vendor prefixi¶

TL;DR

BITBUCKET_* postavlja Bitbucket automatski (read-only za nas). CI_* su shared CI nivo runtime varijable. Vendor prefiksi (COOLIFY_*, INFISICAL_*, SENTRY_*, ...) su vendor-specifični. Service-config NE IDE u env var — to je u services.json.

Prefiksi¶

Prefiks	Ko postavlja	Čitljiv
`BITBUCKET_*`	Bitbucket Pipelines	svuda, read-only
`CI_*`	ci-artifacts shared	svuda, default u `ci/` skriptama
`<VENDOR>_*`	vendor + operater	samo u `<vendor>/api/config.py`

Naming pravilo¶

# CI (config.py): ČITAJ preko os.environ["VAR"] — fail-fast
from os import environ
INFISICAL_TOKEN = environ["INFISICAL_TOKEN"]   # KeyError ako unset

# NE: os.environ.get("INFISICAL_TOKEN", "") — tihi fallback, loš
# IZUZETAK: telemetry-only ingest (test_results, upload) — silent skip

`BITBUCKET_*` (auto-set)¶

Var	Svrha
`BITBUCKET_COMMIT`	Commit that triggered pipeline
`BITBUCKET_BRANCH`	Branch name
`BITBUCKET_TAG`	Tag (za tag-triggered pipelines)
`BITBUCKET_PR_ID`	PR ID
`BITBUCKET_PR_DESTINATION_COMMIT`	PR destination commit
`BITBUCKET_DEPLOYMENT_ENVIRONMENT`	Deployment label (used for `ENV`)
`BITBUCKET_BUILD_NUMBER`	Build number
`BITBUCKET_REPO_FULL_NAME`	workspace/repo-slug
`BITBUCKET_API_TOKEN`	Auth za BB API (PR, comments, status)
`BITBUCKET_USERNAME` / `BITBUCKET_USER_EMAIL`	Auth identity

Bitbucket tiho maskira vrijednosti u pipeline logu. Ako printuješ $DOCKER_HUB_IMAGE_NAME, maskira se kao $DOCKER_HUB_IMAGE_NAME literal. Uvijek bb_get variables/ prije debug-a.

`CI_*` (ci-artifacts shared)¶

Kompletan inventar u docs/ci-env-vars.md sa file:line proof-om. Najvažniji:

Var	Default	Svrha
`CI_LOCK_BACKEND`	(auto)	Koji lock backend (Infisical/Flagsmith/git)
`CI_HEALTH_TIMEOUT`	60	Health check timeout (sekunde)
`CI_QEMU_SKIP`	false	Preskoči QEMU multi-arch build
`CI_PRE_BUILD_HOOK`	unset	Shell komanda prije docker build-a
`CI_PYLINT_JOBS`	auto	Paralelnost za pylint
`CI_PYLINT_FAIL_UNDER`	9.0	Score threshold (PR-strict = 9.5)
`CI_BANDIT_JOBS`	auto	Paralelnost za bandit
`CI_LINT_RESULTS_DIR`	`lint-results/`	Gdje linteri pišu JUnit
`CI_TEST_RESULTS_DIR`	`test-results/`	Gdje testovi pišu JUnit
`CI_VERSION_STATE_BACKEND`	unset	DEPRECATED — koristi `services.<name>.build.expo.fingerprint_gate.backend`

Vendor prefiksi¶

Vendor	Prefix	Primjer
Coolify	`COOLIFY_*`	`COOLIFY_API_URL`, `COOLIFY_API_TOKEN`
Infisical	`INFISICAL_*`	`INFISICAL_TOKEN`, `INFISICAL_PROJECT_ID`
Sentry	`SENTRY_*`	`SENTRY_AUTH_TOKEN`, `SENTRY_ORG`, `SENTRY_PROJECT`
Slack	`SLACK_*`	`SLACK_WEBHOOK_URL`, `SLACK_APP_NAME`
Docker Hub	`DOCKER_HUB_*`	`DOCKER_HUB_USERNAME`, `DOCKER_HUB_PASSWORD`
Bitbucket	`BITBUCKET_*`	(vidi gore)
Jira	`JIRA_*`	`JIRA_BASE_URL`, `JIRA_API_TOKEN`
Test Results	`TEST_RESULTS_*`	`TEST_RESULTS_UPLOAD_URL`, `TEST_RESULTS_UPLOAD_TOKEN`
Langfuse	`LANGFUSE_*`	`LANGFUSE_PUBLIC_KEY`, `LANGFUSE_SECRET_KEY`

Vendor-specific env var čitaju se samo u ci/<vendor>/api/config.py (lazy __getattr__). Orchestrator skripte NE čitaju vendor env direktno.

Build-time BuildKit secrets (`build.docker.secrets`)¶

# services.json
build:
  docker:
    secrets: ["GIT_AUTH_TOKEN"]

build verb prosljeđuje secrets BuildKit-u kao --secret id=<name>,src=<tmpfile>. Env var mora postojati u runtime env-u (radi na self-hosted runneru, NE na cloud).

Bitbucket repo vars tiho gaze `${VAR:-default}`¶

# U CI scripti:
GIT_DEPTH="${GIT_DEPTH:-1}"
# Ako BB repo var `GIT_DEPTH` postavljen na `5`, dobijaš "5".
# Ako NIJE postavljen, dobijaš "1" (default).
# Ali: BB repo var `GIT_DEPTH=""` (prazan string) → dobijaš PRAZAN STRING,
# NE default. Tihi override.

Uvijek koristi os.environ["VAR"] (fail-fast) umjesto shell default mehanizma za operater-overridable varijable.

Vidi i¶

docs/ci-env-vars.md — kompletna inventura sa file:line
01-onboarding/03-why-no-shell-tricks.md
ci/_errors.py — fail-fast config pattern

Env vars — CI_* / BITBUCKET_* / vendor prefixi¶

Prefiksi¶

Naming pravilo¶

BITBUCKET_* (auto-set)¶

CI_* (ci-artifacts shared)¶