Add support for Docker Secrets with new DATABASE environment variables

[kuya1284]

It would be nice if Docker Secrets were supported as this would help keep sensitive information like passwords more secure, especially for those who commit their compose.yaml and .env files to a repo. In addition, it would be nice to add the following new environment variables instead of having to pass a URL string containing the password. The URL could then be constructed on the backend using these new environment variables:

• DATABASE_HOSTNAME
• DATABASE_NAME
• DATABASE_USERNAME
• DATABASE_PASSWORD | DATABASE_PASSWORD_FILE

The existing DATABASE_URL variable could be preserved to maintain backwards compatibility, but I think it would make things easier to configure/maintain if the aforementioned variables were added as well.

Here's a sample of what the compose.yaml could look like:

services:
  db:
    container_name: zipline-db
    image: postgres:16
    environment:
      - POSTGRES_DB=${POSTGRES_DATABASE:-zipline}
      - POSTGRES_USER=${POSTGRES_USER:-zipline}
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgresql_password
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'zipline']
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - backend
    restart: unless-stopped
    secrets:
      - postgresql_password
    volumes:
      - ./postgresql:/var/lib/postgresql/data

  zipline:
    container_name: zipline-app
    image: ghcr.io/diced/zipline:latest
    depends_on:
      db:
        condition: service_healthy
    environment:
      - CORE_SECRET_FILE=/run/secrets/core_secret
      - DATABASE_HOSTNAME=db
      - DATABASE_NAME=${POSTGRES_DATABASE:-zipline}
      - DATABASE_USERNAME=${POSTGRES_DATABASE:-zipline}
      - DATABASE_PASSWORD_FILE=/run/secrets/postgresql_password
      - DATASOURCE_TYPE=local
    healthcheck:
      test: ['CMD', 'wget', '-q', '--spider', 'http://0.0.0.0:3000/api/healthcheck']
      interval: 15s
      timeout: 2s
      retries: 2
    ports:
      - 3000:3000
    restart: unless-stopped
    secrets:
      - core_secret
      - postgresql_password
    volumes:
      - ./uploads:/zipline/uploads
      - ./public:/zipline/public
      - ./themes:/zipline/themes

secrets:
  core_secret:
    file: /opt/docker/secrets/zipline/core-secret
  postgresql_password:
    file: /opt/docker/secrets/zipline/postgresql-password

Many apps (i.e. Postgres) leverage Docker Secrets and I think it would be a wonderful feature if support for it were added.

[diced]

as of ee16814 i've added the ability to just add _FILE to the end of any environment variable, and given a valid path, it will read from that file and set the value of the actual environment variable. so far, i haven't added the seperate db vars but this could prolly be worked around by just setting a file to the database url if you wanted

[kuya1284]

@diced, thank you very much. This is a huge improvement.