Skip to content

Add env section to bundle scripts for DABs interpolation#5299

Draft
shreyas-goenka wants to merge 1 commit into
mainfrom
script-env-section
Draft

Add env section to bundle scripts for DABs interpolation#5299
shreyas-goenka wants to merge 1 commit into
mainfrom
script-env-section

Conversation

@shreyas-goenka

@shreyas-goenka shreyas-goenka commented May 21, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

Fixes #4179.

scripts.<name> now accepts an env: map whose values may reference ${bundle.*}, ${workspace.*}, and ${var.*}. These values are resolved before the script runs and exported into the script's shell environment, where content references them with plain $NAME:

scripts:
  show_env:
    env:
      REGION: ${var.region}
    content: echo "region=$REGION"

Script content is passed to the shell as-is. DABs interpolation (${...}) remains unsupported in content — it would be ambiguous with a shell variable — and is rejected with an error pointing at the offending scripts.<name>.content.

Validation rejects two kinds of env entries early:

  • A value referencing a prefix other than bundle/workspace/var/variables (e.g. ${resources.*}), which wouldn't be resolved before the script runs.
  • A name that collides with the auth/target variables the CLI injects into the script process (DATABRICKS_HOST, DATABRICKS_TOKEN, DATABRICKS_BUNDLE_TARGET, …). auth.ProcessEnv deliberately strips stray auth vars to avoid conflicting auth configs, so a script must not be able to silently override the bundle's resolved workspace.

The allowed prefixes match defaultPrefixes in ResolveVariableReferencesWithoutResources, so env values are resolved by the time bundle run invokes the script.

Test plan

  • go test ./bundle/... ./libs/auth/...
  • go test ./acceptance -run 'TestAccept/bundle/run/scripts' — happy path (env-section), invalid env-value prefix (env-bad-prefix), reserved env name (env-reserved), and ${...} rejection in content (no-interpolation)
  • ./task lint-q

This pull request was AI-assisted by Isaac.

@eng-dev-ecosystem-bot

eng-dev-ecosystem-bot commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Integration test report

Commit: 0452148

Run: 27626316523

Env 🟨​KNOWN 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🟨​ aws linux 7 15 264 985 7:24
🟨​ aws windows 7 15 266 983 11:34
💚​ aws-ucws linux 7 15 360 899 6:30
💚​ aws-ucws windows 7 15 362 897 8:19
💚​ azure linux 1 17 267 983 6:08
💚​ azure windows 1 17 269 981 6:58
💚​ azure-ucws linux 1 17 365 895 7:32
💚​ azure-ucws windows 1 17 367 893 8:24
💚​ gcp linux 1 17 263 986 8:14
💚​ gcp windows 1 17 265 984 7:37
22 interesting tests: 15 SKIP, 7 KNOWN
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/invariant/no_drift 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/replace_existing 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/grants/select 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
Top 24 slowest tests (at least 2 minutes):
duration env testname
5:45 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
5:41 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
4:12 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:58 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:31 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:14 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:13 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:11 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:06 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:57 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:55 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:52 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:45 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:41 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:40 azure-ucws windows TestAccept
2:40 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:39 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:38 gcp windows TestAccept
2:33 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:32 azure windows TestAccept
2:31 aws-ucws windows TestAccept
2:30 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:29 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:26 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@shreyas-goenka shreyas-goenka force-pushed the script-env-section branch 4 times, most recently from fa62544 to f373d61 Compare June 29, 2026 12:51
@shreyas-goenka
Add env section to bundle scripts for DABs interpolation
b68897d 
scripts.<name> now accepts an env: map whose values may reference
${bundle.*}, ${workspace.*}, and ${var.*}. The script content is still
passed to the shell as-is (no DABs interpolation), removing the ambiguity
between bundle variables and shell variables that previously forced all
${...} usage to be rejected.

When an env value references an unsupported prefix (e.g. ${resources.*}),
validation reports a clear error pointing at the field. The content-side
error now suggests the new env section instead of just stating ${...} is
unsupported.

Fixes #4179

Co-authored-by: Isaac
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature suggestion - variable interpolation in DAB script

2 participants

@shreyas-goenka @eng-dev-ecosystem-bot