security(docker): remove hardcoded dev password, stop placeholder secrets leaking into migrator image (#50)
- docker-compose.yml: require ${POSTGRES_PASSWORD} for the postgres service
and the app container's DATABASE_URL. No default — compose refuses to start
without it, mirroring the existing PGADMIN_PASSWORD pattern.
- Dockerfile.prod: move auth/db ENV assignments from persistent ENV lines into
an inline env prefix on the `pnpm build` RUN step. Placeholders are still
available to `next build` but no longer persist in the builder layer or in
the published migrator image (which is FROM builder).
- Dockerfile.dev: add HEALTHCHECK against /api/health and install curl for it.
- .dockerignore: cover nested **/.env*, **/*.pem, **/*.key, **/secrets/**.
- runtime-env.ts: add the CI build placeholder strings to the disallowed-secret
set so a misconfigured prod deploy using the baked-in ARG defaults fails
startup instead of silently running with a known-bad secret.
- .env.example: document the new POSTGRES_PASSWORD requirement.
- CI: write POSTGRES_PASSWORD into the Fresh-Linux Docker Deploy job's .env
(must match docker-compose.ci.yml's hardcoded DATABASE_URL), and provide a
dummy value in the E2E job where compose validates all services' interp.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+11
-1
@@ -17,11 +17,21 @@ node_modules
|
||||
*.swp
|
||||
*.swo
|
||||
|
||||
# Environment files (injected at runtime)
|
||||
# Environment files (injected at runtime). Glob variants catch nested
|
||||
# .env, .env.local, etc. inside any package directory.
|
||||
.env
|
||||
.env.*
|
||||
**/.env
|
||||
**/.env.*
|
||||
!.env.example
|
||||
|
||||
# Private keys, certificates, and any secrets-like directory. Defence in
|
||||
# depth against accidentally bind-mounting or COPYing these in.
|
||||
**/*.pem
|
||||
**/*.key
|
||||
**/secrets
|
||||
**/secrets/**
|
||||
|
||||
# Test artifacts
|
||||
coverage
|
||||
**/coverage
|
||||
|
||||
Reference in New Issue
Block a user