Does not execute default values, subshells, etc.

[justinTM]

if you have a standard .env file:

export USER_EMAIL="${USER_EMAIL:-$(git config --get user.email)}"
export JOB_NAME="${CI_PROJECT_PATH//\//-}"
export UPPER_STAGE=$( echo $CI_ENVIRONMENT_STAGE | awk '{ print toupper(substr($1,1,1)) substr($1,2) }' )
export BUILD_JOB_NAME="Build Job Definition $UPPER_STAGE"

values do not get parsed correctly:

USER_EMAIL=""
JOB_NAME=""
UPPER_STAGE=$( echo $CI_ENVIRONMENT_STAGE | awk '{ print toupper(substr($1,1,1)) substr($1,2) }' )
BUILD_JOB_NAME=Build Job Definition $UPPER_STAGE

See also: https://github.com/theskumar/python-dotenv/issues/326 (1 year ago, no response) See also: https://github.com/theskumar/python-dotenv/issues/322 (1 year ago, no response)

Happy to open to a PR for this. I think we just need to use python to execute the commands in a shell and set value to the result.

[theskumar]

I'm happy to consider this if a maintainable & secure solution is available. The current implementation intends to provide very lightweight support for shell substitution. (No default values yet).

403 seems to be a promising approach where we would enable and support only limited bash-like capabilities.

While acknowledging it provides value, it also opens up a big pandora's box where we are maintaining a bash-like execution environment.

I'm not fully sold that this library should provide a full shell-like execution environment. While a custom python or shell script can do the same.

[nicolas-graves]

Hi @justinTM !

I couldn't find a solution for this, so I wrote one package that should be able to handle this right here: https://github.com/nicolas-graves/python-direnv

This is less safe than python-dotenv, but has a level of security by checking that you have indeed allowed the file to be run.

Contributions welcome !