From 0640d10e6af27f26b58191345e7388bb23319838 Mon Sep 17 00:00:00 2001 From: estelle Date: Wed, 1 Apr 2026 12:05:27 +0200 Subject: [PATCH 1/2] fix: inconsistency in env var usage --- .envExample | 12 +++++------- docker-compose.yml | 10 +++++----- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/.envExample b/.envExample index e531fe9..7a8769b 100755 --- a/.envExample +++ b/.envExample @@ -1,17 +1,15 @@ AIRFLOW_UID=1000 -POSTGRES_USER=airflow +POSTGRES_USER= POSTGRES_PASSWORD= -POSTGRES_DB=airflow -AIRFLOW_ADMIN_MAIL= -AIRFLOW_ADMIN_FIRSTNAME= -AIRFLOW_ADMIN_NAME= -AIRFLOW_ADMIN_PASSWORD= +POSTGRES_DB= +_AIRFLOW_WWW_USER_USERNAME= +_AIRFLOW_WWW_USER_PASSWORD= AIRFLOW_POSTGRES_PORT=5432 AIRFLOW_WEBSERVER_PORT=8080 AIRFLOW_LOG_SERVER_PORT=5894 AIRFLOW__WEBSERVER__BASE_URL=http://localhost:$AIRFLOW_WEBSERVER_PORT AIRFLOW__CORE__LOAD_DEFAULT_CONNECTIONS=False -AIRFLOW__CORE__SQL_ALCHEMY_CONN=postgres+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres:5432/$POSTGRES_DB +AIRFLOW__DATABASE__SQL_ALCHEMY_CONN=postgres+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres:5432/$POSTGRES_DB AIRFLOW_CONN_METADATA_DB=postgres+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres:5432/$POSTGRES_DB AIRFLOW_VAR__METADATA_DB_SCHEMA=$POSTGRES_DB AIRFLOW_ENV=dev diff --git a/docker-compose.yml b/docker-compose.yml index 55f3120..9bfac96 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -57,7 +57,7 @@ x-airflow-common: &airflow-common-env AIRFLOW__CORE__EXECUTOR: CeleryExecutor AIRFLOW__CORE__AUTH_MANAGER: airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager - AIRFLOW__CELERY__RESULT_BACKEND: db+postgresql://airflow:airflow@postgres/airflow + AIRFLOW__CELERY__RESULT_BACKEND: db+postgresql://${POSTGRES_USER:-airflow}:${POSTGRES_PASSWORD:-airflow}@postgres/${POSTGRES_DB:-airflow} AIRFLOW__CELERY__BROKER_URL: redis://:@redis:6379/0 AIRFLOW__CORE__FERNET_KEY: '' AIRFLOW__CORE__DAGS_ARE_PAUSED_AT_CREATION: 'true' @@ -91,13 +91,13 @@ services: postgres: image: postgres:16 environment: - POSTGRES_USER: airflow - POSTGRES_PASSWORD: airflow - POSTGRES_DB: airflow + POSTGRES_USER: ${POSTGRES_USER:-airflow} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-airflow} + POSTGRES_DB: ${POSTGRES_DB:-airflow} volumes: - postgres-db-volume:/var/lib/postgresql/data healthcheck: - test: ["CMD", "pg_isready", "-U", "airflow"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER:-airflow}"] interval: 10s retries: 5 start_period: 5s From 78dee92d5df79f644d179c09f8b967972401700d Mon Sep 17 00:00:00 2001 From: estelle Date: Wed, 1 Apr 2026 14:23:50 +0200 Subject: [PATCH 2/2] fix: avoid false secret leak alarms --- docker-compose.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 9bfac96..1862264 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -57,7 +57,7 @@ x-airflow-common: &airflow-common-env AIRFLOW__CORE__EXECUTOR: CeleryExecutor AIRFLOW__CORE__AUTH_MANAGER: airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager - AIRFLOW__CELERY__RESULT_BACKEND: db+postgresql://${POSTGRES_USER:-airflow}:${POSTGRES_PASSWORD:-airflow}@postgres/${POSTGRES_DB:-airflow} + AIRFLOW__CELERY__RESULT_BACKEND: db+postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${POSTGRES_DB} AIRFLOW__CELERY__BROKER_URL: redis://:@redis:6379/0 AIRFLOW__CORE__FERNET_KEY: '' AIRFLOW__CORE__DAGS_ARE_PAUSED_AT_CREATION: 'true' @@ -91,13 +91,13 @@ services: postgres: image: postgres:16 environment: - POSTGRES_USER: ${POSTGRES_USER:-airflow} - POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-airflow} - POSTGRES_DB: ${POSTGRES_DB:-airflow} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} volumes: - postgres-db-volume:/var/lib/postgresql/data healthcheck: - test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER:-airflow}"] + test: ["CMD", "pg_isready", "-U", "${POSTGRES_USER}"] interval: 10s retries: 5 start_period: 5s @@ -291,8 +291,8 @@ services: <<: *airflow-common-env _AIRFLOW_DB_MIGRATE: 'true' _AIRFLOW_WWW_USER_CREATE: 'true' - _AIRFLOW_WWW_USER_USERNAME: ${_AIRFLOW_WWW_USER_USERNAME:-airflow} - _AIRFLOW_WWW_USER_PASSWORD: ${_AIRFLOW_WWW_USER_PASSWORD:-airflow} + _AIRFLOW_WWW_USER_USERNAME: ${_AIRFLOW_WWW_USER_USERNAME} + _AIRFLOW_WWW_USER_PASSWORD: ${_AIRFLOW_WWW_USER_PASSWORD} _PIP_ADDITIONAL_REQUIREMENTS: '' user: "0:0"