chore: centralize docker-compose variables into .env

Stripe Price IDs were hardcoded and duplicated across 4 compose files. Log levels were hardcoded per-overlay instead of using generate-log-config.sh. This refactors all environment-specific variables into a single .env file that CI/CD generates from Gitea repo variables + generate-log-config.sh. - Add .env.example template with documented variables - Replace hardcoded values with ${VAR:-default} substitution in base compose - Simplify prod overlay from 90 to 32 lines (remove redundant env blocks) - Add YAML anchors to blue-green overlay (eliminate blue/green duplication) - Remove redundant OCR env block from staging overlay - Change generate-log-config.sh to output to stdout (pipe into .env) - Update staging/production CI/CD to generate .env with Stripe + log vars - Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 19:57:36 -06:00
parent 07c3d8511d
commit 853a075e8b
8 changed files with 158 additions and 237 deletions
--- a/.gitea/workflows/production.yaml
+++ b/.gitea/workflows/production.yaml
@@ -99,6 +99,7 @@ jobs:
            docker-compose.yml
            docker-compose.blue-green.yml
            docker-compose.prod.yml
+            .env.example
          sparse-checkout-cone-mode: false
          fetch-depth: 1

@@ -115,11 +116,20 @@ jobs:
          mkdir -p "$DEPLOY_PATH/secrets/app"
          cp "$GITHUB_WORKSPACE/secrets/app/google-wif-config.json" "$DEPLOY_PATH/secrets/app/"

-      - name: Generate logging configuration
+      - name: Generate environment configuration
        run: |
          cd "$DEPLOY_PATH"
+          {
+            echo "# Generated by CI/CD - DO NOT EDIT"
+            echo "STRIPE_PRO_MONTHLY_PRICE_ID=${{ vars.STRIPE_PRO_MONTHLY_PRICE_ID }}"
+            echo "STRIPE_PRO_YEARLY_PRICE_ID=${{ vars.STRIPE_PRO_YEARLY_PRICE_ID }}"
+            echo "STRIPE_ENTERPRISE_MONTHLY_PRICE_ID=${{ vars.STRIPE_ENTERPRISE_MONTHLY_PRICE_ID }}"
+            echo "STRIPE_ENTERPRISE_YEARLY_PRICE_ID=${{ vars.STRIPE_ENTERPRISE_YEARLY_PRICE_ID }}"
+            echo "VITE_STRIPE_PUBLISHABLE_KEY=${{ vars.VITE_STRIPE_PUBLISHABLE_KEY }}"
+            echo "GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}"
+          } > .env
          chmod +x scripts/ci/generate-log-config.sh
-          ./scripts/ci/generate-log-config.sh "$LOG_LEVEL"
+          ./scripts/ci/generate-log-config.sh "$LOG_LEVEL" >> .env

      - name: Login to registry
        run: |