Skip to content

PG* DB env preparation #1671

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
brontolosone merged 11 commits into from
Mar 7, 2026
Merged

PG* DB env preparation #1671

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
91d8b38
PG* DB env preparation
brontolosone Mar 3, 2026
a91ca4e
leave PG* env vars be when PGSERVICE is defined
brontolosone Mar 3, 2026
b697266
use pg_isready to test DB connection
brontolosone Mar 4, 2026
7dec32b
and how about now
brontolosone Mar 6, 2026
d0b7dcc
bump backend submodule
brontolosone Mar 6, 2026
b4aa5c0
https://github.com/getodk/central/pull/1671#discussion_r2897275363
brontolosone Mar 6, 2026
5e778ce
it's odk not central
brontolosone Mar 6, 2026
707290a
https://github.com/getodk/central/pull/1671/files/d0b7dcc4e5f668817bf…
brontolosone Mar 6, 2026
13faa6e
error out during build when DB_SSL=true, but point to solution
brontolosone Mar 6, 2026
5d45c86
needs to exit zero
brontolosone Mar 6, 2026
d5bb49f
address some PR review comments
brontolosone Mar 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@ services:
service:
build:
context: .
args:
DB_SSL: ${DB_SSL} # So that we can error out at build time if this is defined with a value of "true" (no longer supported from 2026.1).
dockerfile: service.dockerfile
depends_on:
- secrets
Expand All @@ -47,12 +49,24 @@ services:
volumes:
- secrets:/etc/secrets
- /data/transfer:/data/transfer
env_file: .env
env_file:
- ".env"
environment:
- DOMAIN=${DOMAIN}
- SYSADMIN_EMAIL=${SYSADMIN_EMAIL}
- HTTPS_PORT=${HTTPS_PORT:-443}
- NODE_OPTIONS=${SERVICE_NODE_OPTIONS:-}
# Prepare libpq connection env vars, while handling legacy DB_* vars.
# Resolution order:
# 1. PGVAR specified in .env. This includes declarations with empty values, for instance, to use an empty password (PGPASSWORD=).
# 2. Corresponding legacy DB_VAR in .env. These are legacy overrides for custom database connections.
# 3. ODK default value.
- PGHOST=${PGHOST-${DB_HOST:-postgres14}}
- PGDATABASE=${PGDATABASE-${DB_NAME:-odk}}
- PGUSER=${PGUSER-${DB_USER:-odk}}
- PGPASSWORD=${PGPASSWORD-${DB_PASSWORD:-odk}}
- PGAPPNAME=${PGAPPNAME-odkcentral}
# End of libpq connection env var preparation.
- DB_POOL_SIZE=${DB_POOL_SIZE:-10}
- EMAIL_FROM=${EMAIL_FROM:-no-reply@$DOMAIN}
- EMAIL_HOST=${EMAIL_HOST:-mail}
Expand Down
18 changes: 0 additions & 18 deletions files/service/scripts/start-odk.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,24 +17,6 @@ SENTRY_TAGS="{ \"version.central\": \"$(cat sentry-versions/central)\", \"versio
# shellcheck disable=SC2090
export SENTRY_TAGS

# handle legacy DB_SSL configuration, as we couldn't conditionally template that in docker-compose.yml
if [[ -v DB_SSL && "${DB_SSL}" = "true" ]]; then
if [[ -v PGSSLMODE && -v PGREQUIRESSL ]]; then
export PGSSLMODE="require"
else
echo "Fatal: legacy 'DB_SSL=true' specified, but PGSSLMODE or PGREQUIRESSL has already been set. To resolve ambiguity, remove 'DB_SSL=true' from your .env file." > /dev/stderr
exit 100
fi
fi

# handle other legacy DB_* configuration, and fill in our defaults if nothing is specified
# When these PG* variables are _defined_ (even if _empty_), they will be left as-is.
[[ -v PGHOST ]] || export PGHOST=${DB_HOST:-postgres14}
[[ -v PGUSER ]] || export PGUSER=${DB_USER:-odk}
[[ -v PGPASSWORD ]] || export PGPASSWORD=${DB_PASSWORD:-odk}
[[ -v PGDATABASE ]] || export PGDATABASE=${DB_NAME:-odk}
[[ -v PGAPPNAME ]] || export PGAPPNAME=odkcentral

echo "waiting for PostgreSQL to become connectable to..."
while ! (psql --no-password --quiet --command "" > /dev/null 2>&1 || (echo "sleeping 1 second waiting for a database connection"; false)); do sleep 1; done

Expand Down
2 changes: 1 addition & 1 deletion server
Open in desktop
Submodule server updated 12 files
+68 −0 docs/api.yaml
+4 −4 lib/external/s3.js
+6 −2 lib/model/query/submission-attachments.js
+17 −2 lib/resources/submissions.js
+1 −3 lib/task/fs.js
+8 −3 lib/util/blob.js
+2 −2 lib/util/http.js
+6 −0 lib/util/stream.js
+156 −0 test/integration/api/app-users.js
+57 −0 test/integration/api/forms/forms.js
+204 −2 test/integration/api/submissions.js
+17 −0 test/integration/task/fs.js
2 changes: 2 additions & 0 deletions service.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(grep -oP 'VERSION_CODEN
| gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg


ARG DB_SSL
RUN [[ -v DB_SSL ]] && (echo '\n\n\n\n\nYou have the "DB_SSL" variable defined (in your .env file, probably).\nThis variable is no longer supported from Central 2026.1 onwards.\nThere is a new way of configuring SSL for your database, please see:\n\nhttps://docs.getodk.org/central-install-digital-ocean/#using-a-custom-database-server\n\nPlease refer to the Central 2026.1.0 release notes for more information on this change.\n\n\n\n\n'; exit 13) || true

FROM node:${node_version}-slim AS intermediate
RUN apt-get update \
Expand Down