Open gorbak25 opened 13 hours ago
Very good question! We run the prisma generate step inside the "build" stage of the container, and inject the DATABASE_URL env var via a build argument, just to that stage. The final stage of the container then will not have that DATABASE_URL env var embedded inside it. We don't embed any sensitive env vars to final stage. You can see for yourself here: https://github.com/triggerdotdev/trigger.dev/blob/b590a318a22216dd93063c8a05acde35dd44929b/packages/cli-v3/src/deploy/buildImage.ts#L590
@ericallam The problem is that this environment variable is only set when migrations are enabled in the prisma extension: https://github.com/triggerdotdev/trigger.dev/blob/b3a6f4e0ac62f10f6c539c933e7ec46b8843c87e/packages/build/src/extensions/prisma.ts#L230
With the following configuration
prismaExtension({
schema: "prisma/schema.prisma",
directUrlEnvVarName: "DATABASE_URL",
typedSql: true,
migrate: false,
}),
DATABASE_URL will never get set during the build. I've fixed this issue by enabling migrations.
I've changed the title of this issue to better reflect the problem
Provide environment information
Describe the bug
After applying the workaround from #1325, that is copying the
sql
folder into the location expected by the clinpx trigger.dev@latest deploy
still fails withThis is expected as prisma needs to connect to a live database during the build when TypedSQL is enabled. By exposing the secrets to the build the resulting container could leak them, how does the build system handle the secrets?
Reproduction repo
N/A
To reproduce
Try deploying a project with prisma and TypedSQL enabled.
Additional information
No response