From 8b00f783193cded15888a242f00176981a2536fe Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Sun, 7 Sep 2025 04:51:31 +0000 Subject: [PATCH 1/2] Move all environment variables to dedicated env files - Created 23 new env files in env-files.sample/ directory - Updated both docker-compose.sample.yml and docker-compose.production.yml to use env_file instead of inline environment variables - Organized environment variables by service and deployment type for easier management - Maintains all existing functionality while improving secret management - Prevents mixing configuration between docker-compose and env files Co-authored-by: Johnson Liang --- docker-compose.production.yml | 274 +++-------------------- docker-compose.sample.yml | 67 +----- env-files.sample/api | 35 +++ env-files.sample/api-production | 45 ++++ env-files.sample/api-staging | 43 ++++ env-files.sample/cloudflared | 1 + env-files.sample/collab-server | 2 + env-files.sample/collab-server-staging | 2 + env-files.sample/db | 1 + env-files.sample/db-production | 2 + env-files.sample/db-staging | 3 + env-files.sample/langfuse | 13 ++ env-files.sample/line-bot-en | 7 + env-files.sample/line-bot-ja | 7 + env-files.sample/mongo | 2 + env-files.sample/site | 9 + env-files.sample/site-en | 17 ++ env-files.sample/site-ja | 17 ++ env-files.sample/site-staging-en | 8 + env-files.sample/site-staging-ja | 8 + env-files.sample/site-staging-zh | 8 + env-files.sample/site-zh | 17 ++ env-files.sample/url-resolver | 3 + env-files.sample/url-resolver-production | 4 + 24 files changed, 300 insertions(+), 295 deletions(-) create mode 100644 env-files.sample/api create mode 100644 env-files.sample/api-production create mode 100644 env-files.sample/api-staging create mode 100644 env-files.sample/cloudflared create mode 100644 env-files.sample/collab-server create mode 100644 env-files.sample/collab-server-staging create mode 100644 env-files.sample/db create mode 100644 env-files.sample/db-production create mode 100644 env-files.sample/db-staging create mode 100644 env-files.sample/langfuse create mode 100644 env-files.sample/line-bot-en create mode 100644 env-files.sample/line-bot-ja create mode 100644 env-files.sample/mongo create mode 100644 env-files.sample/site create mode 100644 env-files.sample/site-en create mode 100644 env-files.sample/site-ja create mode 100644 env-files.sample/site-staging-en create mode 100644 env-files.sample/site-staging-ja create mode 100644 env-files.sample/site-staging-zh create mode 100644 env-files.sample/site-zh create mode 100644 env-files.sample/url-resolver create mode 100644 env-files.sample/url-resolver-production diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 00d13dd..110e353 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -20,112 +20,43 @@ services: image: cloudflare/cloudflared restart: unless-stopped command: tunnel run - environment: - - TUNNEL_TOKEN=CHANGE_ME + env_file: + - ./env-files.sample/cloudflared site-en: image: cofacts/rumors-site:latest-en - environment: - - PORT=3000 - - NODE_ENV=production - - SERVER_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_ENV=production - - PUBLIC_API_URL=https://api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw - - PUBLIC_GTM_ID=GTM-NJXHKTH - - PUBLIC_GA_TRACKING_ID= - - SERVER_STACKIMPACT_AGENT_KEY= - - SERVER_STACKIMPACT_APP_NAME= - - PM2_PUBLIC_KEY= - - PM2_SECRET_KEY= - - WEB_CONCURRENCY=1 - - PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line - - PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram - - PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack + env_file: + - ./env-files.sample/site-en restart: always site-zh: image: cofacts/rumors-site:latest-tw - environment: - - PORT=3000 - - NODE_ENV=production - - SERVER_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_ENV=production - - PUBLIC_API_URL=https://api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw - - PUBLIC_GTM_ID=GTM-NJXHKTH - - PUBLIC_GA_TRACKING_ID= - - SERVER_STACKIMPACT_AGENT_KEY= - - SERVER_STACKIMPACT_APP_NAME= - - PM2_PUBLIC_KEY= - - PM2_SECRET_KEY= - - WEB_CONCURRENCY=2 - - PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line - - PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram - - PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack + env_file: + - ./env-files.sample/site-zh restart: