Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(Dockerfile): don't expose environment variables #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
caviri merged 14 commits into from
Apr 4, 2024
Merged

fix(Dockerfile): don't expose environment variables #57

caviri merged 14 commits into from
Apr 4, 2024

Conversation

@sabinem
Copy link
Contributor

@sabinem sabinem commented Apr 2, 2024
edited
Loading

This PR fixes the docker-compose setup:

  • .env and compose.yml are separated, see here for the general recipe: Ways to set environment variables with Compose

  • secrets are loaded from the environment variables in order to not expose them in the docker containers: therefore dotenv is switched from using dotenv_values to load_dotenv

{sabine.maennel} added 4 commits April 2, 2024 14:00
fix(Dockerfile): don't expose environment variables
2b97ba1
fix(settings): load settings from environment variables
523e20c 
this avoids exposing secrets in Docker containers
fix(Dockerfile) working directory needs to be /app
20af392 
otherwise nicegui fails to run and the `odtp dashboard` command
does not work
fix(docker-compose): combine compose.yml with .env.dist file
86b0ee5 
that way the docker-compose file can be filled with the secrets
on docker compose up

the configurations can be checked with `docker compose config`
@sabinem sabinem requested a review from caviri April 3, 2024 05:36
sabinem added 5 commits April 3, 2024 10:15
refactor(.env files): seperate compose and local setup
16f5329 
provide two example `.env` files: one for local setup and one for
the docker compose setup
choire(bench): delete bench as it is not used any more
cd68330 
the data that is loaded there is outdated
feat(mongodb): add new function to intialize the db
7998f5e
refactor(cli init command): refactor mongodb setup
4e2168a 
use mongodb function for the setup and remove mongodb class
choire(db.py): cleanup double function for mongodb access
abe0eb4 
these functions are not used any more
@sabinem sabinem force-pushed the fix-docker-compose branch from d69d380 to b76ee55 Compare April 4, 2024 04:31
@caviri
Copy link
Member

caviri commented Apr 4, 2024

Hello @sabinem, Most changes looks good to me. What's the reason for the name changing in docker-compose.yml? I'd recommend to leave the name of the docker-compose.yml as it is instead of compose.yml as it's kind of convention across the community and when running the command it looks for this file by default.

https://github.com/search?q=docker-compose.yml&type=repositories.

sabinem added 2 commits April 4, 2024 07:56
choire(gitignore): adapt gitignore
736af26 
igonre .env.compose, ignoring odtpDB.json is no longer needed
choire(compose): remove docker-compose.yml
f2fc53e 
since it has been replaced by compose.yml
@sabinem sabinem force-pushed the fix-docker-compose branch from 5cbc748 to f2fc53e Compare April 4, 2024 05:56
@sabinem
Copy link
Contributor Author

sabinem commented Apr 4, 2024

@caviri I have removed the docker-compose.yml as it is now generated and have left only the compose.yml file. Does that work for you? If yes, please approve the PR.

@sabinem
Copy link
Contributor Author

sabinem commented Apr 4, 2024

@caviri I followed up most of your suggestions, please dev review again:

  • minion was renamed to minio
  • There is only one .env file as docker compose needs a .env file, since the .env file in the project root, and the env_file: field in the compose file are two different concepts, see here: https://stackoverflow.com/questions/48495663/docker-compose-env-file-not-working
  • I decided agains the docker compose secrets approach, since this would not work with the current server urls that we have as mongodb://${MONGO_DB_USER}:${MONGO_DB_PASSWORD}@mongodb-instance:27017/: I tried to remove the credentials from the service urls, but ran into errors with this. Saving the credentials in .env files is a common praxis and should be okay.

@caviri caviri merged commit 6a3dd30 into dockerfiles-docker-compose Apr 4, 2024
@sabinem sabinem deleted the fix-docker-compose branch April 4, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caviri caviri caviri approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sabinem @caviri