chore: centralize docker-compose variables into .env
All checks were successful
Deploy to Staging / Build Images (push) Successful in 39s
Deploy to Staging / Deploy to Staging (push) Successful in 52s
Deploy to Staging / Verify Staging (push) Successful in 9s
Deploy to Staging / Notify Staging Ready (push) Successful in 8s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
All checks were successful
Deploy to Staging / Build Images (push) Successful in 39s
Deploy to Staging / Deploy to Staging (push) Successful in 52s
Deploy to Staging / Verify Staging (push) Successful in 9s
Deploy to Staging / Notify Staging Ready (push) Successful in 8s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
Stripe Price IDs were hardcoded and duplicated across 4 compose files.
Log levels were hardcoded per-overlay instead of using generate-log-config.sh.
This refactors all environment-specific variables into a single .env file
that CI/CD generates from Gitea repo variables + generate-log-config.sh.
- Add .env.example template with documented variables
- Replace hardcoded values with ${VAR:-default} substitution in base compose
- Simplify prod overlay from 90 to 32 lines (remove redundant env blocks)
- Add YAML anchors to blue-green overlay (eliminate blue/green duplication)
- Remove redundant OCR env block from staging overlay
- Change generate-log-config.sh to output to stdout (pipe into .env)
- Update staging/production CI/CD to generate .env with Stripe + log vars
- Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Eric Gullickson
@@ -11,6 +11,63 @@
|
||||
# Shared services (from base compose):
|
||||
# mvp-traefik, mvp-postgres, mvp-redis
|
||||
|
||||
# ========================================
|
||||
# Extension fields (YAML anchors for DRY)
|
||||
# ========================================
|
||||
x-frontend-env: &frontend-env
|
||||
VITE_API_BASE_URL: /api
|
||||
VITE_AUTH0_DOMAIN: ${VITE_AUTH0_DOMAIN:-motovaultpro.us.auth0.com}
|
||||
VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com}
|
||||
SECRETS_DIR: /run/secrets
|
||||
|
||||
x-frontend-volumes: &frontend-volumes
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
|
||||
x-frontend-healthcheck: &frontend-healthcheck
|
||||
test: ["CMD-SHELL", "curl -sf http://localhost:3000 || exit 1"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
|
||||
x-backend-env: &backend-env
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
LOG_LEVEL: ${BACKEND_LOG_LEVEL:-debug}
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
STRIPE_PRO_MONTHLY_PRICE_ID: ${STRIPE_PRO_MONTHLY_PRICE_ID:-price_1T1ZHMJXoKkh5RcKwKSSGIlR}
|
||||
STRIPE_PRO_YEARLY_PRICE_ID: ${STRIPE_PRO_YEARLY_PRICE_ID:-price_1T1ZHnJXoKkh5RcKWlG2MPpX}
|
||||
STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: ${STRIPE_ENTERPRISE_MONTHLY_PRICE_ID:-price_1T1ZIBJXoKkh5RcKu2jyhqBN}
|
||||
STRIPE_ENTERPRISE_YEARLY_PRICE_ID: ${STRIPE_ENTERPRISE_YEARLY_PRICE_ID:-price_1T1ZIQJXoKkh5RcK34YXiJQm}
|
||||
|
||||
x-backend-volumes: &backend-volumes
|
||||
- ./config/app/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/app/auth0-client-secret.txt:/run/secrets/auth0-client-secret:ro
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
- ./secrets/app/resend-api-key.txt:/run/secrets/resend-api-key:ro
|
||||
- ./secrets/app/auth0-management-client-id.txt:/run/secrets/auth0-management-client-id:ro
|
||||
- ./secrets/app/auth0-management-client-secret.txt:/run/secrets/auth0-management-client-secret:ro
|
||||
