Ci safety
CI/CD Safety¶
All CLI commands work without cloud credentials, perfect for CI pipelines.
CI-Safe Commands¶
All commands support --ci flag:
# Validate (no cloud access)
envloader validate --ci --required API_KEY PORT
# Audit (no cloud access)
envloader audit --ci --json
# Diff (no cloud access)
envloader diff --ci --deny-secret-changes
# Explain (no cloud access)
envloader explain --ci
Guarantees¶
When using --ci flag:
- ✅ No network calls to cloud providers
- ✅ No credentials required
- ✅ Deterministic behavior
- ✅ Proper exit codes (0 = success, non-zero = failure)
CI Pipeline Example¶
GitHub Actions¶
name: Validate Config
on: [push, pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.8'
- run: pip install env-loader-pro
- run: envloader validate --ci --required API_KEY PORT
- run: envloader audit --ci --json > audit.json
- run: envloader diff --ci --deny-secret-changes
GitLab CI¶
validate:
image: python:3.8
script:
- pip install env-loader-pro
- envloader validate --ci --required API_KEY PORT
- envloader audit --ci --json
Validation in CI¶
Schema Validation¶
Required Variables¶
Audit in CI¶
Export Audit¶
Diff in CI¶
Prevent Secret Changes¶
Prevent Added Secrets¶
Best Practices¶
- Always use
--ciflag in CI pipelines - Validate early in pipeline
- Export audit logs for compliance
- Check for secret changes before deployment
- Use exit codes for pipeline control