Code audit: fail-loud when FOOD_API_KEY is missing at build time#4
Merged
Conversation
Audit caught that the previous Gradle config silently defaulted
foodApiKey to "" when neither local.properties nor any env var
supplied it. That produced an APK that compiled fine but threw
401 from the Food Safety OpenAPI at runtime — a confusing,
late-binding failure mode.
Now the build throws a GradleException at configure time with
the exact remediation message (local.properties entry or env
var) and a pointer to the README's build section.
Also extends the lookup to System.getenv('FOOD_API_KEY'), so a
CI/release pipeline can inject the key without touching
local.properties.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Audit caught that the previous Gradle config silently defaulted
foodApiKeyto""when neitherlocal.propertiesnor any env var supplied it. The APK compiled fine but then threw 401 from the Food Safety OpenAPI at runtime — a confusing, late-binding failure that's harder to debug than a build error.Changes
app/build.gradle: throwsGradleExceptionat configure time whenFOOD_API_KEYis missing, with a remediation message that points users tolocal.propertiesand the README build section.System.getenv('FOOD_API_KEY'), so CI / release pipelines can inject the key without touchinglocal.properties.Test plan
Verifypasses (it doesn't invoke gradle, so this fail-fast doesn't break it)./gradlew assembleDebugwithout anyFOOD_API_KEYsource fails fast with the new message./gradlew assembleDebugwith the key inlocal.propertiesbuilds normallyGenerated by Claude Code