Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support _FILE suffix for docker secrets (again) #4958

Open
wants to merge 1 commit into
base: mealie-next
Choose a base branch
from
Open

feat: support _FILE suffix for docker secrets (again) #4958

wants to merge 1 commit into from

Conversation

RMI78
Copy link

@RMI78 RMI78 commented Jan 27, 2025

What this PR does / why we need it:

Actually reading _FILE variables in Docker (for docker secrets) through the entrypoint. Which patch the initial way of getting Docker secrets (prior to #3656 ) which simply doesn't work. This PR updates the documentation as well.

Which issue(s) this PR fixes:

Not really an issue but more a forever-drafted PR that was supposed to work #3781
You can read more about this discussion and the stakes, everything is here, the author just does not seems to be active anymore. I just updated the feature to the last version of Mealie. All credits goes to @andrewvaughan though.

Testing

Change have already been tested by @DennisGaida on the above drafted PR. That said I double checked and succeed to setup a Mealie instance with a Postgres SQL DB using docker secrets using the following docker compose (modified from your prod version). I only used creds for Postgres and as every other variables work the same I assumed it won't be a big deal (the entrypoint is now just reading files instead of strings on some conditions, nothing should be breaking) as testing them all would take much more time and environment setup.

services:
  mealie:
    container_name: mealie
    image: mealie:dev
    build:
      context: ../
      target: production
      dockerfile: ./docker/Dockerfile
    restart: always
    volumes:
      - mealie-data:/app/data/
    ports:
      - 9091:9000
    environment:
      ALLOW_SIGNUP: "false"
      LOG_LEVEL: "DEBUG"
      DB_ENGINE: postgres
      POSTGRES_USER_FILE: /run/secrets/mealie_postgres_usr
      POSTGRES_PASSWORD_FILE: /run/secrets/mealie_postgres_passwd
      POSTGRES_SERVER: postgres
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie
    networks:
      - test_network
    secrets:
      - mealie_postgres_passwd
      - mealie_postgres_usr

  postgres:
    container_name: postgres
    image: postgres:15
    restart: always
    volumes:
      - mealie-pgdata:/var/lib/postgresql/data
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/mealie_postgres_passwd
      POSTGRES_USER_FILE: /run/secrets/mealie_postgres_usr
      POSTGRES_DB: mealie
    secrets:
      - mealie_postgres_passwd
      - mealie_postgres_usr
    networks:
      - test_network

volumes:
  mealie-data:
    driver: local
  mealie-pgdata:

networks:
  test_network:

secrets:
  mealie_postgres_passwd:
    file: ./secrets/password.txt
  mealie_postgres_usr:
    file: ./secrets/user.txt

This also included creating some dummy secrets files, as you can see. I created them locally in the Docker directory for some sketchy testing but they are not included in the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@RMI78