Skip to content

Add posgreSQL for local development #154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add posgreSQL for local development #154

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions postgres.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM postgres:18.0-alpine3.22

ENV POSTGRES_USER=opensox
ENV POSTGRES_PASSWORD=opensox
ENV POSTGRES_DB=opensox
Comment on lines +3 to +5
Copy link
Contributor

@coderabbitai coderabbitai bot Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Move hardcoded credentials to runtime environment variables.

Hardcoding credentials in the Dockerfile embeds them permanently in the image layer history. This is a security risk, especially if the image is ever pushed to a registry. Credentials should be passed at container runtime instead.

Use docker run with the -e flag to pass credentials at runtime:

docker run -p 5432:5432 \
  -e POSTGRES_USER=opensox \
  -e POSTGRES_PASSWORD=opensox \
  -e POSTGRES_DB=opensox \
  --name opensox-postgres opensox-db

Alternatively, use a docker-compose.yml to manage credentials via an .env file:

version: '3.8'
services:
  postgres:
    build:
      dockerfile: postgres.Dockerfile
    container_name: opensox-postgres
    ports:
      - "5432:5432"
    environment:
      POSTGRES_USER: ${POSTGRES_USER:-opensox}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-opensox}
      POSTGRES_DB: ${POSTGRES_DB:-opensox}
    volumes:
      - postgres_data:/var/lib/postgresql/data

volumes:
  postgres_data:

Then create a .env file (and add it to .gitignore):

POSTGRES_USER=opensox
POSTGRES_PASSWORD=opensox
POSTGRES_DB=opensox

Then run with: docker-compose up -d

🤖 Prompt for AI Agents 
postgres.Dockerfile lines 3-5: the file currently hardcodes
POSTGRES_USER/POSTGRES_PASSWORD/POSTGRES_DB which embeds secrets in the image
history; remove these ENV lines from the Dockerfile and rely on passing these
values at container runtime (docker run -e or via docker-compose with an .env
file), optionally expose non-secret build-time ARGs if you want defaults but do
not set actual credentials in the image, update the repo README with the
recommended docker run/docker-compose invocation, and add instructions to create
an .env and ensure .env is listed in .gitignore.


EXPOSE 5432