diff --git a/Dockerfile b/Dockerfile index 49928e2c17..62e0cbab2f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -151,8 +151,8 @@ ENV CLICKHOUSE_HOST=http://localhost:8123 ENV MINIO_ROOT_USER=minioadmin ENV MINIO_ROOT_PASSWORD=minioadmin -# Default environment variables for supervisord (can be overridden at runtime with -e) -# These are read by supervisord.conf using %(ENV_VAR)s syntax +# Default environment variables (can be overridden at runtime via docker-compose or -e) +# These are inherited by all supervisord child processes automatically ENV NEXT_PUBLIC_HELICONE_JAWN_SERVICE=http://localhost:8585 ENV S3_ENDPOINT=http://localhost:9080 ENV S3_ACCESS_KEY=minioadmin @@ -161,6 +161,11 @@ ENV S3_BUCKET_NAME=request-response-storage ENV S3_PROMPT_BUCKET_NAME=prompt-body-storage ENV BETTER_AUTH_SECRET=change-me-in-production +# Entrypoint generates __ENV.js from NEXT_PUBLIC_* env vars before starting services +COPY docker-entrypoint.sh /docker-entrypoint.sh +RUN chmod +x /docker-entrypoint.sh + +ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"] # -------------------------------------------------------------------------------------------------------------------- diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh new file mode 100755 index 0000000000..9f06bd1288 --- /dev/null +++ b/docker-entrypoint.sh @@ -0,0 +1,31 @@ +#!/bin/bash +set -e + +# Generate __ENV.js from all NEXT_PUBLIC_* environment variables +# This ensures the frontend has correct runtime values from docker-compose +# before Next.js starts (defense-in-depth alongside next-runtime-env) + +ENV_JS_PATH="/app/web/public/__ENV.js" + +# Build JSON object from all NEXT_PUBLIC_* env vars +JSON="{" +FIRST=true +while IFS='=' read -r KEY VALUE; do + if [[ "$KEY" == NEXT_PUBLIC_* ]]; then + if [ "$FIRST" = true ]; then + FIRST=false + else + JSON+="," + fi + # Escape backslashes and double quotes in the value + ESCAPED_VALUE=$(printf '%s' "$VALUE" | sed 's/\\/\\\\/g; s/"/\\"/g') + JSON+="\"$KEY\":\"$ESCAPED_VALUE\"" + fi +done < <(env | sort) +JSON+="}" + +echo "window.__ENV = $JSON;" > "$ENV_JS_PATH" +echo "Generated $ENV_JS_PATH with NEXT_PUBLIC_* environment variables" + +# Execute the original command (supervisord) +exec "$@" diff --git a/supervisord.conf b/supervisord.conf index 312697e78f..1d5385849e 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -40,8 +40,9 @@ stdout_logfile=/var/log/supervisor/jawn.out.log stdout_logfile_maxbytes=50MB stderr_logfile_maxbytes=50MB user=root -; S3_ENDPOINT and BETTER_AUTH_SECRET can be overridden via Docker env vars for remote deployments -environment=S3_ACCESS_KEY="%(ENV_S3_ACCESS_KEY)s",S3_SECRET_KEY="%(ENV_S3_SECRET_KEY)s",S3_ENDPOINT="%(ENV_S3_ENDPOINT)s",S3_PROMPT_BUCKET_NAME="%(ENV_S3_PROMPT_BUCKET_NAME)s",S3_BUCKET_NAME="%(ENV_S3_BUCKET_NAME)s",KAFKA_CREDS='{"KAFKA_ENABLED": "false", "UPSTASH_KAFKA_BROKER": "localhost:9092", "UPSTASH_KAFKA_URL": "http://localhost:9092", "LOCAL_KAFKA": true}',OPENROUTER_WORKER_URL="http://localhost:8788",OPENAI_API_KEY="sk-...",OPENROUTER_API_KEY="sk-....",PROVIDER_KEYS='{ "DEMO_OPENAI_API_KEY": "sk-..." }',CSB_API_KEY="sk-...",TOGETHER_API_KEY="sk-...",STRIPE_SECRET_KEY="sk_dummy_key_12345678901234567890123456789012345678901234567890",NEXT_PUBLIC_BETTER_AUTH="true",BETTER_AUTH_SECRET="%(ENV_BETTER_AUTH_SECRET)s",DATABASE_URL="http://localhost:8123",SUPABASE_DATABASE_URL="postgresql://postgres:password@localhost:5432/helicone_test",HELICONE_WORKER_URL="http://localhost:8585/v1/gateway/oai",NODE_ENV="development",LOG_LEVEL="debug" +; S3_*, BETTER_AUTH_SECRET, and NEXT_PUBLIC_* vars are inherited from Docker env (set in Dockerfile/docker-compose) +; Do NOT re-declare them here with %(ENV_...)s — that can override docker-compose values with Dockerfile defaults +environment=KAFKA_CREDS='{"KAFKA_ENABLED": "false", "UPSTASH_KAFKA_BROKER": "localhost:9092", "UPSTASH_KAFKA_URL": "http://localhost:9092", "LOCAL_KAFKA": true}',OPENROUTER_WORKER_URL="http://localhost:8788",OPENAI_API_KEY="sk-...",OPENROUTER_API_KEY="sk-....",PROVIDER_KEYS='{ "DEMO_OPENAI_API_KEY": "sk-..." }',CSB_API_KEY="sk-...",TOGETHER_API_KEY="sk-...",STRIPE_SECRET_KEY="sk_dummy_key_12345678901234567890123456789012345678901234567890",NEXT_PUBLIC_BETTER_AUTH="true",DATABASE_URL="http://localhost:8123",SUPABASE_DATABASE_URL="postgresql://postgres:password@localhost:5432/helicone_test",HELICONE_WORKER_URL="http://localhost:8585/v1/gateway/oai",NODE_ENV="development",LOG_LEVEL="debug" [program:web] command=yarn start @@ -51,8 +52,9 @@ autorestart=true stderr_logfile=/var/log/supervisor/web.err.log stdout_logfile=/var/log/supervisor/web.out.log user=root -; NEXT_PUBLIC_HELICONE_JAWN_SERVICE must be set to public URL for remote deployments (browser connects to this) -environment=VERCEL="1",VERCEL_ENV="development",NEXT_PUBLIC_SLACK_CLIENT_ID="1234567890",SLACK_CLIENT_SECRET="1234567890",NEXT_PUBLIC_BASE_PATH="https://oai.helicone.ai/v1",NEXT_PUBLIC_HELICONE_JAWN_SERVICE="%(ENV_NEXT_PUBLIC_HELICONE_JAWN_SERVICE)s",DATABASE_URL="postgresql://postgres:password@localhost:5432/helicone_test",BETTER_AUTH_SECRET="%(ENV_BETTER_AUTH_SECRET)s",NEXT_PUBLIC_BETTER_AUTH="true" +; NEXT_PUBLIC_HELICONE_JAWN_SERVICE and BETTER_AUTH_SECRET are inherited from Docker env (set in Dockerfile/docker-compose) +; Do NOT re-declare them here with %(ENV_...)s — that can override docker-compose values with Dockerfile defaults +environment=VERCEL="1",VERCEL_ENV="development",NEXT_PUBLIC_SLACK_CLIENT_ID="1234567890",SLACK_CLIENT_SECRET="1234567890",NEXT_PUBLIC_BASE_PATH="https://oai.helicone.ai/v1",DATABASE_URL="postgresql://postgres:password@localhost:5432/helicone_test",NEXT_PUBLIC_BETTER_AUTH="true" [program:flyway-migrate] command=/bin/bash -c "until pg_isready -U postgres; do echo 'Waiting for PostgreSQL...'; sleep 2; done && flyway migrate"