Decide if Meilisearch github build is going to produce the production image or not.

[awong-dev]

Currently the dockerfile embeds the "master key" in plaintext. This isn't a security issue yet cause the build doesn't push into production. In production, the master key has to stay stable and be in sync with the fronend key send to each cloud function in order for search to work.

We need to make a clear decision on whether or not github's build of the docker image is just a CI test for stability of commit, or if it is actually creating the real produciton image.

[awong-dev]

@kzys tagging you for FYI.

[kzys]

We can supply the master key from an environment variable or somewhere.

BTW I just realized that there were Dockerfile.search and tools/search/Dockerfile. Are they both in use?

[awong-dev]

Oh shoot... that's totally my screwup. The Dockerfile.search is more recent and was supposed to replace tools/search/Dockerfile.

I cannot remember why it ended up in the root. There is a very high chance that I had done it during the entire Well Resourced School mess and was so sleep deprived and running between stuff that I just added it to an index in the wrong spot, forgot about it for a few months...and then accidentally submitted in Jan when I was trying to get things synced...

Looking at the two, Dockerfile.search is a factored out version to allow moving the masterkey into an env variable and also call the reindex script. We should probably move it back into tool/search/Dockerfile.

Sorry about that.

[kzys]

tools/search/Dockerfile was removed by #114.

Then #115 is removing the master key from the image itself.

[kzys]

We are very close to use the GitHub-built image in production.

In production, the master key has to stay stable and be in sync with the fronend key send to each cloud function in order for search to work.

We don't have the master key in Secret Manager right now. Do we?

[awong-dev]

Not yet. Feel free to add the master key and whatever frontend key is spits out.