Make docker compose a bit more robust with health check, add redactio…

…n for sensitive env variables when printing
NHAS · Nov 7, 2024 · ebf10d9 · ebf10d9
1 parent 2961c81
commit ebf10d9
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -162,3 +162,10 @@ features:
      dbname:   (string) Which database to use
      sslmode:  (string) postgres sslmode
 ```
+
+## Development
+
+```sh
+docker compose -f docker-compose.dev.yaml down --remove-orphans
+docker compose -f docker-compose.dev.yaml --env-file .env.dev up --build --force-recreate
+```
diff --git a/config/config.go b/config/config.go
@@ -29,7 +29,7 @@ type Config struct {
 			PublicURL           string `yaml:"public_url"`
 			IssuerURL           string `yaml:"issuer_url"`
 			ClientID            string `yaml:"client_id"`
-			ClientSecret        string `yaml:"client_secret"`
+			ClientSecret        string `yaml:"client_secret" sensitive:"yes"`
 			AdminGroupClaimName string `yaml:"admin_group_claim_name"`
 			AdminGroup          string `yaml:"admin_group_name"`
 		}
@@ -42,7 +42,7 @@ type Config struct {
 			Host      string `yaml:"host"`
 			Port      int    `yaml:"port"`
 			Username  string `yaml:"username"`
-			Password  string `yaml:"password"`
+			Password  string `yaml:"password" sensitive:"yes"`
 			FromEmail string `yaml:"from"`
 		}
 
@@ -60,12 +60,17 @@ type Config struct {
 		User     string `yaml:"user"`
 		DBname   string `yaml:"dbname"`
 		SSLmode  string `yaml:"sslmode"`
-		Password string `yaml:"password"`
+		Password string `yaml:"password" sensitive:"yes"`
 	}
 }
 
-func listFields(v interface{}) []string {
-	var fields []string
+type fieldDescription struct {
+	Name      string
+	Sensitive bool
+}
+
+func listFields(v interface{}) []fieldDescription {
+	var fields []fieldDescription
 	t := reflect.TypeOf(v).Elem()
 	for i := 0; i < t.NumField(); i++ {
 		field := t.Field(i)
@@ -74,10 +79,11 @@ func listFields(v interface{}) []string {
 		if field.Type.Kind() == reflect.Struct {
 			subFields := listFields(reflect.New(field.Type).Interface())
 			for _, subField := range subFields {
-				fields = append(fields, fmt.Sprintf("%s.%s", fieldName, subField))
+				fields = append(fields, fieldDescription{Name: fmt.Sprintf("%s.%s", fieldName, subField.Name), Sensitive: subField.Sensitive})
 			}
 		} else {
-			fields = append(fields, fieldName)
+			value, _ := field.Tag.Lookup("sensitive")
+			fields = append(fields, fieldDescription{Name: fieldName, Sensitive: (value == "true" || value == "yes")})
 		}
 	}
 	return fields
@@ -129,12 +135,18 @@ func LoadConfig(path string) (c Config, err error) {
 		fields := listFields(&c)
 		setSomething := false
 		for _, field := range fields {
-			envVariable := os.Getenv(field)
-			fmt.Printf("%s=%s\n", field, envVariable)
+			envVariable := os.Getenv(field.Name)
+
+			printedValue := envVariable
+			if field.Sensitive && envVariable != "" {
+				printedValue = "**********"
+			}
+
+			fmt.Printf("%s=%s\n", field.Name, printedValue)
 
 			if envVariable != "" {
 				setSomething = true
-				setField(&c, field, envVariable)
+				setField(&c, field.Name, envVariable)
 			}
 		}
 

diff --git a/docker-compose.dev.yaml b/docker-compose.dev.yaml
@@ -2,14 +2,24 @@ services:
   postgres:
     image: postgres:13
     environment:
-      - POSTGRES_USER=gohunt
+      - POSTGRES_USER=${GOHUNT_DB_USERNAME:-gohunt}
       - POSTGRES_PASSWORD=gohunt
       - POSTGRES_DB=gohunt
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${GOHUNT_DB_USERNAME:-gohunt}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
     volumes:
-      - db-data:/var/lib/postgresql/data
+      - db-data-dev:/var/lib/postgresql/data
 
   gohunt: 
-    image: ghcr.io/nhas/gohunt:main
+    depends_on: 
+      - postgres
+    build:
+      context: .
+      dockerfile: Dockerfile
+    restart: on-failure
     environment:
       - GOHUNT_USERNAME=${GOHUNT_USERNAME}
       - GOHUNT_PASSWORD=${GOHUNT_PASSWORD}
@@ -20,14 +30,12 @@ services:
       - Notification.Webhooks.Enabled=true
       - Database.Host=postgres
       - Database.Port=5432
-      - Database.User=gohunt
+      - Database.User=${GOHUNT_DB_USERNAME:-gohunt}
       - Database.DBname=gohunt
       - Database.SSLmode=disable
       - Database.Password=gohunt
     ports:
       - 8081:8081
 
 volumes:
-  db-data:
-  caddy-data:
-  caddy_config:
+  db-data-dev:
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -3,9 +3,14 @@ services:
     image: postgres:13
     restart: on-failure
     environment:
-      - POSTGRES_USER=gohunt
+      - POSTGRES_USER=${GOHUNT_DB_USERNAME:-gohunt}
       - POSTGRES_PASSWORD=${DB_PASSWORD}
       - POSTGRES_DB=gohunt
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U ${GOHUNT_DB_USERNAME:-gohunt}"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
     volumes:
       - db-data:/var/lib/postgresql/data
 
@@ -25,7 +30,7 @@ services:
       - Notification.Webhooks.Enabled=true
       - Database.Host=postgres
       - Database.Port=5432
-      - Database.User=gohunt
+      - Database.User=${GOHUNT_DB_USERNAME:-gohunt}
       - Database.DBname=gohunt
       - Database.SSLmode=disable
       - Database.Password=${DB_PASSWORD}