Skip to content

cmd/bundle: add --no-secrets switch. #21137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MikeMcQuaid merged 1 commit into from
Nov 27, 2025
Merged

cmd/bundle: add --no-secrets switch. #21137

MikeMcQuaid merged 1 commit into from
Nov 27, 2025

Conversation

@MikeMcQuaid
Copy link
Member

@MikeMcQuaid MikeMcQuaid commented Nov 27, 2025

This is handy if you're creating a brew bundle environment that makes use of Homebrew's environment filtering of secrets/tokents/etc:

/(cookie|key|token|password|passphrase)/i

While we're here, let's also add HOMEBREW_BUNDLE_CHECK and HOMEBREW_BUNDLE_NO_SECRETS environment variables.

Copilot AI review requested due to automatic review settings November 27, 2025 13:15
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a --no-secrets switch to the brew bundle command that removes sensitive environment variables (matching /(cookie|key|token|password|passphrase)/i) before running exec, sh, or env subcommands. The PR also adds environment variable support for HOMEBREW_BUNDLE_CHECK and HOMEBREW_BUNDLE_NO_SECRETS, allowing these options to be set via environment variables instead of command-line flags.

Key changes:

  • Added --no-secrets switch with HOMEBREW_BUNDLE_NO_SECRETS environment variable support
  • Added HOMEBREW_BUNDLE_CHECK environment variable support to existing --check switch
  • Auto-generated Sorbet type signatures updated to include no_secrets? method

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.

File Description
Library/Homebrew/cmd/bundle.rb Added --no-secrets and --check switch definitions with environment variable mappings, and implementation to clear sensitive environment variables when executing commands
Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/bundle.rbi Auto-generated Sorbet type signatures updated to include no_secrets? method and remove obsolete flatpak_remotes? methods
Files not reviewed (1)
  • Library/Homebrew/sorbet/rbi/dsl/homebrew/cmd/bundle.rbi: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@MikeMcQuaid
cmd/bundle: add --no-secrets switch.
915d283 
This is handy if you're creating a `brew bundle` environment that makes
use of Homebrew's environment filtering of secrets/tokents/etc:

`/(cookie|key|token|password|passphrase)/i`

While we're here, let's also add `HOMEBREW_BUNDLE_CHECK` and
`HOMEBREW_BUNDLE_NO_SECRETS` environment variables.
@MikeMcQuaid MikeMcQuaid added this pull request to the merge queue Nov 27, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 27, 2025
@MikeMcQuaid MikeMcQuaid added this pull request to the merge queue Nov 27, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 27, 2025
@MikeMcQuaid MikeMcQuaid added this pull request to the merge queue Nov 27, 2025
Merged via the queue into main with commit 6debce2 Nov 27, 2025
35 checks passed
@MikeMcQuaid MikeMcQuaid deleted the bundle_no_secrets branch November 27, 2025 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@p-linnane p-linnane p-linnane approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MikeMcQuaid @p-linnane