Try to remove any secrets in envs during build

jeffmaki · jeffmaki · commit e680d9263f18 · 2025-12-16T17:59:49.000-05:00
diff --git a/docker-compose.build.yml b/docker-compose.build.yml
@@ -8,6 +8,8 @@ services:
         - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-frontend:buildcache
       cache_to:
         - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-frontend:buildcache,mode=max
+
+      # these get baked into the JavaScript at build time--so ARGS not ENVS
       args:
         VITE_TDEI_API_URL: ${WS_TDEI_API_URL}
         VITE_TDEI_USER_API_URL: ${WS_TDEI_BACKEND_URL}
@@ -84,30 +86,32 @@ services:
   # OSM website/OSM API
   osm-rails:
     image: ${WS_DOCKER_REGISTRY}/workspaces-osm-rails:${ENV}
-    environment:
-        RAILS_ENV: production
-        SECRET_KEY_BASE: ${WS_OSM_SECRET_KEY_BASE}
-        WS_OSM_HOST: ${WS_OSM_HOST}
-        WS_OSM_DB_HOST: ${WS_OSM_DB_HOST}
-        WS_OSM_DB_USER: ${WS_OSM_DB_USER}
-        WS_OSM_DB_PASS: ${WS_OSM_DB_PASS}
-        WS_OSM_DB_NAME: ${WS_OSM_DB_NAME}
-        WS_MAIL_NAME: ${WS_MAIL_NAME}
-        WS_MAIL_FROM: ${WS_MAIL_FROM}
-        WS_MAIL_CONTACT: ${WS_MAIL_CONTACT}
-        WS_MAIL_RETURN_PATH: ${WS_MAIL_RETURN_PATH}
-        WS_SMTP_DOMAIN: ${WS_SMTP_DOMAIN}
-        WS_SMTP_HOST: ${WS_SMTP_HOST}
-        WS_SMTP_PORT: ${WS_SMTP_PORT}
-        WS_SMTP_USER: ${WS_SMTP_USER}
-        WS_SMTP_PASS: ${WS_SMTP_PASS}
-        PIDFILE: /tmp/pids/server.pid
+#    environment:
+#        RAILS_ENV: production
+#        SECRET_KEY_BASE: ${WS_OSM_SECRET_KEY_BASE}
+#        WS_OSM_HOST: ${WS_OSM_HOST}
+#        WS_OSM_DB_HOST: ${WS_OSM_DB_HOST}
+#        WS_OSM_DB_USER: ${WS_OSM_DB_USER}
+#        WS_OSM_DB_PASS: ${WS_OSM_DB_PASS}
+#        WS_OSM_DB_NAME: ${WS_OSM_DB_NAME}
+#        WS_MAIL_NAME: ${WS_MAIL_NAME}
+#        WS_MAIL_FROM: ${WS_MAIL_FROM}
+#        WS_MAIL_CONTACT: ${WS_MAIL_CONTACT}
+#        WS_MAIL_RETURN_PATH: ${WS_MAIL_RETURN_PATH}
+#        WS_SMTP_DOMAIN: ${WS_SMTP_DOMAIN}
+#        WS_SMTP_HOST: ${WS_SMTP_HOST}
+#        WS_SMTP_PORT: ${WS_SMTP_PORT}
+#        WS_SMTP_USER: ${WS_SMTP_USER}
+#        WS_SMTP_PASS: ${WS_SMTP_PASS}
+#        PIDFILE: /tmp/pids/server.pid
+
     build:
-      args:
-        WS_OSM_DB_HOST: ${WS_OSM_DB_HOST}
-        WS_OSM_DB_USER: ${WS_OSM_DB_USER}
-        WS_OSM_DB_PASS: ${WS_OSM_DB_PASS}
-        WS_OSM_DB_NAME: ${WS_OSM_DB_NAME}
+#      args:
+#        WS_OSM_DB_HOST: ${WS_OSM_DB_HOST}
+#        WS_OSM_DB_USER: ${WS_OSM_DB_USER}
+#        WS_OSM_DB_PASS: ${WS_OSM_DB_PASS}
+#        WS_OSM_DB_NAME: ${WS_OSM_DB_NAME}
+
       cache_from:
         - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-osm-rails:buildcache
       cache_to:
@@ -134,25 +138,6 @@ services:
     extends: osm-cgimap
     image: ${WS_DOCKER_REGISTRY}/workspaces-osm-cgimap:${CODE_VERSION}
 
