3

I am working on developing a solution that simplifies hands-on debugging of failed Jenkins builds. This involves SSH-ing to the right Jenkins node and going directly on the WORKSPACE so you can interactively try different changes that could solve your problem.

While I solved the problem of starting a SSH session in the right directory there is one missing bit: your shell is missing the original environment variables defined by Jenkins, and these are critical for running any commands after that. So, not the first command of the build is a set > .envrc which saves all into this shell file.

My example refers to the direnv tool which is able to auto-load .envrc files. Due to security concerns this tool does not auto-load these files and gives a message direnv: error .envrc is blocked. Rundirenv allowto approve its content.

So my current solution is to manually run direnv allow after ending up in the right folder.

How can I automate this, so I would not have to type this? A prompting could be ok because it would involve only pressing one key instead of typing ~12.

Please note that I am not forced to use direnv itself, I am open to other solution.

sorin
  • 161,544
  • 178
  • 535
  • 806

1 Answers1

3

As of v2.15.0, you can now use direnv's whitelist configuration to achieve what you described:

Specifying whitelist directives marks specific directory hierarchies or specific directories as "trusted" -- direnv will evaluate any matching .envrc files regardless of whether they have been specifically allowed. This feature should be used with great care, as anyone with the ability to write files to that directory (including collaborators on VCS repositories) will be able to execute arbitrary code on your computer.

For example, say that the directory hierarchy that contains the .envrcs you want to be evaluated without having to run direnv allow is located under /home/foo/bar.

Create the file /home/foo/.config/direnv/config.toml so that it contains the following:

[whitelist]
prefix = [ "/home/foo/bar" ]

Alternatively, if there are a fixed list of specific paths you want to whitelist, you can use exact rather than prefix:

[whitelist]
exact = [ "/home/foo/projectA", "/home/foo/projectB" ]
eddies
  • 7,113
  • 3
  • 36
  • 39
  • Has anyone got this to work on MacOS, I added `export XDG_CONFIG_HOME="$HOME/.config"` to `.zshrc` and created `$XDG_CONFIG_HOME/direnv/direnv.toml` but I still get asked to `direnv allow` on changes to `.envrc`... I'm using on direnv 2.23.2 – Kris Jan 30 '23 at 16:27