[Breaking change] Update TEMPORAL_ injected env vars to match those expected by SDKs #130
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change updates the environment variables injected by the worker controller to match the standard names expected by Temporal SDKs: - TEMPORAL_HOST_PORT → TEMPORAL_ADDRESS - TEMPORAL_TLS_KEY_PATH → TEMPORAL_TLS_CLIENT_KEY_PATH - TEMPORAL_TLS_CERT_PATH → TEMPORAL_TLS_CLIENT_CERT_PATH - Added TEMPORAL_TLS=true when mTLS is enabled Also updates all tests, documentation, and demo code to use the new environment variable names. Fixes #128
Prefix the build ID environment variable with TEMPORAL_ to match the naming convention of other Temporal SDK environment variables.
jlegrone
commented
Aug 26, 2025
- Add unit test that verifies environment variables injected by the controller are compatible with go.temporal.io/sdk/contrib/envconfig - Update demo client code to use envconfig.LoadDefaultClientOptions() instead of manually constructing client options - Add go.temporal.io/sdk/contrib/envconfig dependency This ensures that the environment variables we inject follow the standard patterns expected by the Temporal SDK ecosystem.
- Update worker.go to use TEMPORAL_WORKER_BUILD_ID instead of WORKER_BUILD_ID - Simplify env.go to only contain temporalTaskQueue and mustGetEnv function - Remove unused environment variables that are now handled by envconfig: temporalHostPort, temporalNamespace, tlsKeyFilePath, tlsCertFilePath The client configuration is now handled by envconfig.LoadDefaultClientOptions(), so we only need the task queue name for worker creation.
jlegrone
commented
Aug 26, 2025
- Rename TestNewDeploymentWithOwnerRef_EnvironmentVariables to TestNewDeploymentWithOwnerRef_EnvironmentVariablesAndVolumes to better reflect that it tests both env vars and volume mounts - Add exhaustive coverage for all environment variables injected by the controller in TestNewDeploymentWithOwnerRef_EnvConfigSDKCompatibility - Add verification that TLS is not configured for non-mTLS connections Addresses: - #130 (comment) - #130 (comment)
The previous implementation incorrectly checked that environment variables were set, but the review comment asked to verify that the parsed client options from envconfig contain the expected values. Now properly tests: - HostPort is parsed from TEMPORAL_ADDRESS - Namespace is parsed from TEMPORAL_NAMESPACE - Other client option fields have expected default values - Worker-specific env vars (TEMPORAL_DEPLOYMENT_NAME, TEMPORAL_WORKER_BUILD_ID) are available for worker versioning Addresses: #130 (comment)
jlegrone
commented
Aug 26, 2025
Changed test HostPort from localhost:7233 to test.temporal.example:9999 to ensure we're testing actual environment variable parsing rather than potentially getting default values from the envconfig package. This makes the test more reliable for detecting configuration issues.
Restructured TestNewDeploymentWithOwnerRef_EnvConfigSDKCompatibility to include both TLS and non-TLS test cases: - Non-TLS case: Fully tests envconfig parsing and client options - TLS case: Verifies TLS environment variables are set correctly (skips actual client loading due to certificate validation complexity) This provides comprehensive coverage of both connection types while avoiding the complexity of creating valid test certificates. Addresses: #130 (comment)
This dependency is required by internal/demo/util/client.go for SDK configuration parsing. The CI was failing because this dependency was not explicitly listed in go.mod.
The demo module has its own go.mod file and also needs the go.temporal.io/sdk/contrib/envconfig dependency for CI builds to succeed when controller-gen scans all code paths.
jlegrone
commented
Aug 26, 2025
- Include actual values in error messages for better debugging - Generate self-signed certificates for TLS envconfig testing - Enable full TLS test coverage with valid certificate files Addresses: - #130 (comment) - #130 (comment)
jlegrone
commented
Aug 26, 2025
- Remove expectedAddress and expectTLS fields from test cases - Infer expected values directly from connection spec - Simplifies test structure and reduces duplication Addresses: - #130 (comment) - #130 (comment)
jlegrone
commented
Aug 26, 2025
jlegrone
commented
Aug 26, 2025
- Use pem.Encode() with os.Create() to write directly to files - Replace pem.EncodeToMemory() + os.WriteFile() pattern - Use t.TempDir() for proper test file cleanup - Reduces memory allocation and improves performance - Add proper file handle cleanup with defer statements Addresses: #130 (comment)
- Add namespace string field to EnvConfigSDKCompatibility test cases - Use different namespaces for TLS vs non-TLS test scenarios - Replace hardcoded "test-namespace" references with tt.namespace - Improves test clarity and prevents namespace collision Addresses: #130 (comment)
jlegrone
commented
Aug 26, 2025
- Remove assertions for certificate paths that were just set by t.Setenv() - Keep only the meaningful assertion for TEMPORAL_TLS set by deployment - Eliminates superfluous test code that doesn't add validation value Addresses: #130 (comment)
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR updates the environment variables injected by the worker controller to match the standard names expected by Temporal SDKs, improving compatibility and reducing configuration complexity.
