,6 +12,7 @@ module.exports = {
   moduleFileExtensions: ['ts', 'js', 'json', 'node'],
   moduleNameMapper: {
     '^common(.*)$': '<rootDir>/../common/src$1',
+    '^@/env$': '<rootDir>/../env.ts',
   },
   moduleDirectories: ['node_modules', '../node_modules'],
   setupFilesAfterEnv: ['<rootDir>/jest.setup.js'],

backend/jest.config.js

@@ -5,8 +5,8 @@
   "main": "dist/index.js",
   "license": "UNLICENSED",
   "scripts": {
-    "start": "bun run -r tsconfig-paths/register src/index.ts",
-    "dev": "bun --hot run -r tsconfig-paths/register src/index.ts",
+    "start": "infisical run --log-level=warn -- bun src/index.ts",
+    "dev": "infisical run --log-level=warn -- bun src/index.ts",
     "build": "tsc --build",
     "typecheck-this-package": "tsc --noEmit && tsc-alias",
     "typecheck": "bun run --cwd ../common build && bun run typecheck-this-package",
@@ -20,7 +20,6 @@
     "@codebuff/internal": "workspace:*",
     "@google-cloud/vertexai": "1.10.0",
     "@google/generative-ai": "0.24.1",
-    "@t3-oss/env-core": "0.11.1",
     "ai": "4.3.16",
     "common": "workspace:*",
     "cors": "^2.8.5",
@@ -35,8 +34,7 @@
     "postgres": "3.4.4",
     "posthog-node": "^4.14.0",
     "ts-pattern": "5.3.1",
-    "ws": "8.18.0",
-    "zod": "3.23.8"
+    "ws": "8.18.0"
   },
   "devDependencies": {
     "@types/bun": "^1.1.16",

backend/package.json

@@ -19,5 +19,5 @@
       }
     }
   },
-  "implicitDependencies": ["common"]
+  "implicitDependencies": ["common", "@codebuff/internal"]
 }

backend/project.json

@@ -11,7 +11,7 @@ import {
 } from './admin/relabelRuns'
 import usageHandler from './api/usage'
 import { isRepoCoveredHandler } from './api/org'
-import { env } from './env.mjs'
+import { env } from '@/env'
 import { checkAdmin } from './util/check-auth'
 import { logger } from './util/logger'
 import {
@@ -103,7 +103,7 @@ let shutdownInProgress = false
 // Graceful shutdown handler for both SIGTERM and SIGINT
 function handleShutdown(signal: string) {
   flushAnalytics()
-  if (process.env.NEXT_PUBLIC_CB_ENVIRONMENT === 'local') {
+  if (env.NEXT_PUBLIC_CB_ENVIRONMENT === 'dev') {
     console.log('\nLocal environment detected. Not awaiting client exits.')
     server.close((error) => {
       console.log('Received error closing server', { error })