Add env-doctor to your CI pipeline to catch environment issues before they reach production.
# .github/workflows/env-check.yml
name: Environment Check
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
env-doctor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install dependencies
run: npm ci
- name: Check environment variables
run: npx @theaccessibleteam/env-doctor --ci
Upload results to GitHub Code Scanning for inline annotations:
name: Environment Check
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
env-doctor:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
- name: Run env-doctor
run: npx @theaccessibleteam/env-doctor --ci --format sarif > results.sarif
continue-on-error: true
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
Save reports as build artifacts:
- name: Run env-doctor
run: npx @theaccessibleteam/env-doctor --format json > env-report.json
- name: Upload report
uses: actions/upload-artifact@v4
with:
name: env-doctor-report
path: env-report.json
# .gitlab-ci.yml
env-check:
image: node:20
stage: test
script:
- npm ci
- npx @theaccessibleteam/env-doctor --ci
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_COMMIT_BRANCH == "main"
env-check:
image: node:20
stage: test
script:
- npm ci
- npx @theaccessibleteam/env-doctor --format json > env-report.json
artifacts:
reports:
dotenv: env-report.json
paths:
- env-report.json
# .circleci/config.yml
version: 2.1
jobs:
env-check:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install dependencies
command: npm ci
- run:
name: Check environment variables
command: npx @theaccessibleteam/env-doctor --ci
workflows:
main:
jobs:
- env-check
# azure-pipelines.yml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
steps:
- task: NodeTool@0
inputs:
versionSpec: '20.x'
- script: npm ci
displayName: 'Install dependencies'
- script: npx @theaccessibleteam/env-doctor --ci
displayName: 'Check environment variables'
// Jenkinsfile
pipeline {
agent any
stages {
stage('Setup') {
steps {
sh 'npm ci'
}
}
stage('Environment Check') {
steps {
sh 'npx @theaccessibleteam/env-doctor --ci'
}
}
}
}
Run env-doctor before each commit:
npm install -D husky
npx husky init
echo "npx @theaccessibleteam/env-doctor --ci" > .husky/pre-commit
{
"lint-staged": {
"*.{ts,js,tsx,jsx}": [
"npx @theaccessibleteam/env-doctor --ci"
]
}
}
env-doctor scans .env files, which should NOT contain real secrets in version control.
Recommended approach:
.env.example with placeholders.env in CI from environment variablessteps:
- name: Create .env from secrets
run: |
echo "DATABASE_URL=$" >> .env
echo "API_KEY=$" >> .env
- name: Validate environment
run: npx @theaccessibleteam/env-doctor --ci
Check for leaked secrets in git history:
- name: Scan git history
run: npx @theaccessibleteam/env-doctor scan-history --depth 50
| Code | Meaning | CI Behavior |
|---|---|---|
0 |
No errors | Build passes |
1 |
Errors found | Build fails |
Use --strict to treat warnings as errors:
- run: npx @theaccessibleteam/env-doctor --ci --strict