chore: untrack .env and gitignore all .env* files#43
Merged
Conversation
Even though the previously-committed .env held only a non-secret PYTHONDONTWRITEBYTECODE=1 hint, committing any .env is a foot-gun: it normalizes the practice and makes it easy for a future contributor to drop a real secret into the file unaware. Remove it from the index and broaden the ignore pattern from .env.local to .env* so all dotenv variants stay out of git by default. CONTRIBUTING.md previously instructed contributors to source ./.env for the bytecode hint; replace that with an inline export so the convenience survives without the tracked file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Remove the previously-tracked
.envfrom the index and broaden the gitignore pattern to.env*so all dotenv variants stay out of git.The committed
.envonly held a non-secretPYTHONDONTWRITEBYTECODE=1hint with a "no secrets here" comment, so this isn't a credential leak. But committing any.envis a foot-gun: it normalizes the practice and makes it trivial for a future contributor to drop a real secret in unaware. Belt-and-suspenders.Changes
git rm .env— file no longer tracked.gitignore—.env.localline replaced with.env*(covers.env,.env.local,.env.production, etc.)CONTRIBUTING.md— replaced theset -a; . ./.env; set +ainstruction with an inlineexport PYTHONDONTWRITEBYTECODE=1so the dev-convenience survives without the tracked fileTest plan
git check-ignore -v .env .env.local .env.production— all three caught by the new pattern🤖 Generated with Claude Code