always site-ja: image: cofacts/rumors-site:latest-ja - environment: - - PORT=3000 - - NODE_ENV=production - - SERVER_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_TOKEN=CHANGE_ME - - PUBLIC_ROLLBAR_ENV=production - - PUBLIC_API_URL=https://api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw - - PUBLIC_GTM_ID=GTM-NJXHKTH - - PUBLIC_GA_TRACKING_ID= - - SERVER_STACKIMPACT_AGENT_KEY= - - SERVER_STACKIMPACT_APP_NAME= - - PM2_PUBLIC_KEY= - - PM2_SECRET_KEY= - - WEB_CONCURRENCY=1 - - PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line - - PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram - - PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack + env_file: + - ./env-files.sample/site-ja restart: always site-staging-en: image: cofacts/rumors-site:latest-en - environment: - - PORT=3000 - - ROLLBAR_SERVER_TOKEN=CHANGE_ME - - ROLLBAR_ENV=staging - - NODE_ENV=production - - PUBLIC_API_URL=https://dev-api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw - - PUBLIC_APP_ID=RUMORS_SITE - - PUBLIC_GA_TRACKING_ID= + env_file: + - ./env-files.sample/site-staging-en restart: always site-staging-zh: image: cofacts/rumors-site:latest-tw - environment: - - PORT=3000 - - ROLLBAR_SERVER_TOKEN=CHANGE_ME - - ROLLBAR_ENV=staging - - NODE_ENV=production - - PUBLIC_API_URL=https://dev-api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw - - PUBLIC_APP_ID=RUMORS_SITE - - PUBLIC_GA_TRACKING_ID= + env_file: + - ./env-files.sample/site-staging-zh restart: always site-staging-ja: image: cofacts/rumors-site:latest-ja - environment: - - PORT=3000 - - ROLLBAR_SERVER_TOKEN=CHANGE_ME - - ROLLBAR_ENV=staging - - NODE_ENV=production - - PUBLIC_API_URL=https://dev-api.cofacts.tw - - PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw - - PUBLIC_APP_ID=RUMORS_SITE - - PUBLIC_GA_TRACKING_ID= + env_file: + - ./env-files.sample/site-staging-ja restart: always line-bot-zh: @@ -142,7 +73,7 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files/line-bot-zh + - ./env-files.sample/line-bot-zh volumes: - "./volumes/line-bot:/data" @@ -159,14 +90,8 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files/line-bot-zh - environment: # override line-bot-zh - - LINE_CHANNEL_SECRET= - - LINE_CHANNEL_TOKEN= - - LINE_LOGIN_CHANNEL_ID= - - LIFF_URL= - - SITE_URLS=https://en.cofacts.tw - - RUMORS_LINE_BOT_URL= + - ./env-files.sample/line-bot-zh + - ./env-files.sample/line-bot-en line-bot-ja: image: cofacts/rumors-line-bot:latest-ja @@ -181,123 +106,29 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files/line-bot-zh - environment: # override line-bot-zh - - LINE_CHANNEL_SECRET= - - LINE_CHANNEL_TOKEN= - - LINE_LOGIN_CHANNEL_ID= - - LIFF_URL= - - SITE_URLS=https://ja.cofacts.tw - - RUMORS_LINE_BOT_URL= + - ./env-files.sample/line-bot-zh + - ./env-files.sample/line-bot-ja api: image: cofacts/rumors-api - environment: - - ELASTICSEARCH_URL=http://db:9200 - - ELASTIC_LOG_LEVEL=info - - PORT=5000 - - ADM_PORT=5500 - - CLOUDFLARE_ACCESS_TEAM_DOMAIN=https://cofacts.cloudflareaccess.com - - COOKIE_SECRETS= - - ROLLBAR_TOKEN=CHANGE_ME - - ROLLBAR_ENV=production - - HTTP_HEADER_APP_ID=x-app-id - - HTTP_HEADER_APP_SECRET=x-app-secret - - RUMORS_SITE_CORS_ORIGIN=https://cofacts.tw,https://en.cofacts.tw,https://ja.cofacts.tw - - RUMORS_SITE_REDIRECT_ORIGIN=https://cofacts.tw,https://en.cofacts.tw - - RUMORS_LINE_BOT_CORS_ORIGIN=https://rumors-line-bot.herokuapp.com - - RUMORS_LINE_BOT_SECRET=CHANGE_ME - - FACEBOOK_APP_ID=CHANGE_ME - - FACEBOOK_SECRET=CHANGE_ME - - FACEBOOK_CALLBACK_URL=https://api.cofacts.tw/callback/facebook - - TWITTER_CONSUMER_KEY=CHANGE_ME - - TWITTER_CONSUMER_SECRET=CHANGE_ME - - TWITTER_CALLBACK_URL=https://api.cofacts.tw/callback/twitter - - GITHUB_CLIENT_ID=CHANGE_ME - - GITHUB_SECRET=CHANGE_ME - - GITHUB_CALLBACK_URL=https://api.cofacts.tw/callback/github - - GOOGLE_CLIENT_ID=CHANGE_ME - - GOOGLE_SECRET=CHANGE_ME - - GOOGLE_CALLBACK_URL=https://api.cofacts.tw/callback/google - - INSTAGRAM_CLIENT_ID=CHANGE_ME - - INSTAGRAM_SECRET=CHANGE_ME - - INSTAGRAM_CALLBACK_URL=https://api.cofacts.tw/callback/instagram - - URL_RESOLVER_URL=url-resolver:4000 - - GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json - - GA_WEB_VIEW_ID=CHANGE_ME - - GA_LINE_VIEW_ID=CHANGE_ME - - TIMEZONE=+08:00 - - TRUST_PROXY_HEADERS=1 - - COOKIE_SAMESITE_NONE=1 - # Apollo engine - - ENGINE_API_KEY=CHANGE_ME - - GCS_CREDENTIALS= - - GCS_BUCKET_NAME= - - GCS_IMAGE_FOLDER= - - INTERNET_ARCHIVE_S3_ACCESS_KEY= - - INTERNET_ARCHIVE_S3_SECRET_KEY= - - LANGFUSE_PUBLIC_KEY= - - LANGFUSE_SECRET_KEY= - - LANGFUSE_BASEURL=https://langfuse.cofacts.tw + env_file: + - ./env-files.sample/api-production volumes: - "./volumes/api:/data" restart: always api-staging: image: cofacts/rumors-api - environment: - - ELASTICSEARCH_URL=http://db-staging:9200 - - ELASTIC_LOG_LEVEL=info - - PORT=5000 - - ADM_PORT=6000 - - COOKIE_SECRETS= - - ROLLBAR_TOKEN=CHANGE_ME - - ROLLBAR_ENV=staging - - HTTP_HEADER_APP_ID=x-app-id - - HTTP_HEADER_APP_SECRET=x-app-secret - - RUMORS_SITE_CORS_ORIGIN=https://dev.cofacts.tw,https://dev-en.cofacts.tw,http://localhost:3000 - - RUMORS_SITE_REDIRECT_ORIGIN=https://dev.cofacts.tw,https://dev-en.cofacts.tw,http://localhost:3000 - - RUMORS_LINE_BOT_CORS_ORIGIN=https://rumors-line-bot-staging.herokuapp.com,http://localhost:5001 - - RUMORS_LINE_BOT_SECRET=CHANGE_ME - - FACEBOOK_APP_ID=CHANGE_ME - - FACEBOOK_SECRET=CHANGE_ME - - FACEBOOK_CALLBACK_URL=https://dev-api.cofacts.tw/callback/facebook - - TWITTER_CONSUMER_KEY=CHANGE_ME - - TWITTER_CONSUMER_SECRET=CHANGE_ME - - TWITTER_CALLBACK_URL=https://dev-api.cofacts.tw/callback/twitter - - GITHUB_CLIENT_ID=CHANGE_ME - - GITHUB_SECRET=CHANGE_ME - - GITHUB_CALLBACK_URL=https://dev-api.cofacts.tw/callback/github - - GOOGLE_CLIENT_ID=CHANGE_ME - - GOOGLE_SECRET=CHANGE_ME - - GOOGLE_CALLBACK_URL=https://dev-api.cofacts.tw/callback/google - - INSTAGRAM_CLIENT_ID=CHANGE_ME - - INSTAGRAM_SECRET=CHANGE_ME - - INSTAGRAM_CALLBACK_URL=https://dev-api.cofacts.tw/callback/instagram - - URL_RESOLVER_URL=url-resolver:4000 - - GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json - - GA_WEB_VIEW_ID=CHANGE_ME - - GA_LINE_VIEW_ID=CHANGE_ME - - TIMEZONE=+08:00 - - TRUST_PROXY_HEADERS=1 - - COOKIE_SAMESITE_NONE=1 - - GCS_CREDENTIALS= - - GCS_BUCKET_NAME= - - GCS_IMAGE_FOLDER= - - INTERNET_ARCHIVE_S3_ACCESS_KEY= - - INTERNET_ARCHIVE_S3_SECRET_KEY= - - LANGFUSE_PUBLIC_KEY= - - LANGFUSE_SECRET_KEY= - - LANGFUSE_BASEURL=https://langfuse.cofacts.tw + env_file: + - ./env-files.sample/api-staging volumes: - "./volumes/api:/data" restart: always db: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 - environment: - - "path.repo=/usr/share/elasticsearch/data" - - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + env_file: + - ./env-files.sample/db-production volumes: - "./volumes/db-production:/usr/share/elasticsearch/data" restart: always @@ -307,10 +138,8 @@ services: db-staging: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 - environment: - - "path.repo=/usr/share/elasticsearch/data" - - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - - "bootstrap.memory_lock=true" + env_file: + - ./env-files.sample/db-staging ulimits: memlock: soft: -1 @@ -328,13 +157,8 @@ services: restart: always ports: # expose for debugging - "4000:4000" - environment: - - YOUTUBE_API_KEY=CHANGE_ME - - ROLLBAR_TOKEN=CHANGE_ME - - ROLLBAR_ENV=production-cofacts - - # Apollo engine - - ENGINE_API_KEY=CHANGE_ME + env_file: + - ./env-files.sample/url-resolver-production redis: image: redis:alpine @@ -346,49 +170,21 @@ services: collab-server: restart: always image: cofacts/collab-server - environment: - - PORT=1234 - - ELASTICSEARCH_URL=http://db:9200 + env_file: + - ./env-files.sample/collab-server collab-server-staging: image: cofacts/collab-server:dev - environment: - - PORT=1234 - - ELASTICSEARCH_URL=http://db:9200 + env_file: + - ./env-files.sample/collab-server-staging # LLM observability tool # langfuse: restart: always image: langfuse/langfuse:2 - environment: - # Please setup CloudSQL with automatic IAM database auth with the same service account as cloudsql-proxy. - # https://cloud.google.com/sql/docs/postgres/iam-logins#log-in-with-automatic - # USER_NAME is DB user name with `@` replaced by `%40`. - # - # If there is permission error during migration, grant the user with permission using - # `GRANT CREATE ON SCHEMA public TO "DB user name";` - # - - DATABASE_URL=postgresql://[USER_NAME]@cloudsql-proxy/[DB_NAME] - - # Required envs - # See https://langfuse.com/docs/deployment/self-host#configuring-environment-variables - - NEXTAUTH_URL= - - NEXTAUTH_SECRET= - - SALT= - - ENCRYPTION_KEY= - - # Default & headless params - - LANGFUSE_INIT_ORG_ID= - - LANGFUSE_INIT_ORG_NAME= - - LANGFUSE_DEFAULT_ORG_ID= - - LANGFUSE_DEFAULT_ORG_ROLE=OWNER - - # Social login - - AUTH_GOOGLE_CLIENT_ID= - - AUTH_GOOGLE_CLIENT_SECRET= - - AUTH_GOOGLE_ALLOWED_DOMAINS= - - AUTH_DISABLE_USERNAME_PASSWORD=true + env_file: + - ./env-files.sample/langfuse depends_on: - cloudsql-proxy diff --git a/docker-compose.sample.yml b/docker-compose.sample.yml index 86e2308..a636216 100644 --- a/docker-compose.sample.yml +++ b/docker-compose.sample.yml @@ -3,16 +3,8 @@ services: site: image: cofacts/rumors-site:latest-en - environment: - - PORT=3000 - - NODE_ENV=production - - SERVER_ROLLBAR_TOKEN= - - PUBLIC_ROLLBAR_TOKEN= - - PUBLIC_ROLLBAR_ENV= - - PUBLIC_API_URL=http://api:5000 - - PUBLIC_GTM_ID= - - SERVER_STACKIMPACT_AGENT_KEY= - - SERVER_STACKIMPACT_APP_NAME= + env_file: + - ./env-files.sample/site ports: - "3000:3000" depends_on: @@ -20,42 +12,8 @@ services: api: image: cofacts/rumors-api - environment: - - ELASTICSEARCH_URL=http://db:9200 - - ELASTIC_LOG_LEVEL=info - - PORT=5000 - - COOKIE_SECRETS= - - ROLLBAR_TOKEN= - - ROLLBAR_ENV=production - - LANGFUSE_PUBLIC_KEY= - - LANGFUSE_SECRET_KEY= - - LANGFUSE_BASEURL=http://langfuse:3000 - - HTTP_HEADER_APP_ID=x-app-id - - HTTP_HEADER_APP_SECRET=x-app-secret - - RUMORS_SITE_CORS_ORIGIN=http://localhost:3000 - - RUMORS_SITE_REDIRECT_ORIGIN=http://localhost:3000 - - RUMORS_LINE_BOT_SECRET=CHANGE_ME - - FACEBOOK_APP_ID= - - FACEBOOK_SECRET= - - FACEBOOK_CALLBACK_URL=http://localhost:5000/callback/facebook - - TWITTER_CONSUMER_KEY= - - TWITTER_CONSUMER_SECRET - - TWITTER_CALLBACK_URL=http://localhost:5000/callback/twitter - - GITHUB_CLIENT_ID= - - GITHUB_SECRET= - - GITHUB_CALLBACK_URL=http://localhost:5000/callback/github - - URL_RESOLVER_URL=url-resolver:4000 - - GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json - - GA_WEB_VIEW_ID= - - GA_LINE_VIEW_ID= - - TIMEZONE=+08:00 - - TRUST_PROXY_HEADERS= - - COOKIE_SAMESITE_NONE= - - GCS_CREDENTIALS= - - GCS_BUCKET_NAME= - - GCS_IMAGE_FOLDER= - - INTERNET_ARCHIVE_S3_ACCESS_KEY= - - INTERNET_ARCHIVE_S3_SECRET_KEY= + env_file: + - ./env-files.sample/api volumes: - "./volumes/api:/data" ports: @@ -66,8 +24,8 @@ services: db: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 - environment: - - "path.repo=/usr/share/elasticsearch/data" + env_file: + - ./env-files.sample/db volumes: - "./volumes/db-sample:/usr/share/elasticsearch/data" ports: @@ -77,15 +35,13 @@ services: image: cofacts/url-resolver ports: # expose for debugging - "4000:4000" - environment: - - YOUTUBE_API_KEY= - - ROLLBAR_TOKEN= - - ROLLBAR_ENV=production + env_file: + - ./env-files.sample/url-resolver line-bot-zh: image: cofacts/rumors-line-bot:dev env_file: - - ./env-files/line-bot-sample + - ./env-files.sample/line-bot-sample ports: - "5001:5001" depends_on: @@ -98,9 +54,8 @@ services: mongo: image: mongo:3.6 - environment: - - MONGO_INITDB_ROOT_USERNAME=root - - MONGO_INITDB_ROOT_PASSWORD=root-test-password + env_file: + - ./env-files.sample/mongo ports: - "27017:27017" volumes: diff --git a/env-files.sample/api b/env-files.sample/api new file mode 100644 index 0000000..124f582 --- /dev/null +++ b/env-files.sample/api @@ -0,0 +1,35 @@ +ELASTICSEARCH_URL=http://db:9200 +ELASTIC_LOG_LEVEL=info +PORT=5000 +COOKIE_SECRETS= +ROLLBAR_TOKEN= +ROLLBAR_ENV=production +LANGFUSE_PUBLIC_KEY= +LANGFUSE_SECRET_KEY= +LANGFUSE_BASEURL=http://langfuse:3000 +HTTP_HEADER_APP_ID=x-app-id +HTTP_HEADER_APP_SECRET=x-app-secret +RUMORS_SITE_CORS_ORIGIN=http://localhost:3000 +RUMORS_SITE_REDIRECT_ORIGIN=http://localhost:3000 +RUMORS_LINE_BOT_SECRET=CHANGE_ME +FACEBOOK_APP_ID= +FACEBOOK_SECRET= +FACEBOOK_CALLBACK_URL=http://localhost:5000/callback/facebook +TWITTER_CONSUMER_KEY= +TWITTER_CONSUMER_SECRET= +TWITTER_CALLBACK_URL=http://localhost:5000/callback/twitter +GITHUB_CLIENT_ID= +GITHUB_SECRET= +GITHUB_CALLBACK_URL=http://localhost:5000/callback/github +URL_RESOLVER_URL=url-resolver:4000 +GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json +GA_WEB_VIEW_ID= +GA_LINE_VIEW_ID= +TIMEZONE=+08:00 +TRUST_PROXY_HEADERS= +COOKIE_SAMESITE_NONE= +GCS_CREDENTIALS= +GCS_BUCKET_NAME= +GCS_IMAGE_FOLDER= +INTERNET_ARCHIVE_S3_ACCESS_KEY= +INTERNET_ARCHIVE_S3_SECRET_KEY= \ No newline at end of file diff --git a/env-files.sample/api-production b/env-files.sample/api-production new