- Rename environment variables to SDK-standard names (e.g.,
TEMPORAL_HOST_PORT→TEMPORAL_ADDRESS) - Add
TEMPORAL_TLS=trueenvironment variable when mTLS is enabled - Modernize demo code to use
go.temporal.io/sdk/contrib/envconfigfor configuration parsing
Reviewed Changes
Copilot reviewed 11 out of 13 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/k8s/deployments.go | Updates environment variable names in deployment creation and adds TEMPORAL_TLS flag |
| internal/k8s/deployments_test.go | Adds comprehensive tests for environment variable injection and SDK compatibility |
| internal/demo/util/client.go | Modernizes client creation to use envconfig package instead of manual environment parsing |
| internal/demo/util/env.go | Removes manual environment variable handling, keeping only task queue variable |
| internal/demo/util/worker.go | Updates references to use new TEMPORAL_WORKER_BUILD_ID variable name |
| internal/testhelpers/workers.go | Updates test helper to use new environment variable names |
| internal/planner/planner.go | Updates deployment connection spec update logic for new variable names |
| internal/planner/planner_test.go | Updates tests to verify new TEMPORAL_ADDRESS variable |
| README.md | Updates documentation to reflect new environment variable names |
| go.mod | Adds envconfig dependency for SDK compatibility testing |
| internal/demo/go.mod | Adds envconfig dependency for demo modernization |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
- Reorganize imports to follow Go conventions (separate stdlib/external/internal) - Consolidate TLS and non-TLS test logic into unified flow - Add certificate path validation against expected volume mount paths - Fix slice modification to properly override certificate paths with temp files - Improve test structure by validating deployment env vars before overriding - Remove redundant code duplication between TLS and non-TLS branches
Add missing os.Create() calls for certFile and keyFile variables that were being referenced but not declared after the git rebase. Fixes CI failure: https://github.com/temporalio/temporal-worker-controller/actions/runs/17252197679/job/48956754842
Collaborator
|
you can run |
Replace defer statements with t.Cleanup for file closure to follow Go testing best practices. t.Cleanup is preferred in test functions as it ensures cleanup runs even if the test panics or exits early.
carlydf
approved these changes
Aug 26, 2025
…tion Replace string concatenation for the Version field with the proper worker.WorkerDeploymentVersion struct that has separate DeploymentName and BuildId fields. This follows the Temporal SDK's expected API. Addresses: #130 (comment)
The go.work.sum file needed to be updated after adding the demo module to the workspace to track checksums for the new dependency graph. Fixes CI failure: https://github.com/temporalio/temporal-worker-controller/actions/runs/17252545293/job/48957836099?pr=130
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates the environment variables injected by the worker controller to match the standard names expected by Temporal SDKs, improving compatibility and reducing configuration complexity for users.
Fixes #128
Key Changes
Environment Variable Updates:
TEMPORAL_HOST_PORT→TEMPORAL_ADDRESSTEMPORAL_TLS_KEY_PATH→TEMPORAL_TLS_CLIENT_KEY_PATHTEMPORAL_TLS_CERT_PATH→TEMPORAL_TLS_CLIENT_CERT_PATHWORKER_BUILD_ID→TEMPORAL_WORKER_BUILD_IDTEMPORAL_TLS=truewhen mTLS is enabledExample code changes:
go.temporal.io/sdk/contrib/envconfigfor configuration parsingTest Plan
go.temporal.io/sdk/contrib/envconfigMigration Notes
This is a BREAKING CHANGE which updates the environment variables that the controller injects into worker deployments. Existing workers will need to read in the new environment variable names when they are next updated by the controller.