Problem: Clearing env vars breaks workflows

[umglurf]

Issue

This security fix breaks many legitimate workflows by removing every single environment variable before running a pipeline. I have several environment variables that I have set that I need to pass on the ansible run. On of them is for instance HTTPS_PROXY, now the pipelines are unable to reach out because this is no longer passed on. Instead of removing every environment variable, would it be possible to use a user configurarable whitelist?

Impact

Ansible (task execution)

Installation method

Docker

Database

Postgres

Browser

No response

Semaphore Version

2.10.32-f33944e-1729509092

Ansible Version

No response

Logs & errors

No response

Manual installation - system information

No response

Configuration

No response

Additional information

No response

[Omicron7]

Just coming on to report this as well. We use quite a few ENV vars set in the the docker container running Semaphore, and inventory, and playbooks are no longer working as they require the ENV vars for authentication and configuration.

[vdudejon]

Reporting as well, closed my own issue #2467 as a duplicate. Reverting to v2.10.31 resolved the problem.

[pascaliske]

This breaks for me as well – I have a few environment variables for proxy settings and installing private galaxy roles configured...

[fiftin]

Added env vars to config file. PR: https://github.com/semaphoreui/semaphore/pull/2470

Is is solution the issue?

[umglurf]

Added env vars to config file. PR: #2470

Is is solution the issue?

It would solve the issue, but as commented in the PR by @Omicron7, having a whitelist of environment variables would be preferable.