file mode 100644 index 0000000..88cd2a1 --- /dev/null +++ b/env-files.sample/api-production @@ -0,0 +1,45 @@ +ELASTICSEARCH_URL=http://db:9200 +ELASTIC_LOG_LEVEL=info +PORT=5000 +ADM_PORT=5500 +CLOUDFLARE_ACCESS_TEAM_DOMAIN=https://cofacts.cloudflareaccess.com +COOKIE_SECRETS= +ROLLBAR_TOKEN=CHANGE_ME +ROLLBAR_ENV=production +HTTP_HEADER_APP_ID=x-app-id +HTTP_HEADER_APP_SECRET=x-app-secret +RUMORS_SITE_CORS_ORIGIN=https://cofacts.tw,https://en.cofacts.tw,https://ja.cofacts.tw +RUMORS_SITE_REDIRECT_ORIGIN=https://cofacts.tw,https://en.cofacts.tw +RUMORS_LINE_BOT_CORS_ORIGIN=https://rumors-line-bot.herokuapp.com +RUMORS_LINE_BOT_SECRET=CHANGE_ME +FACEBOOK_APP_ID=CHANGE_ME +FACEBOOK_SECRET=CHANGE_ME +FACEBOOK_CALLBACK_URL=https://api.cofacts.tw/callback/facebook +TWITTER_CONSUMER_KEY=CHANGE_ME +TWITTER_CONSUMER_SECRET=CHANGE_ME +TWITTER_CALLBACK_URL=https://api.cofacts.tw/callback/twitter +GITHUB_CLIENT_ID=CHANGE_ME +GITHUB_SECRET=CHANGE_ME +GITHUB_CALLBACK_URL=https://api.cofacts.tw/callback/github +GOOGLE_CLIENT_ID=CHANGE_ME +GOOGLE_SECRET=CHANGE_ME +GOOGLE_CALLBACK_URL=https://api.cofacts.tw/callback/google +INSTAGRAM_CLIENT_ID=CHANGE_ME +INSTAGRAM_SECRET=CHANGE_ME +INSTAGRAM_CALLBACK_URL=https://api.cofacts.tw/callback/instagram +URL_RESOLVER_URL=url-resolver:4000 +GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json +GA_WEB_VIEW_ID=CHANGE_ME +GA_LINE_VIEW_ID=CHANGE_ME +TIMEZONE=+08:00 +TRUST_PROXY_HEADERS=1 +COOKIE_SAMESITE_NONE=1 +ENGINE_API_KEY=CHANGE_ME +GCS_CREDENTIALS= +GCS_BUCKET_NAME= +GCS_IMAGE_FOLDER= +INTERNET_ARCHIVE_S3_ACCESS_KEY= +INTERNET_ARCHIVE_S3_SECRET_KEY= +LANGFUSE_PUBLIC_KEY= +LANGFUSE_SECRET_KEY= +LANGFUSE_BASEURL=https://langfuse.cofacts.tw \ No newline at end of file diff --git a/env-files.sample/api-staging b/env-files.sample/api-staging new file mode 100644 index 0000000..3eac233 --- /dev/null +++ b/env-files.sample/api-staging @@ -0,0 +1,43 @@ +ELASTICSEARCH_URL=http://db-staging:9200 +ELASTIC_LOG_LEVEL=info +PORT=5000 +ADM_PORT=6000 +COOKIE_SECRETS= +ROLLBAR_TOKEN=CHANGE_ME +ROLLBAR_ENV=staging +HTTP_HEADER_APP_ID=x-app-id +HTTP_HEADER_APP_SECRET=x-app-secret +RUMORS_SITE_CORS_ORIGIN=https://dev.cofacts.tw,https://dev-en.cofacts.tw,http://localhost:3000 +RUMORS_SITE_REDIRECT_ORIGIN=https://dev.cofacts.tw,https://dev-en.cofacts.tw,http://localhost:3000 +RUMORS_LINE_BOT_CORS_ORIGIN=https://rumors-line-bot-staging.herokuapp.com,http://localhost:5001 +RUMORS_LINE_BOT_SECRET=CHANGE_ME +FACEBOOK_APP_ID=CHANGE_ME +FACEBOOK_SECRET=CHANGE_ME +FACEBOOK_CALLBACK_URL=https://dev-api.cofacts.tw/callback/facebook +TWITTER_CONSUMER_KEY=CHANGE_ME +TWITTER_CONSUMER_SECRET=CHANGE_ME +TWITTER_CALLBACK_URL=https://dev-api.cofacts.tw/callback/twitter +GITHUB_CLIENT_ID=CHANGE_ME +GITHUB_SECRET=CHANGE_ME +GITHUB_CALLBACK_URL=https://dev-api.cofacts.tw/callback/github +GOOGLE_CLIENT_ID=CHANGE_ME +GOOGLE_SECRET=CHANGE_ME +GOOGLE_CALLBACK_URL=https://dev-api.cofacts.tw/callback/google +INSTAGRAM_CLIENT_ID=CHANGE_ME +INSTAGRAM_SECRET=CHANGE_ME +INSTAGRAM_CALLBACK_URL=https://dev-api.cofacts.tw/callback/instagram +URL_RESOLVER_URL=url-resolver:4000 +GOOGLE_OAUTH_KEY_PATH=/data/service-account-key.json +GA_WEB_VIEW_ID=CHANGE_ME +GA_LINE_VIEW_ID=CHANGE_ME +TIMEZONE=+08:00 +TRUST_PROXY_HEADERS=1 +COOKIE_SAMESITE_NONE=1 +GCS_CREDENTIALS= +GCS_BUCKET_NAME= +GCS_IMAGE_FOLDER= +INTERNET_ARCHIVE_S3_ACCESS_KEY= +INTERNET_ARCHIVE_S3_SECRET_KEY= +LANGFUSE_PUBLIC_KEY= +LANGFUSE_SECRET_KEY= +LANGFUSE_BASEURL=https://langfuse.cofacts.tw \ No newline at end of file diff --git a/env-files.sample/cloudflared b/env-files.sample/cloudflared new file mode 100644 index 0000000..5aecc0e --- /dev/null +++ b/env-files.sample/cloudflared @@ -0,0 +1 @@ +TUNNEL_TOKEN=CHANGE_ME \ No newline at end of file diff --git a/env-files.sample/collab-server b/env-files.sample/collab-server new file mode 100644 index 0000000..2525334 --- /dev/null +++ b/env-files.sample/collab-server @@ -0,0 +1,2 @@ +PORT=1234 +ELASTICSEARCH_URL=http://db:9200 \ No newline at end of file diff --git a/env-files.sample/collab-server-staging b/env-files.sample/collab-server-staging new file mode 100644 index 0000000..2525334 --- /dev/null +++ b/env-files.sample/collab-server-staging @@ -0,0 +1,2 @@ +PORT=1234 +ELASTICSEARCH_URL=http://db:9200 \ No newline at end of file diff --git a/env-files.sample/db