-
-
Notifications
You must be signed in to change notification settings - Fork 796
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Added support for _FILE pattern in Docker Compose secrets #3781
base: mealie-next
Are you sure you want to change the base?
feat: Added support for _FILE pattern in Docker Compose secrets #3781
Conversation
Note - in the documentation I added a presumption that this would be available in |
Hold on this - there may be a permissions issue accessing the secrets during an entrypoint script. I'm doing some more testing. |
Was this ever incorporated? Current documentation doesn't seem to make sense and this is more standard with other Docker Compose files... |
This PR is stale because it has been open 45 days with no activity. |
I tested this PR and it works. Currently missing is the new variable This PR makes this commit 65ece35 kind of obsolete and I would pretty much remove the things being done there. No "secrets folder" should be created by mealie, the secrets.py could should just read. It would be up for discussion whether secrets should be read in the entry.sh (as done here in this PR) or in Python. In Python I have done it in the past like so: https://github.com/tiredofit/docker-traefik-cloudflare-companion/pull/61/files as an alternative for the entry.sh it could also be done like so: https://github.com/bropat/eufy-security-ws/pull/309/files, but it is very similar to the code in this PR. If you want to test this PR, this is very easy - just add the "custom" entry.sh via volume mount - actually you don't need to change anything else in mealie for now (until
The secrets you need to configure like in the new documentation of course, but in short I am doing it like so: #4423 |
Merged to current version here: https://github.com/DennisGaida/mealie/tree/docker-secrets, but since this isn't my PR I can't add changes or I don't know how.
Besides that this is mergeable |
@DennisGaida you should be able to fork and raise your own PR, I'm not sure if you're able to edit this one. |
Hi everyone, I was playing with docker secrets and I can tell the stuff in the doc is not working and provide very little information. Having a "_FILE" system in the entrypoint is pretty much the standard anyway.
If it is only a matter of forking this branch, rebase it on top of what have been done so far and open a new PR I can make it but I don't want to steal other people's work here. @DennisGaida is it still something you are currently working on ? Did you give up ? How is it going so far ? |
@RMI78 didnt have the time yet, but yes I would do exactly what you are proposing. if you need this feature now, check how I override stuff with the volume mount. You can have _FILE secrets right now. |
@DennisGaida I have been busy lately but now am pretty much done with the code, about to PR with updated env variable. I just want to clarify some stuff. You said something like:
And I don't get any of this. Is it because things have drastically changed over the past months ? Why should I mount that today, where is the app.sh ? I also though about adding some values to my PR by actually getting rid of changes made in 65ece35 but I guess this is something that will be discussed with the dev in another PR |
I don't know how things have changed after this PR was created. That is exactly what needs to be checked when raising another PR that may be merged. I also don't know about any Why you should mount that today: You shouldn't if done correctly (i.e. PR being merged), but you CAN mount the file from this PR directly as I proposed for testing purposes since it just works like that out of the box. This is what I have been doing. Using the |
What type of PR is this?
Provides backwards-compatible support for the
_FILE
standard for Docker Compose secrets, per the secrets documentation:https://docs.docker.com/compose/use-secrets/
What this PR does / why we need it:
Please refer to discussion #3773
Which issue(s) this PR fixes:
N/A - was recommended to submit a PR without an Issue by maintainers.
Special notes for your reviewer:
This also updates the documentation with best-practices and examples. This should be fully backwards-compatible with any existing Mealie install, as the method of implementation is to simply override the existing variable if a
_FILE
variable exists.The documentation changes explain this in further detail.
Testing
Only the entrypoint has been modified. If you wish to test this locally in a
bash
environment without creating a full container, copy the addedload_secrets
function into a session and test the various_FILE
capabilities by setting file data and running the function:Alternatively, here is a
docker-compose
configuration for your convenience in testing (from thedocker
folder (note - I was having permissions issues with thedocker-compose.yml
that already existed in thedocker
directory, but I presume y'all use it successfully, so this is derived from that, but not tested directly):If this
docker-compose.yml
configuration is used, make sure to run the generation of thesecrets
directory and associate files, before. This does not comprehensively test all available_FILE
additions, but should prove concept.