fix(dashboard): use env_file to read dashboard env first

[mcstepp]

What does this PR do?

• The dashboard service will load all variables from ./apps/dashboard/.env
• Any variables defined in the environment section will override those from the env file
• No functional changes to the running application - same environment variables are available

This follows Docker Compose best practices for configuration management and makes the setup more maintainable for local development.

Updates to Github Flows

Docker Compose parses and validates the entire compose file before starting any services, even if you're only running specific ones; the two workflows in question are not starting the dashboard service.

When it encounters the env_file directive, it immediately tries to verify that the file exists, regardless of whether that service will actually be started.

Type of change

• Bug fix (non-breaking change which fixes an issue)
• Chore (refactoring code, technical debt, workflow improvements)
• Enhancement (small improvements)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How should this be tested?

One way to test would be to verify your env file is loaded:

• Set AUTH_PROVIDER to "workos"
• Follow quick start steps for deployment feature.
• When navigating to dashboard, you should be prompted to login per WorkOS flow

Checklist

Required

• Filled out the "How to test" section in this PR
• Read Contributing Guide
• Self-reviewed my own code
• Commented on my code in hard-to-understand areas
• Ran pnpm build
• Ran pnpm fmt
• Checked for warnings, there are none
• Removed all console.logs
• Merged the latest changes from main onto my branch with git pull origin main
• My changes don't cause any responsiveness issues

Appreciated

• If a UI change was made: Added a screen recording or screenshots to this PR
• Updated the Unkey Docs if changes were necessary

Summary by CodeRabbit

• Security

  • Removed hard-coded credentials and workspace/API identifiers from dashboard configuration to reduce exposure risk.
  • Sensitive settings are now sourced from an external environment file for safer handling.

• Chores

  • Deployment and CI now ensure the dashboard environment file exists prior to starting services, improving setup reliability and maintainability.
  • No functional changes for end-users.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 65772ad

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
dashboard	Ready	Preview	Comment	Aug 15, 2025 4:21pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
engineering	Ignored	Preview		Aug 15, 2025 4:21pm

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated deployment/docker-compose.yaml to load the dashboard service environment from ../apps/dashboard/.env and removed inline environment entries for database credentials, auth provider, and workspace/API IDs. CI workflows now ensure ./apps/dashboard/.env exists before Docker Compose runs.

Changes

Cohort / File(s)	Summary of changes
Docker Compose env sourcing deployment/docker-compose.yaml	Added env_file: ../apps/dashboard/.env to the dashboard service; removed inline DATABASE_USERNAME, DATABASE_PASSWORD, AUTH_PROVIDER, UNKEY_WORKSPACE_ID, and UNKEY_API_ID environment entries; other dashboard environment settings unchanged.
CI: create dashboard .env before compose .github/workflows/job_test_api_local.yaml, .github/workflows/job_test_go_api_local.yaml	Added a step to create ./apps/dashboard (mkdir -p) and touch ./apps/dashboard/.env before running Docker Compose to ensure the env file exists (idempotent). No other workflow logic changed.

Sequence Diagram(s)

sequenceDiagram
    participant CI as GitHub Actions
    participant FS as Repo filesystem
    participant DC as Docker Compose
    CI->>FS: mkdir -p ./apps/dashboard && touch ./apps/dashboard/.env
    CI->>DC: docker compose up
    DC->>FS: read ../apps/dashboard/.env for dashboard service env
    DC->>DashboardContainer: start with env from file + remaining inline env

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• fix: Add a webhook for WorkOS, update middleware to allow webhooks #3048 — Related changes to dashboard environment and webhook configuration that depend on env-file-based settings.

Suggested reviewers

• chronark
• ogzhanolguncu
• perkinsjr

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch improve-deploy-docker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Thank you for following the naming conventions for pull request titles! 🙏

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 39b97f3 and 718360c.

📒 Files selected for processing (1)

• deployment/docker-compose.yaml (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: chronark
PR: unkeyed/unkey#3638
File: deployment/docker-compose.yaml:81-94
Timestamp: 2025-07-22T09:02:12.495Z
Learning: The docker-compose.yaml file in deployment/ is specifically for development environments, not production. Kafka and other service configurations in this file should be optimized for development convenience rather than production security/hardening.

🪛 YAMLlint (1.37.1)

deployment/docker-compose.yaml

[error] 209-209: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build / Build
• GitHub Check: Analyze (javascript-typescript)

[mcstepp]

FYI fixing it. CI/CD is yelling about no .env file

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these settings in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 9504f46 and ed5ba68.

📒 Files selected for processing (2)

• .github/workflows/job_test_api_local.yaml (1 hunks)
• .github/workflows/job_test_go_api_local.yaml (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: chronark
PR: unkeyed/unkey#3638
File: deployment/docker-compose.yaml:81-94
Timestamp: 2025-07-22T09:02:12.495Z
Learning: The docker-compose.yaml file in deployment/ is specifically for development environments, not production. Kafka and other service configurations in this file should be optimized for development convenience rather than production security/hardening.

🔇 Additional comments (2)

.github/workflows/job_test_go_api_local.yaml (1)

12-15: Solid fix to unblock Compose parse by ensuring the dashboard .env exists.

This guards against docker compose failing early due to the new env_file requirement. Placement right after checkout is fine and idempotent.

.github/workflows/job_test_api_local.yaml (1)

15-18: Good placement before docker compose up; prevents early failure.

Creating ./apps/dashboard/.env before “Run containers” aligns with the env_file change and keeps this job green without altering runtime behavior.

[mcstepp]

hi frens :sob-cat:

[graphite-app]

[graphite-app]

Graphite Automations

"Post a GIF when PR approved" took an action on this PR • (08/15/25)

1 gif was posted to this PR based on Andreas Thomas's automation.