Use env files instead of environment variables declared in docker-compose. Closes #1088 (#1091)

It's best practice to leave secrets and environment variables outside of a docker compose file, because if there are secrets we can't add the file to a VCS.

This PR adds a new entrypoint to the Docker container to create required env variables for postgres and stringer if they don't already exist. It also changes the docker-compose.yml file to use these env files instead of environment variables passed in one by one. I also renamed the containers from postgres and web to stringer-postgres and stringer which are more identifiable in a setup that may have multiple services or applications running in docker.

Finally, I also updated the docker compose docs and upgraded the docker compose file version to 3.

The new instructions for easy setup via docker compose are:

- clone the repo
- `touch .env`
- `docker compose up -d`
- visit `localhost`

Author: guidopetri

.gitignore

@@ -28,3 +28,4 @@ spec/examples.txt
 
 # Ignore local .env files
 *.local
+.env

docker-compose.yml

@@ -1,37 +1,46 @@
-version: '2'
+version: '3'
 
 services:
-  postgres:
+  stringer-setup:
+    image: stringerrss/stringer:latest
+    container_name: stringer-setup
+    restart: no
+    env_file: .env
+    volumes:
+      - ./.env:/app/.env
+    entrypoint: ["ruby"]
+    command: ["/app/docker/init_or_update_env.rb"]
+
+  stringer-postgres:
     image: postgres:9.5-alpine
+    container_name: stringer-postgres
     restart: always
+    depends_on:
+      stringer-setup:
+        condition: service_completed_successfully
     networks:
       - stringer-network
     volumes:
       - ~/stringer:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_PASSWORD=super_secret_password
-      - POSTGRES_USER=db_user
-      - POSTGRES_DB=stringer
+    env_file: .env
 
-  web:
+  stringer:
     image: stringerrss/stringer:latest
+    container_name: stringer
     build: .
     depends_on:
-      - postgres
+      stringer-postgres:
+        condition: service_started
+      stringer-setup:
+        condition: service_completed_successfully
     restart: always
     ports:
       - 80:8080
     networks:
       - stringer-network
-    environment:
-      - SECRET_KEY_BASE=<your configuration>
-      - ENCRYPTION_PRIMARY_KEY=<your configuration>
-      - ENCRYPTION_DETERMINISTIC_KEY=<your configuration>
-      - ENCRYPTION_KEY_DERIVATION_SALT=<your configuration>
-      - PORT=8080
-      - DATABASE_URL=postgres://db_user:super_secret_password@postgres:5432/stringer
+    env_file: .env
 
 networks:
   stringer-network:
     external: false
-    name: stringer-network
+    name: stringer-network

docker/init_or_update_env.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Secrets
+  def self.generate_secret(length)
+    `openssl rand -hex #{length}`.strip
+  end
+end
+
+pg_user = ENV.fetch("POSTGRES_USER", "stringer")
+pg_password = ENV.fetch("POSTGRES_PASSWORD", Secrets.generate_secret(32))
+pg_host = ENV.fetch("POSTGRES_HOSTNAME", "stringer-postgres")
+pg_db = ENV.fetch("POSTGRES_DB", "stringer")
+
+required_env = {
+  "SECRET_KEY_BASE" => Secrets.generate_secret(64),
+  "ENCRYPTION_PRIMARY_KEY" => Secrets.generate_secret(64),
+  "ENCRYPTION_DETERMINISTIC_KEY" => Secrets.generate_secret(64),
+  "ENCRYPTION_KEY_DERIVATION_SALT" => Secrets.generate_secret(64),
+  "POSTGRES_USER" => pg_user,
+  "POSTGRES_PASSWORD" => pg_password,
+  "POSTGRES_HOSTNAME" => pg_host,
+  "POSTGRES_DB" => pg_db,
+  "FETCH_FEEDS_CRON" => "*/5 * * * *",
+  "CLEANUP_CRON" => "0 0 * * *",
+  "DATABASE_URL" => "postgres://#{pg_user}:#{pg_password}@#{pg_host}/#{pg_db}"
+}
+
+required_env.each do |key, value|
+  next if ENV.key?(key)
+
+  File.open("/app/.env", "a") { |file| file << "#{key}=#{value}\n" }
+end

docs/Docker.md

@@ -2,7 +2,15 @@
 
 ## Production ready setup using docker-compose
 
-Download [docker-compose.yml](../docker-compose.yml) and in the corresponding folder, run `docker-compose up -d`, give it a second and visit `localhost`
+Create a local environment file named `.env`, e.g. via `touch .env`.
+
+Download [docker-compose.yml](../docker-compose.yml) and run:
+
+```sh
+touch .env && docker compose up -d
+```
+
+Give it a second and visit `localhost`!
 
 ## Production ready manual setup