Skip to content

feat(server): Override PG password in dockerfile#143

Open
lan17 wants to merge 2 commits intomainfrom
lev/overridepassword
Open

feat(server): Override PG password in dockerfile#143
lan17 wants to merge 2 commits intomainfrom
lev/overridepassword

Conversation

@lan17
Copy link
Contributor

@lan17 lan17 commented Mar 20, 2026
edited
Loading

Summary

  • Add a Compose-level PostgreSQL password override so users can start the bundled Postgres container with a non-default password.
  • Wire the same override into the server container's AGENT_CONTROL_DB_URL so the bundled server uses the matching credential by default.
  • Correct the env var name to AGENT_CONTROL_POSTGRES_PASSWORD and document it in the root quickstart README.

Scope

  • User-facing/API changes:
    • docker-compose.yml now supports AGENT_CONTROL_POSTGRES_PASSWORD for the bundled Postgres + server setup.
    • README.md quickstart now shows how to override the bundled PostgreSQL password.
  • Internal changes:
    • Replace the hardcoded compose password with environment-variable interpolation.
    • Keep the server container DB URL in sync with the compose-managed Postgres password.
  • Out of scope:
    • Rotating credentials for already-initialized Postgres data volumes.
    • Changes to docker-compose.dev.yml or direct server env var handling outside the bundled compose path.

Risk and Rollout

  • Risk level: low
  • Rollback plan:
    • Revert this PR to restore the previous hardcoded compose password.
    • If a deployment reused an existing Postgres volume, operators may still need to recreate the volume or manually rotate the DB user's password to match the configured env var.

Testing

  • Added or updated automated tests
  • Ran make check (or explained why not)
  • Manually verified behavior

Manual verification performed:

  • Ran docker compose -f docker-compose.yml config to verify the compose file renders correctly after the env var and quoting changes.

Why automated checks were not run:

  • This PR only changes compose wiring and README documentation; no Python application code or tests were modified.

Checklist

  • Linked issue/spec (if applicable)
  • Updated docs/examples for user-facing changes
  • Included any required follow-up tasks

Follow-up notes:

  • Existing Postgres volumes keep their original credentials; changing AGENT_CONTROL_POSTGRES_PASSWORD does not retroactively rotate the database password inside an already-initialized volume.

@codecov
Copy link

codecov bot commented Mar 20, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@lan17 lan17 marked this pull request as ready for review March 20, 2026 18:24
@lan17 lan17 requested review from abhinav-galileo and namrataghadi-galileo and removed request for namrataghadi-galileo March 20, 2026 18:33
@lan17 lan17 enabled auto-merge (squash) March 20, 2026 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhinav-galileo abhinav-galileo Awaiting requested review from abhinav-galileo

@namrataghadi-galileo namrataghadi-galileo Awaiting requested review from namrataghadi-galileo

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lan17