fix: remove unnecessary env_file entries and correct OPENAI_API_KEY format

.gitea/workflows/build.yml

@@ -27,13 +27,8 @@ jobs:
         run: echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login docker.io -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
 
       - name: Build all-in-one image
-        run: docker build -t condado-newsletter:latest -f Dockerfile.allinone .
+        run: docker build -t sancho41/condado-newsletter:latest -f Dockerfile.allinone .
-
+        
-      - name: Tag
-        run: |
-          docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:latest
-          docker tag condado-newsletter:latest ${REGISTRY}/${IMAGE_NAME}:${{ github.sha }}
-
       - name: Deploy stack via Portainer API
         env:
           STACK_NAME: codado-newsletter-stack

Dockerfile.allinone

@@ -29,14 +29,10 @@ ENV DEBIAN_FRONTEND=noninteractive
 
 RUN apt-get update && apt-get install -y \
     nginx \
-    postgresql \
     supervisor \
     openjdk-21-jre-headless \
     && rm -rf /var/lib/apt/lists/*
 
-# PostgreSQL data directory
-RUN mkdir -p /var/lib/postgresql/data && chown -R postgres:postgres /var/lib/postgresql
-
 # Copy frontend static files
 COPY --from=frontend-build /app/frontend/dist /usr/share/nginx/html
 

backend/src/main/kotlin/com/condado/newsletter/service/JwtService.kt

@@ -14,8 +14,10 @@ import java.util.Date
 @Service
 class JwtService(
     @Value("\${app.jwt.secret}") val secret: String,
-    @Value("\${app.jwt.expiration-ms}") val expirationMs: Long
+    @Value("\${app.jwt.expiration-ms:86400000}") expirationMsRaw: String
 ) {
+    private val expirationMs: Long = expirationMsRaw.toLongOrNull() ?: 86400000L
+
     private val signingKey by lazy {
         Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8))
     }

backend/src/main/resources/application.yml

@@ -10,7 +10,7 @@ spring:
 
   jpa:
     hibernate:
-      ddl-auto: validate
+      ddl-auto: ${SPRING_JPA_HIBERNATE_DDL_AUTO:validate}
     show-sql: false
     properties:
       hibernate:

backend/src/test/kotlin/com/condado/newsletter/service/AuthServiceTest.kt

@@ -40,7 +40,7 @@ class AuthServiceTest {
     fun should_returnValidClaims_when_jwtTokenParsed() {
         val realJwtService = JwtService(
             secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
-            expirationMs = 86400000L
+            expirationMsRaw = "86400000"
         )
         val token = realJwtService.generateToken()
 
@@ -51,7 +51,7 @@ class AuthServiceTest {
     fun should_returnFalse_when_expiredTokenValidated() {
         val realJwtService = JwtService(
             secret = "test-secret-key-for-testing-only-must-be-at-least-32-characters",
-            expirationMs = 1L
+            expirationMsRaw = "1"
         )
         val token = realJwtService.generateToken()
 

backend/src/test/kotlin/com/condado/newsletter/service/JwtServiceTest.kt

@@ -0,0 +1,26 @@
+package com.condado.newsletter.service
+
+import io.jsonwebtoken.Jwts
+import io.jsonwebtoken.security.Keys
+import org.junit.jupiter.api.Assertions.assertTrue
+import org.junit.jupiter.api.Test
+
+class JwtServiceTest {
+
+    private val secret = "12345678901234567890123456789012"
+
+    @Test
+    fun should_generate_token_when_expiration_is_empty() {
+        val jwtService = JwtService(secret, "")
+
+        val token = jwtService.generateToken()
+
+        val claims = Jwts.parser()
+            .verifyWith(Keys.hmacShaKeyFor(secret.toByteArray(Charsets.UTF_8)))
+            .build()
+            .parseSignedClaims(token)
+            .payload
+
+        assertTrue(claims.expiration.after(claims.issuedAt))
+    }
+}

