only check for env_file

ndeloof · glours · commit e0977c2df181 · 2025-11-28T09:48:55.000+01:00
Signed-off-by: Nicolas De Loof &lt;nicolas.deloof@gmail.com&gt;
diff --git a/pkg/compose/publish.go b/pkg/compose/publish.go
@@ -297,7 +297,6 @@ func (s *composeService) generateImageDigestsOverride(ctx context.Context, proje
 	return override.MarshalYAML()
 }
 
-//nolint:gocyclo
 func (s *composeService) preChecks(project *types.Project, options api.PublishOptions) (bool, error) {
 	if ok, err := s.checkOnlyBuildSection(project); !ok || err != nil {
 		return false, err
@@ -340,50 +339,20 @@ func (s *composeService) preChecks(project *types.Project, options api.PublishOp
 			return false, err
 		}
 	}
-	envVariables, err := s.checkEnvironmentVariables(project, options)
+	err = s.checkEnvironmentVariables(project, options)
 	if err != nil {
 		return false, err
 	}
-	if len(envVariables) > 0 {
-		b := strings.Builder{}
-		b.WriteString("you are about to publish environment variables within your OCI artifact.\n" +
-			"please double check that you are not leaking sensitive data\n")
-		for key, val := range envVariables {
-			b.WriteString("Service/Config  ")
-			b.WriteString(key)
-			b.WriteRune('\n')
-			for k, v := range val {
-				b.WriteString(fmt.Sprintf("%s=%v\n", k, *v))
-			}
-		}
-		b.WriteString("Are you ok to publish these environment variables?")
-		confirm, err := s.prompt(b.String(), false)
-		if err != nil || !confirm {
-			return false, err
-		}
-	}
 	return true, nil
 }
 
-func (s *composeService) checkEnvironmentVariables(project *types.Project, options api.PublishOptions) (map[string]types.MappingWithEquals, error) {
-	envVarList := map[string]types.MappingWithEquals{}
+func (s *composeService) checkEnvironmentVariables(project *types.Project, options api.PublishOptions) error {
 	errorList := map[string][]string{}
 
 	for _, service := range project.Services {
 		if len(service.EnvFiles) > 0 {
 			errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has env_file declared.", service.Name))
 		}
-		if len(service.Environment) > 0 {
-			errorList[service.Name] = append(errorList[service.Name], fmt.Sprintf("service %q has environment variable(s) declared.", service.Name))
-			envVarList[service.Name] = service.Environment
-		}
-	}
-
-	for _, config := range project.Configs {
-		if config.Environment != "" {
-			errorList[config.Name] = append(errorList[config.Name], fmt.Sprintf("config %q is declare as an environment variable.", config.Name))
-			envVarList[config.Name] = types.NewMappingWithEquals([]string{fmt.Sprintf("%s=%s", config.Name, config.Environment)})
-		}
 	}
 
 	if !options.WithEnvironment && len(errorList) > 0 {
@@ -395,10 +364,10 @@ func (s *composeService) checkEnvironmentVariables(project *types.Project, optio
 				errorMsg.WriteString(fmt.Sprintf("%s\n", err))
 			}
 		}
-		return nil, fmt.Errorf("%s%s", errorMsg.String(), errorMsgSuffix)
+		return fmt.Errorf("%s%s", errorMsg.String(), errorMsgSuffix)
 
 	}
-	return envVarList, nil
+	return nil
 }
 
 func envFileLayers(files map[string]string) []v1.Descriptor {
diff --git a/pkg/e2e/publish_test.go b/pkg/e2e/publish_test.go
@@ -29,18 +29,10 @@ func TestPublishChecks(t *testing.T) {
 	c := NewParallelCLI(t)
 	const projectName = "compose-e2e-explicit-profiles"
 
-	t.Run("publish error environment", func(t *testing.T) {
-		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-environment.yml",
-			"-p", projectName, "publish", "test/test")
-		res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has environment variable(s) declared.
-To avoid leaking sensitive data,`})
-	})
-
 	t.Run("publish error env_file", func(t *testing.T) {
 		res := c.RunDockerComposeCmdNoCheck(t, "-f", "./fixtures/publish/compose-env-file.yml",
 			"-p", projectName, "publish", "test/test")
 		res.Assert(t, icmd.Expected{ExitCode: 1, Err: `service "serviceA" has env_file declared.
-service "serviceA" has environment variable(s) declared.
 To avoid leaking sensitive data,`})
 	})
 
