chore: update prod-compose to use file-envs for secrets

2025-12-03 12:38:24 +01:00 · 2025-12-03 12:38:24 +01:00 · d8384098b4
commit d8384098b4
parent ee094eec2f
5 changed files with 66 additions and 18 deletions
--- a/25
+++ b/25
@ -84,4 +84,27 @@ regen-migrations migration_name commit_hash='':
 clean:
    mix clean
    rm -rf .elixir_ls
-    rm -rf _build
+    rm -rf _build
+
+# Production environment commands
+# ================================
+
+# Initialize secrets directory with generated secrets (only if not exists)
+init-secrets:
+  #!/usr/bin/env bash
+  set -euo pipefail
+  if [ -d "secrets" ]; then
+    echo "Secrets directory already exists. Skipping generation."
+    exit 0
+  fi
+  echo "Creating secrets directory and generating secrets..."
+  mkdir -p secrets
+  mix phx.gen.secret > secrets/secret_key_base.txt
+  mix phx.gen.secret > secrets/token_signing_secret.txt
+  openssl rand -base64 32 | tr -d '\n' > secrets/db_password.txt
+  touch secrets/oidc_client_secret.txt
+  echo "Secrets generated in ./secrets/"
+
+# Start production environment with Docker Compose
+start-prod: init-secrets
+  docker compose -f docker-compose.prod.yml up -d