Skip to content

feat: support bulk KEY=VALUE pairs for secrets and variables#471

Merged
lukevmorris merged 1 commit intomainfrom
luke/jj-tspmvvlxqptp
Mar 27, 2026
Merged

feat: support bulk KEY=VALUE pairs for secrets and variables#471
lukevmorris merged 1 commit intomainfrom
luke/jj-tspmvvlxqptp

Conversation

@lukevmorris
Copy link
Copy Markdown
Member

@lukevmorris lukevmorris commented Mar 27, 2026

Note

Medium Risk
Adds new batch-write RPC usage and new CLI argument parsing paths for secret/variable creation; mistakes could create unintended org/repo-scoped values or reject valid input.

Overview
Adds batch APIs (CIBatchAddSecrets, CIBatchAddVariables) to create multiple CI secrets/variables in a single org- or repo-scoped request.

Updates depot ci secrets add and depot ci vars add to accept multiple KEY=VALUE arguments, validate incompatible flags (--value/--description), and route to the new batch endpoints while preserving the existing single-item interactive/flag flows.

Written by Cursor Bugbot for commit ae1213d. This will update automatically on new commits. Configure here.

…ands

Add bulk mode to 'depot ci secrets add' and 'depot ci vars add' that accepts
multiple KEY=VALUE arguments and uses the batch gRPC endpoints. The existing
single-secret syntax with --value flag is preserved for backward compatibility.
Comment thread pkg/cmd/ci/secrets.go
Comment on lines +129 to +133
parts := strings.SplitN(arg, "=", 2)
if len(parts) != 2 || parts[0] == "" {
return fmt.Errorf("invalid argument %q β€” expected KEY=VALUE format", arg)
}
secrets = append(secrets, &civ2.SecretInput{Name: parts[0], Value: parts[1]})
Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Validation allows empty secret values. The check len(parts) != 2 || parts[0] == "" only validates the key is non-empty, but parts[1] (the value) can be empty. A user entering FOO= would create a secret with an empty value, potentially causing production failures.

parts := strings.SplitN(arg, "=", 2)
if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
    return fmt.Errorf("invalid argument %q β€” expected KEY=VALUE format with non-empty key and value", arg)
}
Suggested change
parts := strings.SplitN(arg, "=", 2)
if len(parts) != 2 || parts[0] == "" {
return fmt.Errorf("invalid argument %q β€” expected KEY=VALUE format", arg)
}
secrets = append(secrets, &civ2.SecretInput{Name: parts[0], Value: parts[1]})
parts := strings.SplitN(arg, "=", 2)
if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
return fmt.Errorf("invalid argument %q β€” expected KEY=VALUE format with non-empty key and value", arg)
}
secrets = append(secrets, &civ2.SecretInput{Name: parts[0], Value: parts[1]})

Spotted by Graphite

Fix in Graphite


Is this helpful? React πŸ‘ or πŸ‘Ž to let us know.

@lukevmorris lukevmorris merged commit a586c19 into main Mar 27, 2026
12 checks passed
@lukevmorris lukevmorris deleted the luke/jj-tspmvvlxqptp branch March 27, 2026 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant