marcel/familienarchiv
1
0
Fork 0
Code Issues 118 Pull Requests 2 Actions 4 Packages Projects Releases Wiki Activity

fix(compose): require IMPORT_HOST_DIR, no default

Browse Source 
Tobias and Markus both flagged that a shared default (/srv/familienarchiv/
import) invites silent collision when staging and prod cohabit one host.
Switch to ${IMPORT_HOST_DIR:?...} so compose refuses to start without an
explicit per-env path — collision becomes structurally impossible.

The error message points operators at docs/DEPLOYMENT.md so the recovery
step is one click away. IMPORT_HOST_DIR moves from "Optional" to the
main required-env-vars block in the header.

Addresses review feedback from Markus, Tobias, and Nora on #526.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-11 20:03:57 +02:00
parent ff20721dee
commit cdb5db6c68
1 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docker-compose.prod.yml
View File

@@ -26,14 +26,15 @@
# MAIL_HOST, MAIL_PORT, SMTP relay (production only; staging uses mailpit) # MAIL_HOST, MAIL_PORT, SMTP relay (production only; staging uses mailpit)
# MAIL_USERNAME, MAIL_PASSWORD # MAIL_USERNAME, MAIL_PASSWORD
# APP_MAIL_FROM sender address (e.g. noreply@raddatz.cloud) # APP_MAIL_FROM sender address (e.g. noreply@raddatz.cloud)
# # IMPORT_HOST_DIR absolute host path holding ONLY the ODS
# Optional env vars: # spreadsheet and PDFs for /admin/system mass
# IMPORT_HOST_DIR absolute host path holding the ODS spreadsheet # import — mounted read-only at /import inside
# and PDFs for /admin/system mass import. Mounted # the backend. Compose refuses to start when
# read-only at /import inside the backend. # this var is unset, so staging and prod cannot
# Defaults to /srv/familienarchiv/import. When the # accidentally share an import source. Must be
# path is empty the import API simply reports # readable by the backend container's UID
# "no spreadsheet found" — no crash. # (currently root via the OpenJDK image — any
# world-readable directory works).
networks: networks:
archiv-net: archiv-net:
@@ -183,10 +184,10 @@ services:
- "127.0.0.1:${PORT_BACKEND}:8080" - "127.0.0.1:${PORT_BACKEND}:8080"
# Host path holding the ODS spreadsheet + PDFs for the mass-import endpoint. # Host path holding the ODS spreadsheet + PDFs for the mass-import endpoint.
# Read-only; MassImportService only reads (Files.list / Files.walk on /import). # Read-only; MassImportService only reads (Files.list / Files.walk on /import).
# Outside the compose working dir on purpose — that dir is recreated per CI # Required — no default — so staging and prod cannot accidentally share an
# deploy. See IMPORT_HOST_DIR in the header for the env-var contract. # import source. CI workflows pin this per-env (see .gitea/workflows/).
volumes: volumes:
- ${IMPORT_HOST_DIR:-/srv/familienarchiv/import}:/import:ro - ${IMPORT_HOST_DIR:?Set IMPORT_HOST_DIR to a host path holding the mass-import payload (ODS + PDFs). See docs/DEPLOYMENT.md.}:/import:ro
environment: environment:
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/archiv SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/archiv
SPRING_DATASOURCE_USERNAME: archiv SPRING_DATASOURCE_USERNAME: archiv