Skip to content

deployment#29

Merged
benhalverson merged 1 commit intomainfrom
deployment-fix
Dec 10, 2025
Merged

deployment#29
benhalverson merged 1 commit intomainfrom
deployment-fix

Conversation

@benhalverson
Copy link
Owner

@benhalverson benhalverson commented Dec 10, 2025

No description provided.

Copilot AI review requested due to automatic review settings December 10, 2025 07:30
@benhalverson benhalverson merged commit c03979d into main Dec 10, 2025
5 checks passed
@benhalverson benhalverson deleted the deployment-fix branch December 10, 2025 07:30
Copilot AI reviewed Dec 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Stripe payment integration configuration to the production environment by introducing the VITE_STRIPE_PUBLISHABLE_KEY environment variable. However, there are critical security concerns with the implementation.

Key Changes:

  • Added VITE_STRIPE_PUBLISHABLE_KEY to .env.production for Stripe payment integration
  • Corrected line numbering for existing VITE_DOMAIN variable

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.env.production
Comment on lines +2 to +3
VITE_DOMAIN=https://rc-store.benhalverson.dev
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_51RUggnFtN1eiSjAecw8NdboDU4D9MjxRBIlKSQj2y78HuLDK7z1h26EfEp7RUpro2jdYvW9Uzu4FA6SHoiVOEg0o00rPmfffwj No newline at end of file
Copy link

Copilot AI Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Stripe publishable key should not be committed directly to version control, even in .env.production. According to the .gitignore, environment files like .env and .env.local are excluded, but .env.production is not.

Best practice is to inject this value via CI/CD environment variables or secrets management (e.g., GitHub Secrets, Cloudflare environment variables) rather than hardcoding it in version-controlled files. This prevents accidental exposure and allows different keys per deployment environment.

Suggested change
VITE_DOMAIN=https://rc-store.benhalverson.dev
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_51RUggnFtN1eiSjAecw8NdboDU4D9MjxRBIlKSQj2y78HuLDK7z1h26EfEp7RUpro2jdYvW9Uzu4FA6SHoiVOEg0o00rPmfffwj
VITE_DOMAIN=https://rc-store.benhalverson.dev

Copilot uses AI. Check for mistakes.
.env.production
VITE_BASE_URL=https://api.benhalverson.dev
VITE_DOMAIN=https://rc-store.benhalverson.dev No newline at end of file
VITE_DOMAIN=https://rc-store.benhalverson.dev
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_51RUggnFtN1eiSjAecw8NdboDU4D9MjxRBIlKSQj2y78HuLDK7z1h26EfEp7RUpro2jdYvW9Uzu4FA6SHoiVOEg0o00rPmfffwj No newline at end of file
Copy link

Copilot AI Dec 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A Stripe test key (indicated by the pk_test_ prefix) is being added to a production environment file. Production environments should use live Stripe keys (prefixed with pk_live_), not test keys. Test keys will not process real payments and could cause issues in production.

Replace this with a production-ready Stripe publishable key or use environment-specific configuration via CI/CD secrets.

Suggested change
VITE_STRIPE_PUBLISHABLE_KEY=pk_test_51RUggnFtN1eiSjAecw8NdboDU4D9MjxRBIlKSQj2y78HuLDK7z1h26EfEp7RUpro2jdYvW9Uzu4FA6SHoiVOEg0o00rPmfffwj
VITE_STRIPE_PUBLISHABLE_KEY=pk_live_REPLACE_WITH_YOUR_LIVE_KEY

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benhalverson @bayareafilms

Comments