From ebe26405ac731758de49cdfc8545c850a97f1001 Mon Sep 17 00:00:00 2001 From: Kevin Boyer Date: Tue, 2 Jul 2024 11:44:02 -0400 Subject: [PATCH] Add support for local secrets (#227) ## Ticket n/a ## Changes - Provide an example docker compose override file - Update .gitignore to ensure non-example override files aren't committed - Update documentation (plus comment in local.env) to explain how to use it - Move the docker compose files to inside the app folder - Update the developer set up instructions ## Context for reviewers - This allows developers to set local secrets that are passed to their Docker container. ## Testing Follow the instructions in the documentation and verify the contents of your .env match what's available to the Docker container. --- app/.gitignore | 5 ++++ .../docker-compose.debug.yml | 6 ++--- app/docker-compose.override.yml.example | 6 +++++ docker-compose.yml => app/docker-compose.yml | 6 ++--- app/local.env | 4 +++ docs/app/README.md | 3 +-- docs/app/getting-started.md | 26 ++++++++++++------- 7 files changed, 38 insertions(+), 18 deletions(-) rename docker-compose.debug.yml => app/docker-compose.debug.yml (89%) create mode 100644 app/docker-compose.override.yml.example rename docker-compose.yml => app/docker-compose.yml (93%) diff --git a/app/.gitignore b/app/.gitignore index d4c0859c..a85aca5b 100644 --- a/app/.gitignore +++ b/app/.gitignore @@ -29,3 +29,8 @@ coverage.* # Poetry installer local error logs poetry-installer-error-*.log + +# This file is used in local development to pass an /app/.env +# file to the container, for secrets. It should not be committed +# to the repo because tests and CI/CD will not have an .env file. +docker-compose.override.yml diff --git a/docker-compose.debug.yml b/app/docker-compose.debug.yml similarity index 89% rename from docker-compose.debug.yml rename to app/docker-compose.debug.yml index 602c799f..2b840fa2 100644 --- a/docker-compose.debug.yml +++ b/app/docker-compose.debug.yml @@ -3,13 +3,13 @@ services: main-app: build: - context: ./app + context: ./ target: dev args: - RUN_UID=${RUN_UID:-4000} - RUN_USER=${RUN_USER:-app} container_name: main-app - env_file: ./app/local.env + env_file: local.env command: [ "poetry", "run", "python", "-m", "debugpy", "--listen", "0.0.0.0:5678", @@ -20,4 +20,4 @@ services: ports: - 5678:5678 volumes: - - ./app:/app + - ./:/app diff --git a/app/docker-compose.override.yml.example b/app/docker-compose.override.yml.example new file mode 100644 index 00000000..94443e81 --- /dev/null +++ b/app/docker-compose.override.yml.example @@ -0,0 +1,6 @@ +services: + + main-app: + env_file: + - local.env + - .env diff --git a/docker-compose.yml b/app/docker-compose.yml similarity index 93% rename from docker-compose.yml rename to app/docker-compose.yml index ddb0c307..f6c4011b 100644 --- a/docker-compose.yml +++ b/app/docker-compose.yml @@ -17,18 +17,18 @@ services: main-app: build: - context: ./app + context: ./ target: dev args: - RUN_UID=${RUN_UID:-4000} - RUN_USER=${RUN_USER:-app} command: ["poetry", "run", "flask", "--app", "src.app", "run", "--host", "0.0.0.0", "--port", "8080", "--reload"] container_name: main-app - env_file: ./app/local.env + env_file: local.env ports: - 8080:8080 volumes: - - ./app:/app + - ./:/app depends_on: - main-db diff --git a/app/local.env b/app/local.env index 21c5a1b6..e99876b6 100644 --- a/app/local.env +++ b/app/local.env @@ -63,8 +63,12 @@ HIDE_SQL_PARAMETER_LOGS=TRUE # add them to this file to avoid mistakenly # committing them. Set these in your shell # by doing `export AWS_ACCESS_KEY_ID=whatever` +# if you are running the app directly, or +# in your `app/.env` if you are running the +# app in a Docker container AWS_ACCESS_KEY_ID=DO_NOT_SET_HERE AWS_SECRET_ACCESS_KEY=DO_NOT_SET_HERE + # These next two are commented out as we # don't have configuration for individuals # to use these at the moment and boto3 diff --git a/docs/app/README.md b/docs/app/README.md index 1e650809..54295b1b 100644 --- a/docs/app/README.md +++ b/docs/app/README.md @@ -30,8 +30,7 @@ root │ └── Makefile Frequently used CLI commands for docker and utilities │ └── pyproject.toml Python project configuration file │ └── Dockerfile Docker build file for project -│ -└── docker-compose.yml Config file for docker-compose tool, used for local development +└── └── docker-compose.yml Config file for docker-compose tool, used for local development ``` ## Information diff --git a/docs/app/getting-started.md b/docs/app/getting-started.md index 589c97eb..df13fb3f 100644 --- a/docs/app/getting-started.md +++ b/docs/app/getting-started.md @@ -6,8 +6,6 @@ A very simple [docker-compose.yml](/docker-compose.yml) has been included to sup ## Prerequisites -**Note:** Run everything from within the `/app` folder: - 1. Install the version of Python specified in [.python-version](/app/.python-version) [pyenv](https://github.com/pyenv/pyenv#installation) is one popular option for installing Python, or [asdf](https://asdf-vm.com/). @@ -21,17 +19,25 @@ A very simple [docker-compose.yml](/docker-compose.yml) has been included to sup 3. If you are using an M1 mac, you will need to install postgres as well: `brew install postgresql` (The psycopg2-binary is built from source on M1 macs which requires the postgres executable to be present) -4. You'll also need [Docker Desktop](https://www.docker.com/products/docker-desktop/) +4. You'll also need [Docker Desktop](https://www.docker.com/products/docker-desktop/) installed and running. ## Run the application -1. In your terminal, `cd` to the `app` directory of this repo. -2. Make sure you have [Docker Desktop](https://www.docker.com/products/docker-desktop/) installed & running. -3. Run `make setup-local` to install dependencies -4. Run `make init start` to build the image and start the container. -5. Navigate to `localhost:8080/docs` to access the Swagger UI. -6. Run `make run-logs` to see the logs of the running API container -7. Run `make stop` when you are done to delete the container. +**Note:** Run everything from within the `/app` folder: + +1. Run `make init start` to build the image and start the container. +2. Navigate to `localhost:8080/docs` to access the Swagger UI. +3. Run `make run-logs` to see the logs of the running API container +4. Run `make stop` when you are done to stop the container. + +## (Optional) Configure local secrets + +If you need to pass secrets to the application via environment variables, copy the provided [/app/docker-compose.override.yml.example](/docker-compose.override.yml.example) to `/app/docker-compose.override.yml`. Then create an `/app/.env` file with your secrets. The override will pass this file to the Docker container with your application. + +```bash +cp docker-compose.override.yml.example docker-compose.override.yml +touch app/.env +``` ## Next steps