Add support for local secrets (#227)

## Ticket n/a ## Changes - Provide an example docker compose override file - Update .gitignore to ensure non-example override files aren't committed - Update documentation (plus comment in local.env) to explain how to use it - Move the docker compose files to inside the app folder - Update the developer set up instructions ## Context for reviewers - This allows developers to set local secrets that are passed to their Docker container. ## Testing Follow the instructions in the documentation and verify the contents of your .env match what's available to the Docker container.
navapbc · Jul 2, 2024 · ebe2640 · ebe2640
1 parent 39affbf
commit ebe2640
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 18 deletions.
diff --git a/app/.gitignore b/app/.gitignore
@@ -29,3 +29,8 @@ coverage.*
 
 # Poetry installer local error logs
 poetry-installer-error-*.log
+
+# This file is used in local development to pass an /app/.env
+# file to the container, for secrets. It should not be committed
+# to the repo because tests and CI/CD will not have an .env file.
+docker-compose.override.yml
diff --git a/docker-compose.debug.yml → app/docker-compose.debug.yml b/docker-compose.debug.yml → app/docker-compose.debug.yml
@@ -3,13 +3,13 @@
 services:
   main-app:
     build:
-      context: ./app
+      context: ./
       target: dev
       args:
         - RUN_UID=${RUN_UID:-4000}
         - RUN_USER=${RUN_USER:-app}
     container_name: main-app
-    env_file: ./app/local.env
+    env_file: local.env
     command: [
       "poetry", "run", "python", "-m", "debugpy",
       "--listen", "0.0.0.0:5678",
@@ -20,4 +20,4 @@ services:
     ports:
       - 5678:5678
     volumes:
-      - ./app:/app
+      - ./:/app
diff --git a/app/docker-compose.override.yml.example b/app/docker-compose.override.yml.example
@@ -0,0 +1,6 @@
+services:
+
+  main-app:
+    env_file:
+      - local.env
+      - .env
diff --git a/docker-compose.yml → app/docker-compose.yml b/docker-compose.yml → app/docker-compose.yml
@@ -17,18 +17,18 @@ services:
 
   main-app:
     build:
-      context: ./app
+      context: ./
       target: dev
       args:
         - RUN_UID=${RUN_UID:-4000}
         - RUN_USER=${RUN_USER:-app}
     command: ["poetry", "run", "flask", "--app", "src.app", "run", "--host", "0.0.0.0", "--port", "8080", "--reload"]
     container_name: main-app
-    env_file: ./app/local.env
+    env_file: local.env
     ports:
       - 8080:8080
     volumes:
-      - ./app:/app
+      - ./:/app
     depends_on:
       - main-db
 

diff --git a/app/local.env b/app/local.env
@@ -63,8 +63,12 @@ HIDE_SQL_PARAMETER_LOGS=TRUE
 # add them to this file to avoid mistakenly
 # committing them. Set these in your shell
 # by doing `export AWS_ACCESS_KEY_ID=whatever`
+# if you are running the app directly, or
+# in your `app/.env` if you are running the
+# app in a Docker container
 AWS_ACCESS_KEY_ID=DO_NOT_SET_HERE
 AWS_SECRET_ACCESS_KEY=DO_NOT_SET_HERE
+
 # These next two are commented out as we
 # don't have configuration for individuals
 # to use these at the moment and boto3

diff --git a/docs/app/README.md b/docs/app/README.md
@@ -30,8 +30,7 @@ root
 │   └── Makefile            Frequently used CLI commands for docker and utilities
 │   └── pyproject.toml      Python project configuration file
 │   └── Dockerfile          Docker build file for project
-│
-└── docker-compose.yml  Config file for docker-compose tool, used for local development
+└── └── docker-compose.yml  Config file for docker-compose tool, used for local development
 ```
 
 ## Information

diff --git a/docs/app/getting-started.md b/docs/app/getting-started.md
@@ -6,8 +6,6 @@ A very simple [docker-compose.yml](/docker-compose.yml) has been included to sup
 
 ## Prerequisites
 
-**Note:** Run everything from within the `/app` folder:
-
 1. Install the version of Python specified in [.python-version](/app/.python-version)
    [pyenv](https://github.com/pyenv/pyenv#installation) is one popular option for installing Python,
    or [asdf](https://asdf-vm.com/).
@@ -21,17 +19,25 @@ A very simple [docker-compose.yml](/docker-compose.yml) has been included to sup
 
 3. If you are using an M1 mac, you will need to install postgres as well: `brew install postgresql` (The psycopg2-binary is built from source on M1 macs which requires the postgres executable to be present)
 
-4. You'll also need [Docker Desktop](https://www.docker.com/products/docker-desktop/)
+4. You'll also need [Docker Desktop](https://www.docker.com/products/docker-desktop/) installed and running.
 
 ## Run the application
 
-1. In your terminal, `cd` to the `app` directory of this repo.
-2. Make sure you have [Docker Desktop](https://www.docker.com/products/docker-desktop/) installed & running.
-3. Run `make setup-local` to install dependencies
-4. Run `make init start` to build the image and start the container.
-5. Navigate to `localhost:8080/docs` to access the Swagger UI.
-6. Run `make run-logs` to see the logs of the running API container
-7. Run `make stop` when you are done to delete the container.
+**Note:** Run everything from within the `/app` folder:
+
+1. Run `make init start` to build the image and start the container.
+2. Navigate to `localhost:8080/docs` to access the Swagger UI.
+3. Run `make run-logs` to see the logs of the running API container
+4. Run `make stop` when you are done to stop the container.
+
+## (Optional) Configure local secrets
+
+If you need to pass secrets to the application via environment variables, copy the provided [/app/docker-compose.override.yml.example](/docker-compose.override.yml.example) to `/app/docker-compose.override.yml`. Then create an `/app/.env` file with your secrets. The override will pass this file to the Docker container with your application.
+
+```bash
+cp docker-compose.override.yml.example docker-compose.override.yml
+touch app/.env
+```
 
 ## Next steps