Move dotenv to "require" #122
Conversation
|
Merging this would fix symfony/recipes#497 |
|
Not fond of promoting dotenv for production personally, I'd prefer to not do this change if we can. |
|
It's just adding the classes in |
|
From a user perspective (DX I would say), I'm ok with adding dotenv in require. |
|
You will not get an error if you forgot to define env vars. How can this be good DX? This is a security risk and bug festival. |
|
Yes you will, but at the container level. The .env files should provide default values, that's all. If you forgot to set one of them, the app will react accordingly. Having dotenv in dev for the reason you mention is a very loose band-aid I wouldn't recommend anyone to rely on. |
|
So why would env vars me missing if it reads the .env file which sets the default values? What's your solution that is more reliable and works 100% of the cases? |
|
To verify that all env vars are defined, you could have a script that loads .env files and then ensures the SYMFONY_DOTENV_VARS is empty. This script would make your deployment fail if not. |
|
To be honest, that extra script sounds like a workaround |
This PR was merged into the 3.4 branch. Discussion ---------- Move dotenv to "require" This doesn't hurt anything and should ease using .env files without issues. Commits ------- 5cd4dd8 Move dotenv to "require"
…s logic (cristi-contiu) This PR was submitted for the 4.1 branch but it was merged into the 4.4 branch instead. Discussion ---------- [Deployment] Update deployment docs with new .env files logic The [changes from last year regarding how the ``.env`` files are loaded](https://symfony.com/doc/current/configuration/dot-env-changes.html) can affect production deployments. Vendors like [Heroku](https://devcenter.heroku.com/articles/deploying-symfony4#environment-variables) give recommendations based on documentation that no longer applies: "It is recommended that you do not use the symfony/dotenv package in production". The ``symfony/dotenv`` has been moved from ``require-dev`` to ``require``, so the note I removed in this PR no longer applies: symfony/skeleton#122 , symfony/website-skeleton#132 and symfony/demo@7ead1e4 . Loading ``.env`` files in production will work without any changes in composer.json. Putting ``symfony/dotenv`` in ``require-dev`` (or not moving it to ``require`` during an upgrade from older versions of Symfony & recipes) can potentially break your app: if the DotEnv class is missing, the [`config/bootstrap.php` file inside the FrameworkBundle's recipe will throw a RuntimeException](https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/3.3/config/bootstrap.php#L14) . Also see symfony/recipes#501 The note now contains the right way to handle these files in production, by using ``$ composer dump-env prod`` in case you do not want the ``.env`` files to be processed on every request, also suggesting the ``--empty`` flag if you want to rely exclusively on "real" environment variables . Commits ------- b905b57 Update deployment docs with new .env loading
This doesn't hurt anything and should ease using .env files without issues.