Skip to content

Add versions upload support for explicit secrets#13023

Merged
petebacondarwin merged 2 commits intomainfrom
james/secrets-property-versions
Mar 24, 2026
Merged

Add versions upload support for explicit secrets#13023
petebacondarwin merged 2 commits intomainfrom
james/secrets-property-versions

Conversation

@jamesopstad
Copy link
Copy Markdown
Contributor

@jamesopstad jamesopstad commented Mar 23, 2026
edited
Loading

Add wrangler versions upload support for the experimental secrets configuration property

When the new secrets property is defined, wrangler versions upload now validates that all secrets declared in secrets.required are configured on the Worker before the upload succeeds. If any required secrets are missing, the upload fails with a clear error listing which secrets need to be set.

When secrets is not defined, the existing behavior is unchanged.

// wrangler.jsonc
{
	"secrets": {
		"required": ["API_KEY", "DB_PASSWORD"],
	},
}
  • Tests
    • Tests included/updated
    • Automated tests not possible - manual testing has been completed as follows:
    • Additional testing not necessary because:
  • Public documentation
    • Cloudflare docs PR(s):
    • Documentation not necessary because: to follow

A picture of a cute animal (not mandatory, but encouraged)

Open with Devin

@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Mar 23, 2026
edited
Loading

🦋 Changeset detected

Latest commit: 68678a4

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-project-automation github-project-automation bot moved this to Untriaged in workers-sdk Mar 23, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 23, 2026
edited
Loading

✅ All changesets look good

@ask-bonk
Copy link
Copy Markdown
Contributor

ask-bonk bot commented Mar 23, 2026

All looks correct. Let me now check one more thing — there's a question of whether the bindings_inherit=strict query param test is misleadingly placed. It's in the secrets.required describe block but doesn't exercise secrets.required. This is a test organization concern but not a bug. More importantly, let me verify the overall correctness:

  1. Extraction to shared module — Clean refactor, logic is identical
  2. bindings_inherit: "strict" unconditionally added — Matches deploy.ts behavior, makes sense
  3. workerExists tracking — Correctly initialized to true and set to false in the catch block
  4. Error handlinghandleMissingSecretsError either throws UserError or returns, and the original error is re-thrown after
  5. Test coverage — All scenarios covered including cross-cutting --secrets-file with secrets.required

LGTM

github run

@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new bot commented Mar 23, 2026
edited
Loading

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13023

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13023

miniflare

npm i https://pkg.pr.new/miniflare@13023

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13023

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13023

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13023

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13023

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13023

wrangler

npm i https://pkg.pr.new/wrangler@13023

commit: 68678a4

@jamesopstad jamesopstad force-pushed the james/secrets-property-versions branch 2 times, most recently from 80c3732 to be35c37 Compare March 23, 2026 19:17
@jamesopstad jamesopstad force-pushed the james/secrets-property-versions branch from be35c37 to ea7e2b5 Compare March 23, 2026 19:47
@jamesopstad jamesopstad force-pushed the james/secrets-property-versions branch from ea7e2b5 to 68678a4 Compare March 23, 2026 20:02
@jamesopstad jamesopstad marked this pull request as ready for review March 23, 2026 20:05
@jamesopstad jamesopstad requested a review from a team as a code owner March 23, 2026 20:05
@workers-devprod
Copy link
Copy Markdown
Contributor

workers-devprod commented Mar 23, 2026
edited
Loading

Codeowners approval required for this PR:

  • ✅ @cloudflare/wrangler
Show detailed file reviewers

devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional findings.

Open in Devin Review

@github-project-automation github-project-automation bot moved this from Untriaged to Approved in workers-sdk Mar 24, 2026
@petebacondarwin petebacondarwin merged commit 593c4db into main Mar 24, 2026
72 of 80 checks passed
@petebacondarwin petebacondarwin deleted the james/secrets-property-versions branch March 24, 2026 10:04
@github-project-automation github-project-automation bot moved this from Approved to Done in workers-sdk Mar 24, 2026
@workers-devprod workers-devprod mentioned this pull request Mar 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@petebacondarwin petebacondarwin petebacondarwin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

workers-sdk
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jamesopstad @workers-devprod @petebacondarwin