Fixed CD pipeline to use docker-compose.yml instead of docker compose…

[mitanuriel]

… dev for production

Describe changes

Issue

• Not related to an issue

Completed?

• Yes
• No

Summary by CodeRabbit

• Style

  • Standardized formatting across backend files and tests (trailing newlines and cleaned blank lines).

• Chores

  • Deployment workflow simplified to use the default compose file.
  • Added backups volume mount for the app in compose files (dev and default).
  • Repository now ignores a top-level backups/ directory.
  • Deployment step clarified: create a .env on the server; CI/CD should not transfer secrets.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR is primarily formatting (trailing-newline and blank-line) fixes across backend files, plus deployment updates: CI now deploys using the default docker-compose.yml, both compose files mount ./backups into the app, and a top-level /backups/ path was added to .gitignore.

Changes

Cohort / File(s)	Summary
EOF newline normalization src/backend/databaseConfig.go, src/backend/errors.go, src/backend/main.go, src/backend/prometheus.go, src/backend/test_helpers.go, src/backend/weather.go	Added or normalized trailing newlines at EOF; formatting-only edits.
Test whitespace cleanup src/backend/handlers_test.go, src/backend/search_es_test.go, src/backend/prometheus_test.go	Removed or normalized extraneous blank lines in tests; no behavioral changes.
Docker Compose - dev docker-compose.dev.yml	Added volume mapping ./backups:/app/src/backend/backups; updated explanatory comments about Elasticsearch security (comments only).
Docker Compose - default docker-compose.yml	Added volume mapping ./backups:/app/src/backend/backups; expanded security rationale comments for Elasticsearch (comments only).
CI workflow .github/workflows/continuous_deployment.yml	Deployment step now transfers and runs docker-compose.yml (removed -f docker-compose.dev.yml flags); added note about creating .env on server (comments/documentation).
VCS ignore .gitignore	Added top-level /backups/ to ignored paths in addition to existing nested ignore.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix: add docker-compose configuration, environment setup, and PostgreSQL/Grafana fixes #79 — Similar changes to CI workflow and docker-compose files (overlapping deployment and compose edits).

Poem

🐰 I hopped through files both small and wide,
I nudged the endings, made spacing neat with pride,
I told compose to share a chest of treats,
Hid backups where the root path meets,
A tiny hop for code, a rabbit's happy stride.

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.77% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating the CD pipeline to use docker-compose.yml instead of docker-compose.dev.yml in the continuous deployment workflow.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Fix all issues with AI Agents 🤖

In @.github/workflows/continuous_deployment.yml:
- Around line 117-119: The deployment workflow runs docker-compose down/pull/up
but never provides the required environment variables, causing docker-compose up
to fail when the compose file expects CONN_STR, APP_ENV, LOG_LEVEL,
SESSION_SECRET, OPENWEATHER_API_KEY, DB_USER, DB_PASSWORD, DB_NAME, ES_PASSWORD,
and GF_ADMIN_PASSWORD; fix by updating the continuous_deployment.yml steps
around the docker-compose commands to either scp the production .env file to the
server before running docker-compose (or echo/create the .env with secure
secrets from a vault/secret store) or add a documented manual pre-step ensuring
the .env is present and populated on the server prior to executing the
docker-compose down/pull/up sequence.

In @docker-compose.yml:
- Line 11: The deployment fails because docker-compose bind-mounts ./backups
(from docker-compose.yml) but the workflow doesn't create that host directory;
update the deployment workflow (.github/workflows/continuous_deployment.yml) to
create the backups directory before running docker-compose up by adding a
step/command to run mkdir -p ~/GoSearch/backups in the deployment step (before
the docker-compose up command) so the host path for ./backups exists.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

docker-compose.yml (1)

60-62: CRITICAL: Elasticsearch security disabled in production configuration.

This compose file is now used for production deployment (per PR #80), but Elasticsearch security is explicitly disabled. The comment states "Security disabled for development/testing only" and warns "In production, enable X-Pack security with proper TLS and authentication."

Running Elasticsearch without authentication or TLS in production exposes your search indices and data to unauthorized access.

🔎 Recommended fix to enable Elasticsearch security

-      # WARNING: Security disabled for development/testing only
-      # In production, enable X-Pack security with proper TLS and authentication
-      xpack.security.enabled: "false"
-      xpack.security.http.ssl.enabled: "false"
+      # Security enabled for production
+      xpack.security.enabled: "true"
+      xpack.security.http.ssl.enabled: "false"  # Can be enabled with proper cert setup

Note: You'll also need to configure authentication credentials and update the app service to authenticate with Elasticsearch using the ELASTIC_PASSWORD.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3885499 and 1874472.

📒 Files selected for processing (4)

• .github/workflows/continuous_deployment.yml
• .gitignore
• docker-compose.dev.yml
• docker-compose.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: owasp-zap
• GitHub Check: Lint
• GitHub Check: build
• GitHub Check: build
• GitHub Check: owasp-zap
• GitHub Check: Lint

🔇 Additional comments (3)

docker-compose.dev.yml (1)

10-10: LGTM! Backup volume mount added for development.

The backup volume mount is correctly configured to persist backup files from the container to the host.

.gitignore (1)

48-48: LGTM! Correctly ignores top-level backups directory.

The addition of /backups/ aligns with the new backup volume mount and prevents backup files from being committed.

.github/workflows/continuous_deployment.yml (1)

69-69: Correctly switched to production compose file.

The workflow now transfers docker-compose.yml instead of docker-compose.dev.yml, aligning with the PR objective.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

docker-compose.dev.yml (1)

59-76: Consider binding Elasticsearch ports to localhost in development.

The security comments are helpful in clarifying the dev vs. production posture. However, there's a discrepancy: Line 61 states Elasticsearch is "only accessible via Docker internal network," but ports 9200 and 9300 are published to the host (lines 74-76), making Elasticsearch accessible from the host machine's network.

With security disabled (xpack.security.enabled: "false") and ports published, Elasticsearch is exposed without authentication if the developer's machine is accessible from a shared or public network.

🔎 Recommended fix: Bind Elasticsearch ports to localhost

     ports:
-      - "9200:9200"
-      - "9300:9300"
+      - "127.0.0.1:9200:9200"
+      - "127.0.0.1:9300:9300"

This limits Elasticsearch access to localhost only, preventing network exposure while still allowing local development and Docker internal network communication.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1874472 and 950a737.

📒 Files selected for processing (3)

• .github/workflows/continuous_deployment.yml
• docker-compose.dev.yml
• docker-compose.yml

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/continuous_deployment.yml
• docker-compose.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build
• GitHub Check: owasp-zap
• GitHub Check: Lint
• GitHub Check: build
• GitHub Check: Lint
• GitHub Check: owasp-zap

🔇 Additional comments (1)

docker-compose.dev.yml (1)

10-10: Backup volume mount is consistent with production configuration.

The backup path ./backups:/app/src/backend/backups matches the equivalent configuration in docker-compose.yml, ensuring consistency across environments.