[eas-cli] warn people if pulling secret env vars in env:pull command (#…

…2538)

<!-- If this PR requires a changelog entry, add it by commenting the PR with the command `/changelog-entry [breaking-change|new-feature|bug-fix|chore] [message]`. -->
<!-- You can skip the changelog check by labeling the PR with "no changelog". -->

# Why

https://exponent-internal.slack.com/archives/C06FK950085/p1725586296781109

# How

warn people if pulling secret env vars in env:pull command

# Test Plan

![Screenshot 2024-09-06 at 15.36.44.png](https://graphite-user-uploaded-assets-prod.s3.amazonaws.com/9YRXgAETSTRMfjZ0IP35/d1ecf95a-a9f4-4d01-b24e-5b2e9ea5e31c.png)

packages/eas-cli/src/commands/env/pull.ts

@@ -9,7 +9,7 @@ import Log from '../../log';
 import { confirmAsync } from '../../prompts';
 import { promptVariableEnvironmentAsync } from '../../utils/prompts';
 
-export default class EnvironmentValuePull extends EasCommand {
+export default class EnvironmentVariablePull extends EasCommand {
   static override description = 'pull env file';
 
   static override hidden = true;
@@ -31,15 +31,15 @@ export default class EnvironmentValuePull extends EasCommand {
   async runAsync(): Promise<void> {
     let {
       flags: { environment, path: targetPath, 'non-interactive': nonInteractive },
-    } = await this.parse(EnvironmentValuePull);
+    } = await this.parse(EnvironmentVariablePull);
 
     if (!environment) {
       environment = await promptVariableEnvironmentAsync(nonInteractive);
     }
     const {
       privateProjectConfig: { projectId },
       loggedIn: { graphqlClient },
-    } = await this.getContextAsync(EnvironmentValuePull, {
+    } = await this.getContextAsync(EnvironmentVariablePull, {
       nonInteractive,
     });
 
@@ -75,6 +75,20 @@ export default class EnvironmentValuePull extends EasCommand {
       .join('\n');
     await fs.writeFile(targetPath, filePrefix + envFileContent);
 
-    Log.log(`Pulled environment variables from ${environment} environment to ${targetPath}.`);
+    const secretEnvVariables = environmentVariables.filter(
+      (variable: EnvironmentVariableFragment) => variable.value === null
+    );
+    if (secretEnvVariables.length > 0) {
+      Log.warn(
+        `The eas env:pull command tried to pull environment variables with "secret" visibility. The variables with "secret" visibility are not available for reading, therefore thet were marked as "*****" in the generated .env file. Provide values for these manually in ${targetPath} if needed. Skipped variables: ${secretEnvVariables
+          .map(v => v.name)
+          .join('\n')}`
+      );
+      Log.warn();
+    }
+
+    Log.log(
+      `Pulled environment variables from ${environment.toLowerCase()} environment to ${targetPath}.`
+    );
   }
 }