jetify-com · mikeland73 · Sep 27, 2023 · Sep 26, 2023
diff --git a/internal/boxcli/featureflag/envsec.go b/internal/boxcli/featureflag/envsec.go
diff --git a/internal/devconfig/env.go b/internal/devconfig/env.go
@@ -1,26 +1,27 @@
 package devconfig
 
 import (
-	"go.jetpack.io/devbox/internal/boxcli/featureflag"
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
 	"go.jetpack.io/devbox/internal/integrations/envsec"
 )
 
 func (c *Config) ComputedEnv(projectDir string) (map[string]string, error) {
 	env := map[string]string{}
 	var err error
-	if featureflag.Envsec.Enabled() {
-		if c.EnvFrom == "envsec" {
-			env, err = envsec.Env(projectDir)
-			if err != nil {
-				return nil, err
-			}
-		} else if c.EnvFrom != "" {
-			return nil, usererr.New("unknown from_env value: %s", c.EnvFrom)
+	if c.IsEnvsecEnabled() {
+		env, err = envsec.Env(projectDir)
+		if err != nil {
+			return nil, err
 		}
+	} else if c.EnvFrom != "" {
+		return nil, usererr.New("unknown from_env value: %s", c.EnvFrom)
 	}
 	for k, v := range c.Env {
 		env[k] = v
 	}
 	return env, nil
 }
+
+func (c *Config) IsEnvsecEnabled() bool {
+	return c.EnvFrom == "envsec"
+}
diff --git a/internal/impl/devbox.go b/internal/impl/devbox.go
@@ -871,6 +871,11 @@ func (d *Devbox) computeNixEnv(ctx context.Context, usePrintDevEnvCache bool) (m
 		)
 	}
 
+	env["PATH"], err = d.addUtilitiesToPath(env["PATH"])
+	if err != nil {
+		return nil, err
+	}
+
 	// Include env variables in devbox.json
 	configEnv, err := d.configEnvs(env)
 	if err != nil {

diff --git a/internal/impl/util.go b/internal/impl/util.go
@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 
 	"github.com/pkg/errors"
+	"go.jetpack.io/devbox/internal/integrations/envsec"
 	"go.jetpack.io/devbox/internal/nix/nixprofile"
 
 	"go.jetpack.io/devbox/internal/xdg"
@@ -33,6 +34,21 @@ func (d *Devbox) addDevboxUtilityPackage(ctx context.Context, pkg string) error
 	})
 }
 
+// addDevboxUtilityPackages adds binaries that we want the user to have access
+// to (e.g. envsec).
+// Question: Should we add utilityBinPath here? That would allow user to use
+// process-compose, etc
+func (d *Devbox) addUtilitiesToPath(path string) (string, error) {
+	if d.cfg.IsEnvsecEnabled() {
+		envsecPath, err := envsec.EnsureInstalled()
+		if err != nil {
+			return "", err
+		}
+		path = path + string(os.PathListSeparator) + filepath.Dir(envsecPath)
+	}
+	return path, nil
+}
+
 func utilityLookPath(binName string) (string, error) {
 	binPath, err := utilityBinPath()
 	if err != nil {

diff --git a/internal/integrations/envsec/envsec.go b/internal/integrations/envsec/envsec.go
@@ -3,17 +3,17 @@ package envsec
 import (
 	"bytes"
 	"encoding/json"
-	"os"
 	"os/exec"
+	"path/filepath"
 
 	"github.com/pkg/errors"
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
-	"go.jetpack.io/devbox/internal/cmdutil"
 	"go.jetpack.io/devbox/internal/debug"
 	"go.jetpack.io/pkg/sandbox/runx"
 )
 
 var envCache map[string]string
+var binPathCache string
 
 func Env(projectDir string) (map[string]string, error) {
 
@@ -23,11 +23,7 @@ func Env(projectDir string) (map[string]string, error) {
 		return envCache, nil
 	}
 
-	if err := ensureEnvsecInstalled(); err != nil {
-		return nil, err
-	}
-
-	if err := ensureEnvsecInitialized(projectDir); err != nil {
+	if err := ensureInitialized(projectDir); err != nil {
 		return nil, err
 	}
 
@@ -37,25 +33,35 @@ func Env(projectDir string) (map[string]string, error) {
 	return envCache, err
 }
 
-func ensureEnvsecInstalled() error {
-	// In newer runx version this will return the paths
+func EnsureInstalled() (string, error) {
+	if binPathCache != "" {
+		return binPathCache, nil
+	}
+
+	if path, err := exec.LookPath("envsec"); err == nil {
+		binPathCache = path
+		return binPathCache, nil
+	}
+
 	paths, err := runx.Install("jetpack-io/envsec")
 	if err != nil {
-		return errors.Wrap(err, "failed to install envsec")
+		return "", errors.Wrap(err, "failed to install envsec")
 	}
 
-	for _, path := range paths {
-		os.Setenv("PATH", path+string(os.PathListSeparator)+os.Getenv("PATH"))
+	if len(paths) == 0 {
+		return "", usererr.New("envsec is not installed or not in path")
 	}
 
-	if !cmdutil.Exists("envsec") {
-		return usererr.New("envsec is not installed or not in path")
-	}
-	return nil
+	binPathCache = filepath.Join(paths[0], "envsec")
+	return binPathCache, nil
 }
 
-func ensureEnvsecInitialized(projectDir string) error {
-	cmd := exec.Command("envsec", "init", "--json-errors")
+func ensureInitialized(projectDir string) error {
+	binPath, err := EnsureInstalled()
+	if err != nil {
+		return err
+	}
+	cmd := exec.Command(binPath, "init", "--json-errors")
 	cmd.Dir = projectDir
 	var bufErr bytes.Buffer
 	cmd.Stderr = &bufErr
@@ -67,8 +73,12 @@ func ensureEnvsecInitialized(projectDir string) error {
 }
 
 func envsecList(projectDir string) (map[string]string, error) {
+	binPath, err := EnsureInstalled()
+	if err != nil {
+		return nil, err
+	}
 	cmd := exec.Command(
-		"envsec", "ls", "--show",
+		binPath, "ls", "--show",
 		"--format", "json",
 		"--environment", "dev",
 		"--json-errors")