Add post-create support for env key in app.json

[josegonzalez]

The app.json manifest has a way to specify environment variables on start. We should support this.

• Support for the secret generator: https://devcenter.heroku.com/articles/app-json-schema#env
• Support for static values
• If a TTY is available, ask the user for a value for the ones with no defaults
  • If no TTY is available, the secret is required, and has no current value, bail the deploy.
• Skips setting if the pre-deploy hook has already run
• Fix case where deployed apps might re-run this hook section if they haven't been deployed on the latest Dokku
• Add a new property that allows setting the value in all deploys, not just after first create

Refs #2269

[josegonzalez]

Since the formation key will update on every deploy, should this also run on every deploy? That will also differ from heroku, but I think that's fine?

[josegonzalez]

Thinking about this more, while it would be nice, since the secrets aren't actually secrets, this will expose folks to doing not secure things (like putting credentials in plaintext). Going to close for now, but if folks want this, maybe I can be dissuaded.

[alexgleason]

Just ran into this, can't deploy from scratch cuz of missing env:

    "OTP_SECRET": {
      "description": "One-time password secret",
      "generator": "secret"
    },

I think it's a good idea since it reduces friction and just makes things easier.

[josegonzalez]

How would this work? Would it only apply for the first deploy? Should we support bare values as well? I'm concerned this will lead to folks exposing unencrypted credentials in repositories because it is easier to setup on first pass, which is just bad practice.

[alexgleason]

Yeah, just the first deploy. This is what I'm pushing: https://github.com/mastodon/mastodon/blob/main/app.json

I'd say yes to bare values cuz of this:

    "HEROKU": {
      "description": "Leave this as true",
      "value": "true",
      "required": true
    },

People check secrets into git repos all the time even though they shouldn't. It's widely known to be bad practice, so that's on them. I don't think adding this this encourages it more than anything else. It's also a problem with .env files, CI scripts, etc.

[josegonzalez]

Just because they can doesn't mean we should allow it as well :D

Is this something you'd be interested in working on or sponsoring?

[alexgleason]

I'm sponsoring as @soapbox-pub

Just upped it to $50 🙂

[josegonzalez]

What should we do when there is a required key but there is no default value?

[josegonzalez]

As an example, your app above has LOCAL_DOMAIN which is required but has no value or generator. Heroku gets around this because they do a cute modal that allows folks to fill in the required env vars. Dokku Pro could do something similar since it has a web ui, but that doesn't help the folks using the OSS product (though now I have a new idea for Dokku Pro).

[alexgleason]

Probably nothing, the app should crash on its own if it's really required. Displaying a warning is a nice-to-have.

I think it would be annoying to block the deployment outright, especially for apps that maybe used to work before.

[josegonzalez]

Seems reasonable, and something we can probably do for the next minor.