docker-compose.prod.yml

@@ -1,15 +1,41 @@
 services:
+  condado-newsletter-postgres:
+    image: postgres:16
+    container_name: condado-newsletter-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: ${APP_DB_NAME:-condado}
+      POSTGRES_USER: ${POSTGRES_USER:-condado}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-condado}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    networks:
+      - default
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -h localhost -U $${POSTGRES_USER:-postgres}"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 10s
+
   condado-newsletter:
     image: sancho41/condado-newsletter:latest
     container_name: condado-newsletter
     restart: unless-stopped
+    depends_on:
+      condado-newsletter-postgres:
+        condition: service_healthy
+    networks:
+      - external
+      - default
     environment:
       SPRING_PROFILES_ACTIVE: prod
-      SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME}
+      SPRING_JPA_HIBERNATE_DDL_AUTO: ${SPRING_JPA_HIBERNATE_DDL_AUTO:-update}
-      SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD}
+      SPRING_DATASOURCE_URL: jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME:-condado}
-      APP_PASSWORD: ${APP_PASSWORD}
+      SPRING_DATASOURCE_USERNAME: ${SPRING_DATASOURCE_USERNAME:-condado}
+      SPRING_DATASOURCE_PASSWORD: ${SPRING_DATASOURCE_PASSWORD:-condado}
       JWT_SECRET: ${JWT_SECRET}
-      JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS}
+      JWT_EXPIRATION_MS: ${JWT_EXPIRATION_MS:-86400000}
       MAIL_HOST: ${MAIL_HOST}
       MAIL_PORT: ${MAIL_PORT}
       MAIL_USERNAME: ${MAIL_USERNAME}
@@ -25,12 +51,11 @@ services:
     extra_hosts:
       - "celtinha.desktop:host-gateway"
       - "host.docker.internal:host-gateway"
-    volumes:
-      - postgres-data:/var/lib/postgresql/data
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.condado.rule=Host(`condado-newsletter.lab`)"
       - "traefik.http.services.condado.loadbalancer.server.port=80"
+      - "traefik.docker.network=traefik"
       - "homepage.group=Hyperlink"
       - "homepage.name=Condado Newsletter"
       - "homepage.description=Automated newsletter generator using AI"
@@ -42,5 +67,8 @@ volumes:
 
 networks:
   default:
+    driver: bridge
+  
+  external:
     name: traefik
     external: true

docker/entrypoint.sh

@@ -5,28 +5,29 @@ APP_DB_NAME=${APP_DB_NAME:-condado}
 APP_DB_USER=${SPRING_DATASOURCE_USERNAME:-condado}
 APP_DB_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-condado}
 
-# ── Initialise PostgreSQL data directory on first run ─────────────────────────
-if [ ! -f /var/lib/postgresql/data/PG_VERSION ]; then
-    echo "Initialising PostgreSQL data directory..."
-    su -c "/usr/lib/postgresql/16/bin/initdb -D /var/lib/postgresql/data --encoding=UTF8 --locale=C" postgres
-
-    # Start postgres temporarily to create the app database and user
-    su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w start" postgres
-
-    su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE USER ${APP_DB_USER} WITH PASSWORD '${APP_DB_PASSWORD}';\"" postgres
-    su -c "psql -v ON_ERROR_STOP=1 -c \"CREATE DATABASE ${APP_DB_NAME} OWNER ${APP_DB_USER};\"" postgres
-
-    su -c "/usr/lib/postgresql/16/bin/pg_ctl -D /var/lib/postgresql/data -w stop" postgres
-    echo "PostgreSQL initialised."
-fi
-
 # ── Ensure supervisor log directory exists ────────────────────────────────────
 mkdir -p /var/log/supervisor
 
-# ── Defaults for all-in-one local PostgreSQL ─────────────────────────────────
+# ── Defaults for external PostgreSQL service in production compose ───────────
-export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://localhost:5432/${APP_DB_NAME}}
+export SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL:-jdbc:postgresql://condado-newsletter-postgres:5432/${APP_DB_NAME}}
 export SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME:-${APP_DB_USER}}
 export SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD:-${APP_DB_PASSWORD}}
+export JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS:-86400000}
+
+# ── Log all Spring Boot environment variables for debugging ──────────────────
+echo "========================================"
+echo "Spring Boot Configuration:"
+echo "========================================"
+echo "SPRING_DATASOURCE_URL=${SPRING_DATASOURCE_URL}"
+echo "SPRING_DATASOURCE_USERNAME=${SPRING_DATASOURCE_USERNAME}"
+echo "SPRING_DATASOURCE_PASSWORD=${SPRING_DATASOURCE_PASSWORD}"
+echo "JWT_EXPIRATION_MS=${JWT_EXPIRATION_MS}"
+echo "JAVA_OPTS=${JAVA_OPTS:-not set}"
+echo "OPENAI_API_KEY=${OPENAI_API_KEY:-not set}"
+echo "========================================"
 
 # ── Start all services via supervisord ───────────────────────────────────────
+# Export unbuffered output for both Python and Java
+export PYTHONUNBUFFERED=1
+export JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding=UTF-8 -Djava.awt.headless=true"
 exec /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf

docker/supervisord.conf

@@ -1,21 +1,13 @@
 [supervisord]
 nodaemon=true
+silent=false
 logfile=/dev/stdout
 logfile_maxbytes=0
 pidfile=/var/run/supervisord.pid
-
+loglevel=info
-[program:postgres]
-command=/usr/lib/postgresql/16/bin/postgres -D /var/lib/postgresql/data
-user=postgres
-autostart=true
-autorestart=true
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
 
 [program:backend]
-command=java -jar /app/app.jar
+command=java -Dspring.output.ansi.enabled=always -Dlogging.level.root=DEBUG -jar /app/app.jar
 autostart=true
 autorestart=true
 startsecs=15