local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 51 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions

Add file_envs for secrets and allow passing database url via separate envs #246

Merged
simon merged 5 commits from add-file-envs into main 2025-12-03 14:29:34 +01:00
Conversation 1 Commits 5 Files changed 6 +172 -36
simon commented 2025-12-03 12:58:16 +01:00
Owner
Copy link

Description of the implemented changes

The changes were:

  • Bugfixing
  • New Feature
  • Breaking Change
  • Refactoring

What has been changed?

changed runtime.exs to support file_envs

update docker-compose.prod.yml to reflect these changes in said environment, added just commands to generate secrets on first start

Definition of Done

Code Quality

  • No new technical depths
  • Linting passed
  • Documentation is added were needed

Accessibility

  • New elements are properly defined with html-tags
  • Colour contrast follows WCAG criteria
  • Aria labels are added when needed
  • Everything is accessible by keyboard
  • Tab-Order is comprehensible
  • All interactive elements have a visible focus

Testing

  • Tests for new code are written
  • All tests pass
  • axe-core dev tools show no critical or major issues

Additional Notes

## Description of the implemented changes The changes were: - [ ] Bugfixing - [x] New Feature - [ ] Breaking Change - [x] Refactoring ## What has been changed? changed runtime.exs to support file_envs update docker-compose.prod.yml to reflect these changes in said environment, added just commands to generate secrets on first start ## Definition of Done ### Code Quality - [x] No new technical depths - [x] Linting passed - [x] Documentation is added were needed ### Accessibility - [ ] New elements are properly defined with html-tags - [ ] Colour contrast follows WCAG criteria - [ ] Aria labels are added when needed - [ ] Everything is accessible by keyboard - [ ] Tab-Order is comprehensible - [ ] All interactive elements have a visible focus ### Testing - [ ] Tests for new code are written - [ ] All tests pass - [ ] axe-core dev tools show no critical or major issues ## Additional Notes <!--- Add any additional information for the reviewers here -->
simon added 3 commits 2025-12-03 12:58:17 +01:00
chore: update prod-compose to use file-envs for secrets
All checks were successful
continuous-integration/drone/push Build is passing
Details
d8384098b4
fix: mailto formatting
All checks were successful
continuous-integration/drone/push Build is passing
Details
ce15b8f59b
simon added this to the Sprint 9: 20.11 - 11.12 project 2025-12-03 12:58:23 +01:00
requested review from rafael 2025-12-03 12:58:33 +01:00
rafael approved these changes 2025-12-03 13:37:18 +01:00
rafael left a comment
Collaborator
Copy link

Great work!

One thing that would be great is updating README.md to list the new _FILE vars in the configuration guide.

Great work! One thing that would be great is updating README.md to list the new `_FILE` vars in the configuration guide.
Justfile Outdated
@ -88,0 +90,4 @@
# ================================
# Initialize secrets directory with generated secrets (only if not exists)
init-secrets:
rafael commented 2025-12-03 13:29:07 +01:00
Collaborator
Copy link

Should we name this action init-prod-secrets to communicate its scope?

Should we name this action `init-prod-secrets` to communicate its scope?
simon marked this conversation as resolved
config/runtime.exs Outdated
@ -10,0 +21,4 @@
file_path ->
case File.read(file_path) do
{:ok, content} ->
String.trim(content)
rafael commented 2025-12-03 13:31:17 +01:00
Collaborator
Copy link

Is this trim specifically needed? Seems like it could lead to some surprising behavior in some edge cases.

Is this `trim` specifically needed? Seems like it could lead to some surprising behavior in some edge cases.
simon commented 2025-12-03 14:11:01 +01:00
Author
Owner
Copy link

replaced by trim_trailing

  • leading whitespaces remain
  • only trailing whitespaces are removed, common use case when using secret files, with newlines etc
replaced by trim_trailing - leading whitespaces remain - only trailing whitespaces are removed, common use case when using secret files, with newlines etc
simon marked this conversation as resolved
config/runtime.exs Outdated
@ -58,3 +123,3 @@
client_id: System.get_env("OIDC_CLIENT_ID") || "mv",
base_url: System.get_env("OIDC_BASE_URL") || "http://localhost:8080/auth/v1",
client_secret: System.get_env("OIDC_CLIENT_SECRET"),
client_secret: get_env_or_file.("OIDC_CLIENT_SECRET", nil),
rafael commented 2025-12-03 13:34:32 +01:00
Collaborator
Copy link

Let's add an error message here, similar to the other calls

Let's add an error message here, similar to the other calls
simon marked this conversation as resolved
docker-compose.prod.yml Outdated
@ -1,22 +1,33 @@
services:
app:
image: git.local-it.org/local-it/mitgliederverwaltung:latest
image: mitgliederverwaltung:latest
rafael commented 2025-12-03 13:35:28 +01:00
Collaborator
Copy link

Should we change this back? Or is there a way we can support dev environments and "real" prod deployments with the same file?

Should we change this back? Or is there a way we can support dev environments and "real" prod deployments with the same file?
simon commented 2025-12-03 14:14:30 +01:00
Author
Owner
Copy link

was just for testing, whoopsie

was just for testing, whoopsie
simon marked this conversation as resolved
simon was assigned by rafael 2025-12-03 13:39:15 +01:00
simon added 1 commit 2025-12-03 14:27:37 +01:00
fix: resolve review comments
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
1623b63207
simon added 1 commit 2025-12-03 14:29:12 +01:00
Merge remote-tracking branch 'origin/main' into add-file-envs
Some checks reported errors
continuous-integration/drone/push Build was killed
Details
d1bab1288c
simon merged commit a10d42f1ed into main 2025-12-03 14:29:34 +01:00
simon deleted branch add-file-envs 2025-12-03 14:29:35 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
rafael
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Sprint 9: 20.11 - 11.12
Assignees
Clear assignees
No assignees
simon
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#246
No description provided.
Delete branch "add-file-envs"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?