move secrets to env through cicd

backend/.env.deploy

@@ -1,10 +0,0 @@
-DB_HOST = "db"
-DB_USER = "maia"
-DB_PASSWORD = "Cr7#qVVYF*8s&#jsnay^!EDf5X31Fs"
-DB_NAME = "maia"
-
-REDIS_URL = "redis://redis:6379"
-
-PEPPER = "LsD7%"
-JWT_SECRET_KEY="1c8cf3ca6972b365f8108dad247e61abdcb6faff5a6c8ba00cb6fa17396702bf"
-GOOGLE_API_KEY="AIzaSyBrte_mETZJce8qE6cRTSz_fHOjdjlShBk"

backend/core/config.py

@@ -2,7 +2,7 @@
 from pydantic_settings import BaseSettings
 import os
 
-DOTENV_PATH = os.path.join(os.path.dirname(__file__), "../.env.local")
+DOTENV_PATH = os.path.join(os.path.dirname(__file__), "../.env")
 
 
 class Settings(BaseSettings):

backend/docker-compose.deploy.yml

@@ -5,6 +5,15 @@ services:
     container_name: MAIA_API
     restart: unless-stopped
     command: uvicorn main:app --host 0.0.0.0 --port 8000
+    environment:
+      DB_HOST: ${DB_HOST}
+      DB_USER: ${DB_USER}
+      DB_NAME: ${DB_NAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      REDIS_URL: ${REDIS_URL}
+      PEPPER: ${PEPPER}
+      JWT_SECRET_KEY: ${JWT_SECRET_KEY}
+      GOOGLE_API_KEY: $GOOGLE_API_KEY}
     expose:
       - "8000"
     depends_on:
@@ -12,8 +21,6 @@ services:
       - redis
     networks:
       - default
-    env_file:
-      - ./.env.deploy
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.maia.rule=Host(`maia.depaoli.id.au`)"
@@ -29,6 +36,15 @@ services:
     container_name: MAIA_Worker
     restart: unless-stopped
     command: celery -A core.celery_app worker --loglevel=info
+    environment:
+      DB_HOST: ${DB_HOST}
+      DB_USER: ${DB_USER}
+      DB_NAME: ${DB_NAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      REDIS_URL: ${REDIS_URL}
+      PEPPER: ${PEPPER}
+      JWT_SECRET_KEY: ${JWT_SECRET_KEY}
+      GOOGLE_API_KEY: $GOOGLE_API_KEY}
     depends_on:
       - db
       - redis