Skip to content

feat: Add .env.example file for easier developer setup #143

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

feat: Add .env.example file for easier developer setup #143

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
44a1dcd
Add new feature
Rehan959 Nov 8, 2025
46ae0cd
Changed the issues
Rehan959 Nov 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions apps/api/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Required
DATABASE_URL="postgresql://USER:PASSWORD@localhost:5432/your_database_name?schema=public"
JWT_SECRET="replace-with-a-strong-random-secret"

# Optional (good defaults shown)
PORT=8080
CORS_ORIGINS=http://localhost:3000
NODE_ENV=development

# Optional but needed for GitHub queries to work
# Generate a classic token with "public_repo" access at https://github.com/settings/tokens
GITHUB_PERSONAL_ACCESS_TOKEN=your_github_personal_access_token_here
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

⚠️ Reconsider storing GitHub tokens in .env files.

Personal access tokens are sensitive credentials and should never be stored in version-controlled .env files, even as placeholders. If the application requires GitHub token authentication, consider one of these alternatives:

  • Remove this from .env.example and document in README that developers set GITHUB_PERSONAL_ACCESS_TOKEN only in their local, gitignored .env file
  • Use environment-specific secret management (e.g., CI/CD secrets, HashiCorp Vault)
  • Make the feature optional and degrade gracefully if the token is unavailable

If GitHub token functionality is critical for basic setup, clarify this distinction in documentation.

🤖 Prompt for AI Agents 
In apps/api/.env.example around lines 10 to 12, the file exposes a GitHub
personal access token placeholder which shouldn’t be committed; remove the
GITHUB_PERSONAL_ACCESS_TOKEN entry from .env.example and instead document in the
README that developers must set GITHUB_PERSONAL_ACCESS_TOKEN in their local,
gitignored .env or via environment/secret management (CI secrets, Vault), and
update application startup to handle missing token gracefully or make the
feature optional so the app degrades when the token is not provided.