-  # tasking manager
-  # tasks-frontend:
-  #   image: ${WS_DOCKER_REGISTRY}/workspaces-tasks-frontend:${ENV}
-  #   build:
-  #     cache_from:
-  #       - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-tasks-frontend:buildcache
-  #     cache_to:
-  #       - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-tasks-frontend:buildcache,mode=max
-  #     context: tasking-manager
-  #     dockerfile: ./scripts/docker/Dockerfile.frontend
-  #     args:
-  #       TM_APP_API_URL: ${WS_TASKS_URL}
-  #       #TM_CONSUMER_KEY
-  #       #TM_CONSUMER_SECRET
-
-  # tasks-frontend_tag:
-  #   extends: tasks-frontend
-  #   image: ${WS_DOCKER_REGISTRY}/workspaces-tasks-frontend:${CODE_VERSION}
-
   # tasking manager
   tasks-backend:
     image: ${WS_DOCKER_REGISTRY}/workspaces-tasks-backend:${ENV}
@@ -177,6 +162,8 @@ services:
         - type=registry,ref=${WS_DOCKER_REGISTRY}/workspaces-leaderboard-frontend:buildcache,mode=max
       context: ./leaderboard/frontend
       dockerfile: Dockerfile
+      
+      # these get baked into the JavaScript at build time--so ARGS not ENVS
       args:
         VITE_TDEI_API_URL: ${WS_TDEI_API_URL}
         VITE_TDEI_USER_API_URL: ${WS_TDEI_BACKEND_URL}
diff --git a/docker-compose.deploy.yml b/docker-compose.deploy.yml
@@ -129,19 +129,6 @@ services:
       - traefik.http.routers.pathways-editor.entrypoints=websecure
       - traefik.http.routers.pathways-editor.tls.certresolver=myresolver
 
-  # for debugging only
-  #
-  #osm-log-proxy:
-  #  image: ${WS_DOCKER_REGISTRY}/workspaces-osm-log-proxy:${WS_DOCKER_TAG}
-  #  depends_on:
-  #    - osm-web
-  #      #labels:
-  #      #  - traefik.enable=true
-  #      #  - traefik.http.routers.osm-log-proxy.rule=Host(`${WS_OSM_HOST}`)
-  #      #  - traefik.http.services.osm-log-proxy.loadbalancer.server.port=80
-  #      #  - traefik.http.routers.osm-log-proxy.entrypoints=websecure
-  #      #  - traefik.http.routers.osm-log-proxy.tls.certresolver=myresolver
-
   # workspaces APIs (OSM Rails and C-accelerated)
   osm-web:
     image: ${WS_DOCKER_REGISTRY}/workspaces-osm-web:${WS_DOCKER_TAG}
@@ -178,17 +165,6 @@ services:
       CGIMAP_MAP_NODES: ${WS_OSM_MAX_EXPORT_NODES}
       CGIMAP_MAP_AREA: ${WS_OSM_MAX_EXPORT_AREA}
 
-  # tasking manager (*not* Workspaces)
-  # tasks-frontend:
-  #   image: ${WS_DOCKER_REGISTRY}/workspaces-tasks-frontend:${WS_DOCKER_TAG}
-  #   restart: always
-  #   labels:
-  #     - traefik.enable=true
-  #     - traefik.http.routers.tasks-frontend.rule=Host(`${WS_TASKS_HOST}`)
-  #     - traefik.http.services.tasks-frontend.loadbalancer.server.port=80
-  #     - traefik.http.routers.tasks-frontend.entrypoints=websecure
-  #     - traefik.http.routers.tasks-frontend.tls.certresolver=myresolver
-
   tasks-backend:
     image: ${WS_DOCKER_REGISTRY}/workspaces-tasks-backend:${WS_DOCKER_TAG}
     restart: always
