Add only NODE_ENV environment variable to metadata

Avoids (potential) disclosure of secrets during build process and lets Metalsmith plugins switch between development and production optimisations
alphagov · Jun 21, 2023 · b457c86 · b457c86
1 parent a057a31
commit b457c86
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 13 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -31,9 +31,6 @@ jobs:
     name: Build
     runs-on: ${{ github.event.inputs.runner || 'ubuntu-latest' }}
 
-    env:
-      ENVIRONMENT: production
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v3

diff --git a/lib/metalsmith.js b/lib/metalsmith.js
@@ -78,7 +78,13 @@ module.exports = metalsmith(resolve(__dirname, '../'))
   // global variables used in layout files
   .metadata({
     title: '[TITLE NOT SET]',
-    colours
+    colours,
+
+    // include safe environment variables as metalsmith metadata
+    // used to e.g. detect when we're building in a preview environment
+    env: {
+      NODE_ENV: process.env.NODE_ENV ?? 'production'
+    }
   })
 
   // rename .md files to .md.njk, so they're passed through the Nunjucks parser
@@ -97,11 +103,6 @@ module.exports = metalsmith(resolve(__dirname, '../'))
   // Ignore internal config
   .ignore('.eslintrc.js')
 
-  // include environment variables as metalsmith metadata
-  // used to e.g. detect when we're building in a preview environment
-  .env(process.env)
-  .use((files, ms) => { ms.metadata(ms.env()) })
-
   // convert *.scss files to *.css
   .use(sass({
     quietDeps: true,

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -14,9 +14,9 @@
   "homepage": "https://github.com/alphagov/govuk-design-system#readme",
   "scripts": {
     "postinstall": "npm ls --depth=0",
-    "build": "node tasks/build.js",
-    "start": "node tasks/start.js",
-    "serve": "node tasks/serve.js",
+    "build": "cross-env NODE_ENV=production node tasks/build.js",
+    "start": "cross-env NODE_ENV=development node tasks/start.js",
+    "serve": "cross-env NODE_ENV=development node tasks/serve.js",
     "pretest": "npm run build",
     "test": "npm run lint && jest",
     "lint": "npm run lint:js && npm run lint:scss && npm run lint:html --ignore-scripts",
@@ -53,6 +53,7 @@
     "@rollup/plugin-terser": "^0.4.3",
     "accessible-autocomplete": "^2.0.4",
     "browser-sync": "2.29.3",
+    "cross-env": "^7.0.3",
     "eslint": "^8.43.0",
     "eslint-config-standard": "^17.0.0",
     "eslint-plugin-import": "^2.27.5",

diff --git a/views/layouts/_generic.njk b/views/layouts/_generic.njk
@@ -5,7 +5,7 @@
 {% block pageTitle %}{{ title }} – GOV.UK Design System{% endblock %}
 
 {% block head %}
-  {% if not ENVIRONMENT or ENVIRONMENT != 'production' %}
+  {% if env.NODE_ENV != 'production' %}
     <meta name="robots" content="noindex, nofollow">
   {% endif %}
   <meta name="og:title" content="{{title}}">