- ./secrets/app/stripe-secret-key.txt:/run/secrets/stripe-secret-key:ro
|
||||
- ./secrets/app/stripe-webhook-secret.txt:/run/secrets/stripe-webhook-secret:ro
|
||||
- ./data/documents:/app/data/documents
|
||||
- ./data/backups:/app/data/backups
|
||||
|
||||
x-backend-healthcheck: &backend-healthcheck
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- node -e "require('http').get('http://localhost:3001/health', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))"
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 180s
|
||||
|
||||
services:
|
||||
# ========================================
|
||||
# BLUE Stack - Frontend
|
||||
@@ -19,25 +76,13 @@ services:
|
||||
image: ${FRONTEND_IMAGE:-git.motovaultpro.com/egullickson/frontend:latest}
|
||||
container_name: mvp-frontend-blue
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
VITE_API_BASE_URL: /api
|
||||
VITE_AUTH0_DOMAIN: ${VITE_AUTH0_DOMAIN:-motovaultpro.us.auth0.com}
|
||||
VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com}
|
||||
SECRETS_DIR: /run/secrets
|
||||
volumes:
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
environment: *frontend-env
|
||||
volumes: *frontend-volumes
|
||||
networks:
|
||||
- frontend
|
||||
depends_on:
|
||||
- mvp-backend-blue
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -sf http://localhost:3000 || exit 1"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
healthcheck: *frontend-healthcheck
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
@@ -55,50 +100,15 @@ services:
|
||||
image: ${BACKEND_IMAGE:-git.motovaultpro.com/egullickson/backend:latest}
|
||||
container_name: mvp-backend-blue
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
# Production Variables
|
||||
#STRIPE_PRO_MONTHLY_PRICE_ID: prod_Toj6BG9Z9JwREl
|
||||
#STRIPE_PRO_YEARLY_PRICE_ID: prod_Toj8oo0RpVBQmB
|
||||
#STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: prod_Toj8xGEui9jl6j
|
||||
#STRIPE_ENTERPRISE_YEARLY_PRICE_ID: prod_Toj9A7A773xrdn
|
||||
# Sandbox Variables
|
||||
STRIPE_PRO_MONTHLY_PRICE_ID: price_1T1ZHMJXoKkh5RcKwKSSGIlR
|
||||
STRIPE_PRO_YEARLY_PRICE_ID: price_1T1ZHnJXoKkh5RcKWlG2MPpX
|
||||
STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: price_1T1ZIBJXoKkh5RcKu2jyhqBN
|
||||
STRIPE_ENTERPRISE_YEARLY_PRICE_ID: price_1T1ZIQJXoKkh5RcK34YXiJQm
|
||||
volumes:
|
||||
- ./config/app/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/app/auth0-client-secret.txt:/run/secrets/auth0-client-secret:ro
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
- ./secrets/app/resend-api-key.txt:/run/secrets/resend-api-key:ro
|
||||
- ./secrets/app/auth0-management-client-id.txt:/run/secrets/auth0-management-client-id:ro
|
||||
- ./secrets/app/auth0-management-client-secret.txt:/run/secrets/auth0-management-client-secret:ro
|
||||
- ./secrets/app/stripe-secret-key.txt:/run/secrets/stripe-secret-key:ro
|
||||
- ./secrets/app/stripe-webhook-secret.txt:/run/secrets/stripe-webhook-secret:ro
|
||||
- ./data/documents:/app/data/documents
|
||||
- ./data/backups:/app/data/backups
|
||||
environment: *backend-env
|
||||
volumes: *backend-volumes
|
||||
networks:
|
||||
- backend
|
||||
- database
|
||||
depends_on:
|
||||
- mvp-postgres
|
||||
- mvp-redis
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- node -e "require('http').get('http://localhost:3001/health', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))"
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 180s
|
||||
healthcheck: *backend-healthcheck