@@ -49,8 +41,6 @@ To avoid leaking sensitive data,`})
 			"-p", projectName, "publish", "test/test")
 		// we don't in which order the services will be loaded, so we can't predict the order of the error messages
 		assert.Assert(t, strings.Contains(res.Combined(), `service "serviceB" has env_file declared.`), res.Combined())
-		assert.Assert(t, strings.Contains(res.Combined(), `service "serviceB" has environment variable(s) declared.`), res.Combined())
-		assert.Assert(t, strings.Contains(res.Combined(), `service "serviceA" has environment variable(s) declared.`), res.Combined())
 		assert.Assert(t, strings.Contains(res.Combined(), `To avoid leaking sensitive data, you must either explicitly allow the sending of environment variables by using the --with-env flag,
 or remove sensitive data from your Compose configuration
 `), res.Combined())
@@ -70,52 +60,12 @@ or remove sensitive data from your Compose configuration
 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
 	})
 
-	t.Run("publish approve validation message", func(t *testing.T) {
-		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
-			"-p", projectName, "publish", "test/test", "--with-env", "--dry-run")
-		cmd.Stdin = strings.NewReader("y\n")
-		res := icmd.RunCmd(cmd)
-		res.Assert(t, icmd.Expected{ExitCode: 0})
-		assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables?"), res.Combined())
-		assert.Assert(t, strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
-		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
-	})
-
-	t.Run("publish refuse validation message", func(t *testing.T) {
-		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-env-file.yml",
-			"-p", projectName, "publish", "test/test", "--with-env", "--dry-run")
-		cmd.Stdin = strings.NewReader("n\n")
-		res := icmd.RunCmd(cmd)
-		res.Assert(t, icmd.Expected{ExitCode: 0})
-		assert.Assert(t, strings.Contains(res.Combined(), "Are you ok to publish these environment variables?"), res.Combined())
-		assert.Assert(t, !strings.Contains(res.Combined(), "test/test publishing"), res.Combined())
-		assert.Assert(t, !strings.Contains(res.Combined(), "test/test published"), res.Combined())
-	})
-
 	t.Run("publish with extends", func(t *testing.T) {
 		res := c.RunDockerComposeCmd(t, "-f", "./fixtures/publish/compose-with-extends.yml",
 			"-p", projectName, "publish", "test/test", "--dry-run")
 		assert.Assert(t, strings.Contains(res.Combined(), "test/test published"), res.Combined())
 	})
 
-	t.Run("publish list env variables", func(t *testing.T) {
-		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-multi-env-config.yml",
-			"-p", projectName, "publish", "test/test", "--with-env", "--dry-run")
-		cmd.Stdin = strings.NewReader("n\n")
-		res := icmd.RunCmd(cmd)
-		res.Assert(t, icmd.Expected{ExitCode: 0})
-		out := res.Combined()
-		assert.Assert(t, strings.Contains(out, `you are about to publish environment variables within your OCI artifact.
-please double check that you are not leaking sensitive data`), out)
-		assert.Assert(t, strings.Contains(out, `Service/Config  serviceA
-FOO=bar`), out)
-		assert.Assert(t, strings.Contains(out, `Service/Config  serviceB`), out)
-		// we don't know in which order the env variables will be loaded
-		assert.Assert(t, strings.Contains(out, `FOO=bar`), out)
-		assert.Assert(t, strings.Contains(out, `BAR=baz`), out)
-		assert.Assert(t, strings.Contains(out, `QUIX=`), out)
-	})
-
 	t.Run("refuse to publish with bind mount", func(t *testing.T) {
 		cmd := c.NewDockerComposeCmd(t, "-f", "./fixtures/publish/compose-bind-mount.yml",
 			"-p", projectName, "publish", "test/test", "--dry-run")
