chore: centralize docker-compose variables into .env
All checks were successful
Deploy to Staging / Build Images (push) Successful in 39s
Deploy to Staging / Deploy to Staging (push) Successful in 52s
Deploy to Staging / Verify Staging (push) Successful in 9s
Deploy to Staging / Notify Staging Ready (push) Successful in 8s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
All checks were successful
Deploy to Staging / Build Images (push) Successful in 39s
Deploy to Staging / Deploy to Staging (push) Successful in 52s
Deploy to Staging / Verify Staging (push) Successful in 9s
Deploy to Staging / Notify Staging Ready (push) Successful in 8s
Deploy to Staging / Notify Staging Failure (push) Has been skipped
Stripe Price IDs were hardcoded and duplicated across 4 compose files.
Log levels were hardcoded per-overlay instead of using generate-log-config.sh.
This refactors all environment-specific variables into a single .env file
that CI/CD generates from Gitea repo variables + generate-log-config.sh.
- Add .env.example template with documented variables
- Replace hardcoded values with ${VAR:-default} substitution in base compose
- Simplify prod overlay from 90 to 32 lines (remove redundant env blocks)
- Add YAML anchors to blue-green overlay (eliminate blue/green duplication)
- Remove redundant OCR env block from staging overlay
- Change generate-log-config.sh to output to stdout (pipe into .env)
- Update staging/production CI/CD to generate .env with Stripe + log vars
- Remove dangerous pk_live_ default from VITE_STRIPE_PUBLISHABLE_KEY
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Eric Gullickson
@@ -6,18 +6,14 @@
|
||||
#
|
||||
# This file removes development-only configurations:
|
||||
# - Database port exposure (PostgreSQL, Redis)
|
||||
# - Development-specific settings
|
||||
# - Traefik dashboard auth middleware
|
||||
#
|
||||
# Environment-specific values (log levels, Stripe IDs) are driven by .env
|
||||
# generated by CI/CD from Gitea variables + scripts/ci/generate-log-config.sh
|
||||
|
||||
services:
|
||||
# Traefik - Production log level and dashboard auth
|
||||
# Traefik - Dashboard auth middleware
|
||||
mvp-traefik:
|
||||
environment:
|
||||
# Traefik log levels: TRACE | DEBUG | INFO | WARN | ERROR
|
||||
LOG_LEVEL: error
|
||||
command:
|
||||
- --configFile=/etc/traefik/traefik.yml
|
||||
# Traefik log levels: TRACE | DEBUG | INFO | WARN | ERROR
|
||||
- --log.level=ERROR
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.motovaultpro.local`)"
|
||||
@@ -26,64 +22,10 @@ services:
|
||||
- "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
|
||||
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$10$$foobar"
|
||||
|
||||
# Backend - Production log level
|
||||
mvp-backend:
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
CONFIG_PATH: /app/config/production.yml
|
||||
SECRETS_DIR: /run/secrets
|
||||
# Pino log levels: trace | debug | info | warn | error | fatal
|
||||
LOG_LEVEL: error
|
||||
DATABASE_HOST: mvp-postgres
|
||||
REDIS_HOST: mvp-redis
|
||||
# Production Variables
|
||||
#STRIPE_PRO_MONTHLY_PRICE_ID: prod_Toj6BG9Z9JwREl
|
||||
#STRIPE_PRO_YEARLY_PRICE_ID: prod_Toj8oo0RpVBQmB
|
||||
#STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: prod_Toj8xGEui9jl6j
|
||||
#STRIPE_ENTERPRISE_YEARLY_PRICE_ID: prod_Toj9A7A773xrdn
|
||||
# Sandbox Variables
|
||||
STRIPE_PRO_MONTHLY_PRICE_ID: price_1T1ZHMJXoKkh5RcKwKSSGIlR
|
||||
STRIPE_PRO_YEARLY_PRICE_ID: price_1T1ZHnJXoKkh5RcKWlG2MPpX
|
||||
STRIPE_ENTERPRISE_MONTHLY_PRICE_ID: price_1T1ZIBJXoKkh5RcKu2jyhqBN
|
||||
STRIPE_ENTERPRISE_YEARLY_PRICE_ID: price_1T1ZIQJXoKkh5RcK34YXiJQm
|
||||
|
||||
# OCR - Production log level + engine config
|
||||
mvp-ocr:
|
||||
environment:
|
||||
# Python log levels: DEBUG | INFO | WARNING | ERROR | CRITICAL
|
||||
LOG_LEVEL: error
|
||||
REDIS_HOST: mvp-redis
|
||||
REDIS_PORT: 6379
|
||||
REDIS_DB: 1
|
||||
# OCR engine configuration (Google Vision primary, PaddleOCR fallback)
|
||||
OCR_PRIMARY_ENGINE: google_vision
|
||||
OCR_FALLBACK_ENGINE: paddleocr
|
||||
OCR_CONFIDENCE_THRESHOLD: "0.6"
|
||||
OCR_FALLBACK_THRESHOLD: "0.6"
|
||||
GOOGLE_VISION_KEY_PATH: /run/secrets/google-wif-config.json
|
||||
VISION_MONTHLY_LIMIT: "1000"
|
||||
# Vertex AI / Gemini configuration (maintenance schedule extraction)
|
||||
VERTEX_AI_PROJECT: motovaultpro
|
||||
VERTEX_AI_LOCATION: us-central1
|
||||
GEMINI_MODEL: gemini-2.5-flash
|
||||
|
||||
# PostgreSQL - Remove dev ports, production log level
|
||||
# PostgreSQL - Remove dev ports
|
||||
mvp-postgres:
|
||||
ports: []
|
||||
environment:
|
||||
POSTGRES_DB: motovaultpro
|
||||
POSTGRES_USER: postgres
|
||||
POSTGRES_PASSWORD_FILE: /run/secrets/postgres-password
|
||||
POSTGRES_INITDB_ARGS: --encoding=UTF8
|
||||
LOG_LEVEL: error
|
||||
# PostgreSQL log statements: none | ddl | mod | all
|
||||
POSTGRES_LOG_STATEMENT: none
|
||||
# Minimum query duration to log: -1 (disabled) | 0 (all) | N (ms threshold)
|
||||
POSTGRES_LOG_MIN_DURATION_STATEMENT: -1
|
||||
PGDATA: /var/lib/postgresql/data/pgdata
|
||||
|
||||
# Redis - Remove dev ports, production log level
|
||||
# Redis - Remove dev ports
|
||||
mvp-redis:
|
||||
ports: []
|
||||
# Redis log levels: debug | verbose | notice | warning
|
||||
command: redis-server --appendonly yes --loglevel warning
|
||||
|
||||
Reference in New Issue
Block a user