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
@@ -116,25 +126,13 @@ services:
|
||||
image: ${FRONTEND_IMAGE:-git.motovaultpro.com/egullickson/frontend:latest}
|
||||
container_name: mvp-frontend-green
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
VITE_API_BASE_URL: /api
|
||||
VITE_AUTH0_DOMAIN: ${VITE_AUTH0_DOMAIN:-motovaultpro.us.auth0.com}
|
||||
VITE_AUTH0_CLIENT_ID: ${VITE_AUTH0_CLIENT_ID:-yspR8zdnSxmV8wFIghHynQ08iXAPoQJ3}
|
||||
VITE_AUTH0_AUDIENCE: ${VITE_AUTH0_AUDIENCE:-https://api.motovaultpro.com}
|
||||
SECRETS_DIR: /run/secrets
|
||||
volumes:
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
environment: *frontend-env
|
||||
volumes: *frontend-volumes
|
||||
networks:
|
||||
- frontend
|
||||
depends_on:
|
||||
- mvp-backend-green
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "curl -sf http://localhost:3000 || exit 1"]
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 3
|
||||
start_period: 10s
|
||||
healthcheck: *frontend-healthcheck
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
@@ -152,51 +150,15 @@ services:
|
||||
image: ${BACKEND_IMAGE:-git.motovaultpro.com/egullickson/backend:latest}
|
||||
container_name: mvp-backend-green
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
# Production Variables
|
||||
#STRIPE_PRO_MONTHLY_PRICE_ID: prod_Toj6BG9Z9JwREl
|
||||
#STRIPE_PRO_YEARLY_PRICE_ID: prod_Toj8oo0RpVBQmB
|
||||
#STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: prod_Toj8xGEui9jl6j
|
||||
#STRIPE_ENTERPRISE_YEARLY_PRICE_ID: prod_Toj9A7A773xrdn
|
||||
# Sandbox Variables
|
||||
STRIPE_PRO_MONTHLY_PRICE_ID: price_1T1ZHMJXoKkh5RcKwKSSGIlR
|
||||
STRIPE_PRO_YEARLY_PRICE_ID: price_1T1ZHnJXoKkh5RcKWlG2MPpX
|
||||
STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: price_1T1ZIBJXoKkh5RcKu2jyhqBN
|
||||
STRIPE_ENTERPRISE_YEARLY_PRICE_ID: price_1T1ZIQJXoKkh5RcK34YXiJQm
|
||||
|
||||
volumes:
|
||||
- ./config/app/production.yml:/app/config/production.yml:ro
|
||||
- ./config/shared/production.yml:/app/config/shared.yml:ro
|
||||
- ./secrets/app/postgres-password.txt:/run/secrets/postgres-password:ro
|
||||
- ./secrets/app/auth0-client-secret.txt:/run/secrets/auth0-client-secret:ro
|
||||
- ./secrets/app/google-maps-api-key.txt:/run/secrets/google-maps-api-key:ro
|
||||
- ./secrets/app/google-maps-map-id.txt:/run/secrets/google-maps-map-id:ro
|
||||
- ./secrets/app/resend-api-key.txt:/run/secrets/resend-api-key:ro
|
||||
- ./secrets/app/auth0-management-client-id.txt:/run/secrets/auth0-management-client-id:ro
|
||||
- ./secrets/app/auth0-management-client-secret.txt:/run/secrets/auth0-management-client-secret:ro
|
||||
- ./secrets/app/stripe-secret-key.txt:/run/secrets/stripe-secret-key:ro
|
||||
- ./secrets/app/stripe-webhook-secret.txt:/run/secrets/stripe-webhook-secret:ro
|
||||
- ./data/documents:/app/data/documents
|
||||
- ./data/backups:/app/data/backups
|
||||
environment: *backend-env
|
||||
volumes: *backend-volumes
|
||||
networks:
|
||||
- backend
|
||||
- database
|
||||
depends_on:
|
||||
- mvp-postgres
|
||||
- mvp-redis
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD-SHELL
|
||||
- node -e "require('http').get('http://localhost:3001/health', r => process.exit(r.statusCode===200?0:1)).on('error', () => process.exit(1))"
|
||||
interval: 5s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 180s
|
||||
healthcheck: *backend-healthcheck
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
|
||||
Reference in New Issue
Block a user