cuddly-finland-73937
09/27/2023, 2:58 AMConfig.yml
instead of using the MONGODB_URI
environment variable.helpful-application-7107
09/27/2023, 4:18 PMcuddly-finland-73937
09/27/2023, 4:55 PMhelpful-application-7107
09/27/2023, 6:33 PMcuddly-finland-73937
09/27/2023, 10:27 PMFROM growthbook/growthbook:2.4.0
ENV GBHOME=/usr/local/src/app
WORKDIR $GBHOME
RUN apt-get update && \
apt-get install -y curl telnet && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN wget <https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem>
EXPOSE 3000
EXPOSE 3100
That image will be put in ECR. There is no way to formulate the MONGODB_URL
with the values that are only available in AWS secrets or in the VM. So I am stuck duplicating the other "secrets" in a MOGODB_URL
or overriding the ENTRYPOINT
and formulating it in that script and then calling yarn start
manually. A downside of this is that variable would only be available in the context of that start script and not to the environment. This also has an unfortunate side effect of breaking password rotation too unless I build something that will update MONGODB_URI
in secrets when ever the DB password rotates.
If I could specify a config file with mongo settings that would compose/resolve environment variables at runtime it would be SO much easier to get this running in ECS Fargate. I think it is similar a story for APP_ORIGIN
and API_HOST
. I want to have the same ECR image that can run in various environments like dev, production, staging and resolve the configuration from the environment variables and not put secure stuff in ECR image or need to duplicate secrets in the secrets store.ENV MONGODB_URI="mongodb://${DOC_DB_USER}:${DOC_DB_PASSWORD}@${DOC_DB_HOSTNAME}:27017/growthbook?authSource=admin&directConnection=true&serverSelectionTimeoutMS=5000&tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=%2Fusr%2Flocal%2Fsrc%2Fapp%2Fglobal-bundle.pem&retryWrites=False"
Plus the need to URL escape stuff is an issue.if (!MONGODB_URI) {
here it would be nice if there were a way to call a bash script (or something) that could pass it or some other way to provide the needed credentials before it fall through to throw new Error("Missing MONGODB_URI environment variable");
export let MONGODB_URI = process.env.MONGODB_URI;
// If MONGODB_URI is not set
if (!MONGODB_URI) {
const scriptPath = "/somepath/getMongoCredentials.sh";
// Check if the script exists
if (fs.existsSync(scriptPath)) {
try {
// Execute the shell script and capture the output
const output = execSync(scriptPath, { encoding: 'utf8' });
// Check the exit code (implicitly, as execSync would throw an error on non-zero exit code)
// and if the output contains only one line
if (output.trim().split('\n').length === 1) {
MONGODB_URI = output.trim();
}
} catch (error) {
console.error(`Error executing ${scriptPath}:`, error);
}
}
}
// If MONGODB_URI is still not set, throw an error
if (!MONGODB_URI) {
throw new Error("Missing MONGODB_URI environment variable or failed to retrieve from script");
}
helpful-application-7107
09/28/2023, 4:01 PM