b/env-files.sample/db new file mode 100644 index 0000000..6acafd2 --- /dev/null +++ b/env-files.sample/db @@ -0,0 +1 @@ +path.repo=/usr/share/elasticsearch/data \ No newline at end of file diff --git a/env-files.sample/db-production b/env-files.sample/db-production new file mode 100644 index 0000000..3607587 --- /dev/null +++ b/env-files.sample/db-production @@ -0,0 +1,2 @@ +path.repo=/usr/share/elasticsearch/data +ES_JAVA_OPTS=-Xms1g -Xmx1g \ No newline at end of file diff --git a/env-files.sample/db-staging b/env-files.sample/db-staging new file mode 100644 index 0000000..43f2344 --- /dev/null +++ b/env-files.sample/db-staging @@ -0,0 +1,3 @@ +path.repo=/usr/share/elasticsearch/data +ES_JAVA_OPTS=-Xms512m -Xmx512m +bootstrap.memory_lock=true \ No newline at end of file diff --git a/env-files.sample/langfuse b/env-files.sample/langfuse new file mode 100644 index 0000000..2536b43 --- /dev/null +++ b/env-files.sample/langfuse @@ -0,0 +1,13 @@ +DATABASE_URL=postgresql://[USER_NAME]@cloudsql-proxy/[DB_NAME] +NEXTAUTH_URL= +NEXTAUTH_SECRET= +SALT= +ENCRYPTION_KEY= +LANGFUSE_INIT_ORG_ID= +LANGFUSE_INIT_ORG_NAME= +LANGFUSE_DEFAULT_ORG_ID= +LANGFUSE_DEFAULT_ORG_ROLE=OWNER +AUTH_GOOGLE_CLIENT_ID= +AUTH_GOOGLE_CLIENT_SECRET= +AUTH_GOOGLE_ALLOWED_DOMAINS= +AUTH_DISABLE_USERNAME_PASSWORD=true \ No newline at end of file diff --git a/env-files.sample/line-bot-en b/env-files.sample/line-bot-en new file mode 100644 index 0000000..5a80453 --- /dev/null +++ b/env-files.sample/line-bot-en @@ -0,0 +1,7 @@ +# Override variables for line-bot-en +LINE_CHANNEL_SECRET= +LINE_CHANNEL_TOKEN= +LINE_LOGIN_CHANNEL_ID= +LIFF_URL= +SITE_URLS=https://en.cofacts.tw +RUMORS_LINE_BOT_URL= \ No newline at end of file diff --git a/env-files.sample/line-bot-ja b/env-files.sample/line-bot-ja new file mode 100644 index 0000000..522b196 --- /dev/null +++ b/env-files.sample/line-bot-ja @@ -0,0 +1,7 @@ +# Override variables for line-bot-ja +LINE_CHANNEL_SECRET= +LINE_CHANNEL_TOKEN= +LINE_LOGIN_CHANNEL_ID= +LIFF_URL= +SITE_URLS=https://ja.cofacts.tw +RUMORS_LINE_BOT_URL= \ No newline at end of file diff --git a/env-files.sample/mongo b/env-files.sample/mongo new file mode 100644 index 0000000..4e8d6cf --- /dev/null +++ b/env-files.sample/mongo @@ -0,0 +1,2 @@ +MONGO_INITDB_ROOT_USERNAME=root +MONGO_INITDB_ROOT_PASSWORD=root-test-password \ No newline at end of file diff --git a/env-files.sample/site b/env-files.sample/site new file mode 100644 index 0000000..fd01763 --- /dev/null +++ b/env-files.sample/site @@ -0,0 +1,9 @@ +PORT=3000 +NODE_ENV=production +SERVER_ROLLBAR_TOKEN= +PUBLIC_ROLLBAR_TOKEN= +PUBLIC_ROLLBAR_ENV= +PUBLIC_API_URL=http://api:5000 +PUBLIC_GTM_ID= +SERVER_STACKIMPACT_AGENT_KEY= +SERVER_STACKIMPACT_APP_NAME= \ No newline at end of file diff --git a/env-files.sample/site-en b/env-files.sample/site-en new file mode 100644 index 0000000..2bd18a3 --- /dev/null +++ b/env-files.sample/site-en @@ -0,0 +1,17 @@ +PORT=3000 +NODE_ENV=production +SERVER_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_ENV=production +PUBLIC_API_URL=https://api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw +PUBLIC_GTM_ID=GTM-NJXHKTH +PUBLIC_GA_TRACKING_ID= +SERVER_STACKIMPACT_AGENT_KEY= +SERVER_STACKIMPACT_APP_NAME= +PM2_PUBLIC_KEY= +PM2_SECRET_KEY= +WEB_CONCURRENCY=1 +PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line +PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram +PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack \ No newline at end of file diff --git a/env-files.sample/site-ja b/env-files.sample/site-ja new file mode 100644 index 0000000..2bd18a3 --- /dev/null +++ b/env-files.sample/site-ja @@ -0,0 +1,17 @@ +PORT=3000 +NODE_ENV=production +SERVER_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_ENV=production +PUBLIC_API_URL=https://api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw +PUBLIC_GTM_ID=GTM-NJXHKTH +PUBLIC_GA_TRACKING_ID= +SERVER_STACKIMPACT_AGENT_KEY= +SERVER_STACKIMPACT_APP_NAME= +PM2_PUBLIC_KEY= +PM2_SECRET_KEY= +WEB_CONCURRENCY=1 +PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line +PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram +PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack \ No newline at end of file diff --git a/env-files.sample/site-staging-en b/env-files.sample/site-staging-en new file mode 100644 index 0000000..5ba35ee --- /dev/null +++ b/env-files.sample/site-staging-en @@ -0,0 +1,8 @@ +PORT=3000 +ROLLBAR_SERVER_TOKEN=CHANGE_ME +ROLLBAR_ENV=staging +NODE_ENV=production +PUBLIC_API_URL=https://dev-api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw +PUBLIC_APP_ID=RUMORS_SITE +PUBLIC_GA_TRACKING_ID= \ No newline at end of file diff --git a/env-files.sample/site-staging-ja b/env-files.sample/site-staging-ja new file mode 100644 index 0000000..5ba35ee --- /dev/null +++ b/env-files.sample/site-staging-ja @@ -0,0 +1,8 @@ +PORT=3000 +ROLLBAR_SERVER_TOKEN=CHANGE_ME +ROLLBAR_ENV=staging +NODE_ENV=production +PUBLIC_API_URL=https://dev-api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw +PUBLIC_APP_ID=RUMORS_SITE +PUBLIC_GA_TRACKING_ID= \ No newline at end of file diff --git a/env-files.sample/site-staging-zh b/env-files.sample/site-staging-zh new file mode 100644 index 0000000..5ba35ee --- /dev/null +++ b/env-files.sample/site-staging-zh @@ -0,0 +1,8 @@ +PORT=3000 +ROLLBAR_SERVER_TOKEN=CHANGE_ME +ROLLBAR_ENV=staging +NODE_ENV=production +PUBLIC_API_URL=https://dev-api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://dev-collab.cofacts.tw +PUBLIC_APP_ID=RUMORS_SITE +PUBLIC_GA_TRACKING_ID= \ No newline at end of file diff --git a/env-files.sample/site-zh b/env-files.sample/site-zh new file mode 100644 index 0000000..9a365a2 --- /dev/null +++ b/env-files.sample/site-zh @@ -0,0 +1,17 @@ +PORT=3000 +NODE_ENV=production +SERVER_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_TOKEN=CHANGE_ME +PUBLIC_ROLLBAR_ENV=production +PUBLIC_API_URL=https://api.cofacts.tw +PUBLIC_COLLAB_SERVER_URL=wss://collab.cofacts.tw +PUBLIC_GTM_ID=GTM-NJXHKTH +PUBLIC_GA_TRACKING_ID= +SERVER_STACKIMPACT_AGENT_KEY= +SERVER_STACKIMPACT_APP_NAME= +PM2_PUBLIC_KEY= +PM2_SECRET_KEY= +WEB_CONCURRENCY=2 +PUBLIC_LINE_IFTTT_APPLET_URL=https://ifttt.com/applets/VrzvihCR-cofacts-rss-line +PUBLIC_TELEGRAM_IFTTT_APPLET_URL=https://ifttt.com/applets/WRuZeP36-cofacts-rss-telegram +PUBLIC_SLACK_IFTTT_APPLET_URL=https://ifttt.com/applets/H4Sm5LDF-cofacts-rss-slack \ No newline at end of file diff --git a/env-files.sample/url-resolver b/env-files.sample/url-resolver new file mode 100644 index 0000000..99337dd --- /dev/null +++ b/env-files.sample/url-resolver @@ -0,0 +1,3 @@ +YOUTUBE_API_KEY= +ROLLBAR_TOKEN= +ROLLBAR_ENV=production \ No newline at end of file diff --git a/env-files.sample/url-resolver-production b/env-files.sample/url-resolver-production new file mode 100644 index 0000000..8d576f0 --- /dev/null +++ b/env-files.sample/url-resolver-production @@ -0,0 +1,4 @@ +YOUTUBE_API_KEY=CHANGE_ME +ROLLBAR_TOKEN=CHANGE_ME +ROLLBAR_ENV=production-cofacts +ENGINE_API_KEY=CHANGE_ME \ No newline at end of file From c1a23518fb1b8add15149c0ec225596591f6958b Mon Sep 17 00:00:00 2001 From: "claude[bot]" <209825114+claude[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 12:42:54 +0000 Subject: [PATCH 2/2] Fix docker-compose files to point to env-files instead of env-files.sample - Update all env_file paths in both docker-compose files from ./env-files.sample/ to ./env-files/ - Fix incorrect line-bot-sample reference to line-bot-zh in docker-compose.sample.yml - Enhance README deploy steps with clearer instructions and example commands for copying env files Co-authored-by: Johnson Liang --- README.md | 10 ++++++--- docker-compose.production.yml | 40 +++++++++++++++++------------------ docker-compose.sample.yml | 12 +++++------ 3 files changed, 33 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index b6b9b39..c8071dc 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,13 @@ Explanation of each environment variables are in `.env.sample` of the correspond 0. `su` to appropriate user (for instance, `docker`) 1. Clone this repo on production server -2. Make a duplicate of `env-files.sample` directory and rename to `env-files` -2. Make necessary changes to `docker-compose.yml` and files in `volumes/` -3. `docker-compose up -d` +2. Copy the `env-files.sample` directory to `env-files` and populate with your actual environment values: + ```bash + cp -r env-files.sample env-files + # Edit files in env-files/ with your actual configuration values + ``` +3. Make necessary changes to `docker-compose.yml` and files in `volumes/` +4. `docker-compose up -d` If you want ot run the whole Cofacts on the laptop, you may find this note useful: diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 110e353..2102b38 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -21,42 +21,42 @@ services: restart: unless-stopped command: tunnel run env_file: - - ./env-files.sample/cloudflared + - ./env-files/cloudflared site-en: image: cofacts/rumors-site:latest-en env_file: - - ./env-files.sample/site-en + - ./env-files/site-en restart: always site-zh: image: cofacts/rumors-site:latest-tw env_file: - - ./env-files.sample/site-zh + - ./env-files/site-zh restart: always site-ja: image: cofacts/rumors-site:latest-ja env_file: - - ./env-files.sample/site-ja + - ./env-files/site-ja restart: always site-staging-en: image: cofacts/rumors-site:latest-en env_file: - - ./env-files.sample/site-staging-en + - ./env-files/site-staging-en restart: always site-staging-zh: image: cofacts/rumors-site:latest-tw env_file: - - ./env-files.sample/site-staging-zh + - ./env-files/site-staging-zh restart: always site-staging-ja: image: cofacts/rumors-site:latest-ja env_file: - - ./env-files.sample/site-staging-ja + - ./env-files/site-staging-ja restart: always line-bot-zh: @@ -73,7 +73,7 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files.sample/line-bot-zh + - ./env-files/line-bot-zh volumes: - "./volumes/line-bot:/data" @@ -90,8 +90,8 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files.sample/line-bot-zh - - ./env-files.sample/line-bot-en + - ./env-files/line-bot-zh + - ./env-files/line-bot-en line-bot-ja: image: cofacts/rumors-line-bot:latest-ja @@ -106,13 +106,13 @@ services: gcp-meta-id: gcp-project: env_file: - - ./env-files.sample/line-bot-zh - - ./env-files.sample/line-bot-ja + - ./env-files/line-bot-zh + - ./env-files/line-bot-ja api: image: cofacts/rumors-api env_file: - - ./env-files.sample/api-production + - ./env-files/api-production volumes: - "./volumes/api:/data" restart: always @@ -120,7 +120,7 @@ services: api-staging: image: cofacts/rumors-api env_file: - - ./env-files.sample/api-staging + - ./env-files/api-staging volumes: - "./volumes/api:/data" restart: always @@ -128,7 +128,7 @@ services: db: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 env_file: - - ./env-files.sample/db-production + - ./env-files/db-production volumes: - "./volumes/db-production:/usr/share/elasticsearch/data" restart: always @@ -139,7 +139,7 @@ services: db-staging: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 env_file: - - ./env-files.sample/db-staging + - ./env-files/db-staging ulimits: memlock: soft: -1 @@ -158,7 +158,7 @@ services: ports: # expose for debugging - "4000:4000" env_file: - - ./env-files.sample/url-resolver-production + - ./env-files/url-resolver-production redis: image: redis:alpine @@ -171,12 +171,12 @@ services: restart: always image: cofacts/collab-server env_file: - - ./env-files.sample/collab-server + - ./env-files/collab-server collab-server-staging: image: cofacts/collab-server:dev env_file: - - ./env-files.sample/collab-server-staging + - ./env-files/collab-server-staging # LLM observability tool # @@ -184,7 +184,7 @@ services: restart: always image: langfuse/langfuse:2 env_file: - - ./env-files.sample/langfuse + - ./env-files/langfuse depends_on: - cloudsql-proxy diff --git a/docker-compose.sample.yml b/docker-compose.sample.yml index a636216..5bd19ac 100644 --- a/docker-compose.sample.yml +++ b/docker-compose.sample.yml @@ -4,7 +4,7 @@ services: site: image: cofacts/rumors-site:latest-en env_file: - - ./env-files.sample/site + - ./env-files/site ports: - "3000:3000" depends_on: @@ -13,7 +13,7 @@ services: api: image: cofacts/rumors-api env_file: - - ./env-files.sample/api + - ./env-files/api volumes: - "./volumes/api:/data" ports: @@ -25,7 +25,7 @@ services: db: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2 env_file: - - ./env-files.sample/db + - ./env-files/db volumes: - "./volumes/db-sample:/usr/share/elasticsearch/data" ports: @@ -36,12 +36,12 @@ services: ports: # expose for debugging - "4000:4000" env_file: - - ./env-files.sample/url-resolver + - ./env-files/url-resolver line-bot-zh: image: cofacts/rumors-line-bot:dev env_file: - - ./env-files.sample/line-bot-sample + - ./env-files/line-bot-zh ports: - "5001:5001" depends_on: @@ -55,7 +55,7 @@ services: mongo: image: mongo:3.6 env_file: - - ./env-files.sample/mongo + - ./env-files/mongo ports: - "27017:27017" volumes: