From 493847fc9b7a0a00a277adde5e37b79ef10e064d Mon Sep 17 00:00:00 2001 From: Miso Date: Thu, 28 May 2026 02:08:18 -0600 Subject: [PATCH 1/8] fix: remove hardcoded database credentials from prisma config Remove plaintext default credentials from prisma.config.ts and src/lib/prisma.ts. DATABASE_URL is now required at runtime with a clear error message if missing. --- prisma.config.ts | 9 ++++++--- src/lib/prisma.ts | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/prisma.config.ts b/prisma.config.ts index a356555..7e65610 100644 --- a/prisma.config.ts +++ b/prisma.config.ts @@ -1,11 +1,14 @@ import { defineConfig } from "prisma/config"; -const databaseUrl = - process.env.DATABASE_URL ?? "postgresql://dispatch:dispatch@localhost:5432/dispatch"; +if (!process.env.DATABASE_URL) { + throw new Error( + "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", + ); +} export default defineConfig({ schema: "prisma/schema.prisma", datasource: { - url: databaseUrl, + url: process.env.DATABASE_URL, }, }); diff --git a/src/lib/prisma.ts b/src/lib/prisma.ts index 442a2be..28170c1 100644 --- a/src/lib/prisma.ts +++ b/src/lib/prisma.ts @@ -3,10 +3,13 @@ import { PrismaPg } from "@prisma/adapter-pg"; import { PrFixQueueClient } from "@/lib/pr-fix-queue"; import { AgentWorkClient } from "@/lib/agent-work"; -const databaseUrl = - process.env.DATABASE_URL ?? "postgresql://dispatch:dispatch@localhost:5432/dispatch"; +if (!process.env.DATABASE_URL) { + throw new Error( + "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", + ); +} -const adapter = new PrismaPg(databaseUrl); +const adapter = new PrismaPg(process.env.DATABASE_URL); const globalForPrisma = globalThis as unknown as { prisma: PrismaClient | undefined; From 388a0ad1ef038f56626c29084a73eb9c0123c569 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Thu, 28 May 2026 09:40:57 -0600 Subject: [PATCH 2/8] fix: set dummy DATABASE_URL in vitest setup for tests --- vitest.setup.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vitest.setup.ts b/vitest.setup.ts index 39d6b24..879fd0d 100644 --- a/vitest.setup.ts +++ b/vitest.setup.ts @@ -1,6 +1,10 @@ // Import @testing-library/jest-dom/vitest for custom matchers import "@testing-library/jest-dom/vitest"; +// Provide a dummy DATABASE_URL so prisma.ts module loads without throwing. +// Tests that need real DB access mock/override as needed. +process.env.DATABASE_URL ??= "postgresql://test:test@localhost:5432/dispatch_test"; + // Patch React.act for React 19 + @testing-library/react v16 compat. // React 19 removed React.act, but older react-dom/test-utils still calls it. const React = require("react"); From 8ae80fe47282aca19683239854cdffeec935c9c2 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Thu, 28 May 2026 09:44:55 -0600 Subject: [PATCH 3/8] fix: only require DATABASE_URL in production, allow dev/CI to proceed --- prisma.config.ts | 6 ++++-- src/lib/prisma.ts | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/prisma.config.ts b/prisma.config.ts index 7e65610..e178612 100644 --- a/prisma.config.ts +++ b/prisma.config.ts @@ -1,6 +1,8 @@ import { defineConfig } from "prisma/config"; -if (!process.env.DATABASE_URL) { +const databaseUrl = process.env.DATABASE_URL; + +if (process.env.NODE_ENV === "production" && !databaseUrl) { throw new Error( "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", ); @@ -9,6 +11,6 @@ if (!process.env.DATABASE_URL) { export default defineConfig({ schema: "prisma/schema.prisma", datasource: { - url: process.env.DATABASE_URL, + url: databaseUrl ?? "postgresql://localhost:5432/dispatch", }, }); diff --git a/src/lib/prisma.ts b/src/lib/prisma.ts index 28170c1..89a85e9 100644 --- a/src/lib/prisma.ts +++ b/src/lib/prisma.ts @@ -3,13 +3,13 @@ import { PrismaPg } from "@prisma/adapter-pg"; import { PrFixQueueClient } from "@/lib/pr-fix-queue"; import { AgentWorkClient } from "@/lib/agent-work"; -if (!process.env.DATABASE_URL) { +if (process.env.NODE_ENV === "production" && !process.env.DATABASE_URL) { throw new Error( "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", ); } -const adapter = new PrismaPg(process.env.DATABASE_URL); +const adapter = new PrismaPg(process.env.DATABASE_URL!); const globalForPrisma = globalThis as unknown as { prisma: PrismaClient | undefined; From 2f37d4f0a1db0e35e8efd74f6ccc45fce74d306c Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Thu, 28 May 2026 09:53:33 -0600 Subject: [PATCH 4/8] ci: set DATABASE_URL env var for build step --- .github/workflows/ci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 615ed5e..d4b937e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -21,6 +21,8 @@ jobs: validate: name: Validate runs-on: ubuntu-latest + env: + DATABASE_URL: "postgresql://test:test@localhost:5432/dispatch_ci" steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 From 2b2143b0d5fec8b267dee0ed1d2a8ca967d85640 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Thu, 28 May 2026 09:58:21 -0600 Subject: [PATCH 5/8] docker: set DATABASE_URL env var during build stage --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7c3b883..8685bd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,7 @@ COPY --from=deps /app/node_modules ./node_modules COPY . . RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates && rm -rf /var/lib/apt/lists/* RUN npx prisma generate +ENV DATABASE_URL=postgresql://localhost:5432/dispatch RUN npm run build FROM base AS runner From 367ea2c68223229391262f87b6a1768dac9ca1bf Mon Sep 17 00:00:00 2001 From: Miso Date: Thu, 28 May 2026 16:11:59 -0600 Subject: [PATCH 6/8] fix(ci): pass DATABASE_URL to prisma validate in docker run The Validate Prisma CLI runtime step builds a fresh image and runs prisma validate inside the runner stage, which has NODE_ENV=production. Since prisma.config.ts now throws when DATABASE_URL is unset in production, we need to pass it as an env var to the docker run command. --- .github/workflows/image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 1192008..076c52b 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -70,7 +70,7 @@ jobs: docker build -t "$IMAGE" . echo "Validating Prisma CLI in image: $IMAGE" docker run --rm --entrypoint ./node_modules/.bin/prisma "$IMAGE" --version - docker run --rm --entrypoint ./node_modules/.bin/prisma "$IMAGE" validate + docker run --rm --env DATABASE_URL=postgresql://localhost:5432/dispatch --entrypoint ./node_modules/.bin/prisma "$IMAGE" validate - name: Run Trivy vulnerability scanner if: github.event_name != 'pull_request' From 9c56cd1bb4347ff4ee66215b9863d8f102bfd69b Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Fri, 29 May 2026 10:26:02 -0600 Subject: [PATCH 7/8] fix(ci): pass DATABASE_URL to prisma --version command --- .github/workflows/image.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 076c52b..c2ba00e 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -69,7 +69,7 @@ jobs: IMAGE="dispatch:prisma-cli-runtime" docker build -t "$IMAGE" . echo "Validating Prisma CLI in image: $IMAGE" - docker run --rm --entrypoint ./node_modules/.bin/prisma "$IMAGE" --version + docker run --rm --env DATABASE_URL=postgresql://localhost:5432/dispatch --entrypoint ./node_modules/.bin/prisma "$IMAGE" --version docker run --rm --env DATABASE_URL=postgresql://localhost:5432/dispatch --entrypoint ./node_modules/.bin/prisma "$IMAGE" validate - name: Run Trivy vulnerability scanner From d7598e9c69ca5500556cd623a8725ffb7128fe24 Mon Sep 17 00:00:00 2001 From: Jory Irving Date: Fri, 29 May 2026 10:38:35 -0600 Subject: [PATCH 8/8] refactor: require DATABASE_URL unconditionally, remove hidden defaults --- .github/workflows/image.yaml | 2 ++ Dockerfile | 2 +- prisma.config.ts | 4 ++-- src/lib/prisma.ts | 6 ++++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index c2ba00e..6173482 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -63,6 +63,8 @@ jobs: labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max + build-args: | + DATABASE_URL=postgresql://localhost:5432/dispatch - name: Validate Prisma CLI runtime run: | diff --git a/Dockerfile b/Dockerfile index 8685bd5..0a6711c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,11 +12,11 @@ RUN npm ci --omit=dev FROM base AS builder WORKDIR /app +ARG DATABASE_URL=postgresql://localhost:5432/dispatch COPY --from=deps /app/node_modules ./node_modules COPY . . RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates && rm -rf /var/lib/apt/lists/* RUN npx prisma generate -ENV DATABASE_URL=postgresql://localhost:5432/dispatch RUN npm run build FROM base AS runner diff --git a/prisma.config.ts b/prisma.config.ts index e178612..4223616 100644 --- a/prisma.config.ts +++ b/prisma.config.ts @@ -2,7 +2,7 @@ import { defineConfig } from "prisma/config"; const databaseUrl = process.env.DATABASE_URL; -if (process.env.NODE_ENV === "production" && !databaseUrl) { +if (!databaseUrl) { throw new Error( "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", ); @@ -11,6 +11,6 @@ if (process.env.NODE_ENV === "production" && !databaseUrl) { export default defineConfig({ schema: "prisma/schema.prisma", datasource: { - url: databaseUrl ?? "postgresql://localhost:5432/dispatch", + url: databaseUrl, }, }); diff --git a/src/lib/prisma.ts b/src/lib/prisma.ts index 89a85e9..48460a4 100644 --- a/src/lib/prisma.ts +++ b/src/lib/prisma.ts @@ -3,13 +3,15 @@ import { PrismaPg } from "@prisma/adapter-pg"; import { PrFixQueueClient } from "@/lib/pr-fix-queue"; import { AgentWorkClient } from "@/lib/agent-work"; -if (process.env.NODE_ENV === "production" && !process.env.DATABASE_URL) { +const databaseUrl = process.env.DATABASE_URL; + +if (!databaseUrl) { throw new Error( "DATABASE_URL is not set. Please set the DATABASE_URL environment variable before starting the application.", ); } -const adapter = new PrismaPg(process.env.DATABASE_URL!); +const adapter = new PrismaPg(databaseUrl); const globalForPrisma = globalThis as unknown as { prisma: PrismaClient | undefined;