soroushdes/HokmPlay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deploy): don't let docker compose build require runtime JWT_KEY
CI/CD / CI - API (dotnet build + engine sim) (push) Successful in 5m58s
Details
CI/CD / CI - Web (tsc + next build) (push) Successful in 1m5s
Details
CI/CD / Deploy - local stack (db + server + web) (push) Has been cancelled
Details

Browse Source 
docker compose build interpolates the whole file, so the ${JWT_KEY:?} guard
failed the build step when ENV_FILE lacked JWT_KEY. Default it empty (${JWT_KEY:-})
so build/db steps succeed, and enforce the secret at runtime instead: the server
throws on boot in Production if Jwt:Key is missing/dev/<32 chars.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-07 00:41:26 +03:30
parent ed3e11b64b
commit 0847d2c7cf
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+4 -1
View File
@@ -44,7 +44,10 @@ services:
ASPNETCORE_URLS: http://0.0.0.0:5005
Database__Provider: postgres
ConnectionStrings__Default: "Host=db;Port=5432;Database=hokm;Username=hokm;Password=${POSTGRES_PASSWORD:-hokm_dev_pass}"
Jwt__Key: ${JWT_KEY:?set JWT_KEY in .env}
# Default empty so `docker compose build` (which interpolates the whole file)
# never blocks on a runtime-only secret. The server REFUSES to boot in
# Production with a missing/dev key (see Program.cs guard).
Jwt__Key: ${JWT_KEY:-}
Jwt__Issuer: ${JWT_ISSUER:-hokm}
Jwt__Audience: ${JWT_AUDIENCE:-hokm-clients}
# Comma-separated origins the browser uses to reach the web app.