feature: demo setting env variables from plaintext yaml file

Author: chickenandpork

deps.bzl

@@ -16,6 +16,15 @@ def dependencies():
             "https://github.com/bazelbuild/bazel-skylib/releases/download/1.4.2/bazel-skylib-1.4.2.tar.gz",
         ],
     )
+    maybe(
+        http_archive,
+        name = "com_github_masmovil_bazel_rules",
+        sha256 = "9c8ac4c60da1ccda076b2a8e5194a1d4bde96bcb44808ccb75ecca33b5669102",
+        strip_prefix = "bazel-rules-0.5.0",
+        urls = [
+            "https://github.com/masmovil/bazel-rules/archive/refs/tags/v0.5.0.tar.gz",
+        ],
+    )
     maybe(
         http_archive,
         name = "rules_python",
@@ -36,4 +45,3 @@ def dependencies():
         strip_prefix = "rules_python-0.25.0",
         url = "https://github.com/bazelbuild/rules_python/releases/download/0.25.0/rules_python-0.25.0.tar.gz",
     )
-

examples/demo_env_from_yaml/BUILD.bazel

@@ -0,0 +1,14 @@
+load("@pypi//:requirements.bzl", "requirement")
+load("@rules_python//python:defs.bzl", "py_binary", "py_test")
+
+py_test(
+    name = "test",
+    env = { "SOPS": "sops_decrypt.yaml" },
+    size = "small",
+    srcs = ["test.py"],
+    deps = [
+        "@pypi_pyyaml//:pkg",
+        "@rules_ai//lib/python:envexport",
+    ],
+    data = [ "sops_decrypt.yaml" ],
+)

examples/demo_env_from_yaml/README.md

@@ -0,0 +1,8 @@
+# Basic Build
+
+It's a habit of mine to include a basic build as part of a project; this allows me to immediately
+ensure the toolchains are functional and can detect sudden critical issues with the main branch's
+ability to build and test
+
+This is almost identical to the example in rules_python, notably:
+ - https://github.com/bazelbuild/rules_python/blob/main/examples/pip_parse @018e355

examples/demo_env_from_yaml/WORKSPACE

@@ -0,0 +1,37 @@
+workspace(name = "demo_env_from_yaml")
+
+# if copy-pasting, use this instead:
+#
+# load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+# http_archive(
+#     name = "rules_ai",
+#     sha256 = "...",
+#     strip_prefix = "rules_ai-x.y.z",
+#     url = "https://github.com/chickenandpork/rules_ai/releases/download/x.y.z/rules_ai-x.y.z.tar.gz",
+# )
+local_repository(
+    name = "rules_ai",
+    path = "../..",
+)
+
+load("@rules_ai//:deps.bzl", rules_ai_dependencies = "dependencies")
+
+rules_ai_dependencies()
+
+load("@com_github_masmovil_bazel_rules//repositories:repositories.bzl", mm_repositories = "repositories")
+mm_repositories()
+
+load("@rules_ai//:python_defs.bzl", rules_ai_py_toolchain = "py_toolchain")
+
+rules_ai_py_toolchain(python_version = "3.9", python_repo_name = "python39")
+
+# Load a pre-curated set of default per-OS requirements, naming the repo "pypi", then (a standard
+# step of "rules_python" use) install the dependencies defined in this vendored requirements spec
+
+load("@rules_ai//:requirements.bzl", "vendored_requirements")
+
+vendored_requirements(name = "pypi")
+
+load("@pypi//:requirements.bzl", "install_deps")
+
+install_deps()

examples/demo_env_from_yaml/sops_decrypt.yaml

@@ -0,0 +1,2 @@
+OPENAI_API_KEY: bokbokbok
+BOB: doug

examples/demo_env_from_yaml/test.py

@@ -0,0 +1,16 @@
+import unittest
+
+import os
+from rules_ai.lib.python.envexport import env_export
+
+
+class ExampleTest(unittest.TestCase):
+    def test_env_is_present(self):
+        self.assertIn("OPENAI_API_KEY", os.environ)
+        self.assertNotIn("BOB", os.environ)  # "BOB" key defined in yaml file but not in `keys`
+
+
+if __name__ == "__main__":
+    if "SOPS" in os.environ:
+        env_export(filename=os.environ["SOPS"], keys = [ "OPENAI_API_KEY" ] )
+    unittest.main()

lib/python/BUILD.bazel

@@ -106,3 +106,10 @@ diff_test(
         "@platforms//os:windows": ":make_platform_agnostic_windows",
     }),
 )
+
+py_library(
+    name = "envexport",
+    srcs = ["envexport.py"],
+    visibility = ["//visibility:public"],
+    #deps = [ ]
+)

lib/python/envexport.py

@@ -0,0 +1,23 @@
+import yaml
+import re
+import os
+
+def env_export(filename, keys):
+    """Load a yaml file <filename> and set environment variables from the list <keys> from k/v in
+    the file.
+
+    Intended use is like importing specific k/v from a yaml file to the env, such as specific
+    secrets by key from a decrypted SOPS file.
+
+    parameters:
+     - filename: a filename such as "my/secrets.yaml"
+     - keys: list of keys such as [ "OPENAI_API_KEY", "PROMPTLAYER_KEY" ]
+    """
+
+    with open(filename, 'r') as file:
+        p = yaml.load(file, Loader=yaml.FullLoader)
+        for k in keys:
+            if k in p.keys():
+                os.environ[k] = p[k]
+
+

python_defs.bzl

@@ -15,5 +15,3 @@ def py_toolchain(python_version = "3.9", python_repo_name = "python39"):
 
     # Because we drop out the pip_parse(), we need to explicitly call one of the magic hidden helper-functions:
     pip_install_dependencies()
-
-