fix: wrong env values could be used for non-dev context in netlify deploy --build --context

src/commands/deploy/deploy.mjs

@@ -31,6 +31,7 @@ import {
 } from '../../utils/command-helpers.mjs'
 import { DEFAULT_DEPLOY_TIMEOUT } from '../../utils/deploy/constants.mjs'
 import { deploySite } from '../../utils/deploy/deploy-site.mjs'
+import { getEnvelopeEnv } from '../../utils/env/index.mjs'
 import { getFunctionsManifestPath, getInternalFunctionsDir } from '../../utils/functions/index.mjs'
 import openBrowser from '../../utils/open-browser.mjs'
 import { link } from '../link/index.mjs'
@@ -567,6 +568,16 @@ const deploy = async (options, command) => {
     return triggerDeploy({ api, options, siteData, siteId })
   }
 
+  const isUsingEnvelope = siteData && siteData.use_envelope
+  // if a context is passed besides dev, we need to pull env vars from that specific context
+  if (isUsingEnvelope && options.context && options.context !== 'dev') {
+    command.netlify.cachedConfig.env = await getEnvelopeEnv({
+      api,
+      context: options.context,
+      env: command.netlify.cachedConfig.env,
+      siteInfo: siteData,
+    })
+  }
   const { configMutations = [], newConfig } = await handleBuild({
     cachedConfig: command.netlify.cachedConfig,
     options,
@@ -595,7 +606,18 @@ const deploy = async (options, command) => {
     deployFolder,
     functionsFolder,
   })
-  const siteEnv = get(siteData, 'build_settings.env')
+
+  const siteEnv = isUsingEnvelope
+    ? await getEnvelopeEnv({
+        api,
+        context: options.context,
+        env: command.netlify.cachedConfig.env,
+        raw: true,
+        scope: 'functions',
+        siteInfo: siteData,
+      })
+    : get(siteData, 'build_settings.env')
+
   const functionsConfig = normalizeFunctionsConfig({
     functionsConfig: config.functions,
     projectRoot: site.root,

src/utils/env/index.mjs

@@ -131,11 +131,12 @@ export const formatEnvelopeData = ({ context = 'dev', envelopeItems = [], scope
  * @param {string} context - The deploy context or branch of the environment variable
  * @param {object} env - The dictionary of environment variables
  * @param {string} key - If present, fetch a single key (case-sensitive)
+ * @param {boolean} raw - Return a dictionary of raw key/value pairs for only the account and site sources
  * @param {enum<any,builds,functions,runtime,post_processing>} scope - The scope of the environment variables
  * @param {object} siteInfo - The site object
  * @returns {object} An object of environment variables keys and their metadata
  */
-export const getEnvelopeEnv = async ({ api, context = 'dev', env, key = '', scope = 'any', siteInfo }) => {
+export const getEnvelopeEnv = async ({ api, context = 'dev', env, key = '', raw = false, scope = 'any', siteInfo }) => {
   const { account_slug: accountId, id: siteId } = siteInfo
 
   const [accountEnvelopeItems, siteEnvelopeItems] = await Promise.all([
@@ -145,6 +146,18 @@ export const getEnvelopeEnv = async ({ api, context = 'dev', env, key = '', scop
 
   const accountEnv = formatEnvelopeData({ context, envelopeItems: accountEnvelopeItems, scope, source: 'account' })
   const siteEnv = formatEnvelopeData({ context, envelopeItems: siteEnvelopeItems, scope, source: 'ui' })
+
+  if (raw) {
+    const entries = Object.entries({ ...accountEnv, ...siteEnv })
+    return entries.reduce(
+      (obj, [envVarKey, metadata]) => ({
+        ...obj,
+        [envVarKey]: metadata.value,
+      }),
+      {},
+    )
+  }
+
   const generalEnv = filterEnvBySource(env, 'general')
   const internalEnv = filterEnvBySource(env, 'internal')
   const addonsEnv = filterEnvBySource(env, 'addons')