Conversation
estellebertrand
left a comment
estellebertrand
left a comment
There was a problem hiding this comment.
Well done ! All good on my side, my DAGs work :)
There was a problem hiding this comment.
AIRFLOW_ADMIN_MAIL=<fill here>
AIRFLOW_ADMIN_FIRSTNAME=<fill here>
AIRFLOW_ADMIN_NAME=<fill here>
AIRFLOW_ADMIN_PASSWORD=<fill here>
Those env vars are not used anymore from what I see in docker-compose.yml, but I'd advice to add the new login vars to .envExample so we know the login details by default + where to update them without going into the docker compose file:
_AIRFLOW_WWW_USER_USERNAME: <username to fill> # by default "airflow"
_AIRFLOW_WWW_USER_PASSWORD: <password to fill> # by default "airflow"
There was a problem hiding this comment.
Hmm weird because I have not set the two ones in the docker-compose, but the ones in .env instead, and they are the ones that worked in the UI 🤔
.envExample
Outdated
| AIRFLOW__SMTP__SMTP_MAIL_FROM=<fill here> | ||
| AIRFLOW__CORE__LOAD_DEFAULT_CONNECTIONS=False | ||
| AIRFLOW__CORE__SQL_ALCHEMY_CONN=postgres+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres:5432/$POSTGRES_DB | ||
| AIRFLOW__CORE__FERNET_KEY=81HqDtbqAywKSOumSha3BhWNOdQ26slT6K0YaZeZyPs= |
There was a problem hiding this comment.
Key value to be replaced by placeholder
There was a problem hiding this comment.
It is like this in the current repo, maybe it was pushed by mistake, but does it matter to have it clear in here?
| @@ -0,0 +1,3285 @@ | |||
| [core] | |||
There was a problem hiding this comment.
nit: the airflow.cfg is optional. So if you set up all the variables with AIRFLOW__XXXX__* & all instead you can stop using this file. This make it easier to maintain in the long run since they tend to often make changes to the defaults.
There was a problem hiding this comment.
Hmm maybe it's fair to keep the docker-compose file rather small and to keep the config file? I am not sure either way, 🤔
There was a problem hiding this comment.
You just need to define the variables you change. In Annuaire we are just changing 3 variables so it looks like: https://github.com/annuaire-entreprises-data-gouv-fr/search-infra/blob/ea1093bb1a911028a7c70530f895f47b551af475/docker-compose.yml#L15-L17
| condition: service_healthy | ||
|
|
||
| services: | ||
| postgres: |
There was a problem hiding this comment.
We should add a published port to access the postgres from outside docker :
ports:
- "5432:5432"
Ideally using vars from the .env so we can easily avoid concurrent ports when another local Pg is already running at 5432:
ports:
- "${PG_HOST_PORT}:5432"
(corrected, misplaced the variable)
Correct some inconsistencies in the environment variables : - old variables from Airflow 2 corrected to 3 - ensuring env variables are used whenever possible to avoid errors if the user changes some variable values
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 29418647 | Triggered | Generic Password | 0640d10 | docker-compose.yml | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
3 participants
No description provided.