Pass environment variables from operator to ShinyProxy Docker containers

[Copilot]

Plan: Pass Environment Variables from Operator to ShinyProxy Container

• Understand the user's requirement - pass env vars from operator environment, not spec
• Revert previous implementation that read from ShinyProxy spec
• Implement reading environment variables from operator's environment
• Use SHINYPROXY_ENV_ prefix pattern to identify variables to pass
• Strip prefix when passing to ShinyProxy container
• Add logging for passed environment variables
• Add validation for environment variable keys and values
• Create comprehensive documentation with docker-compose examples
• Update README with link to documentation
• Address code review feedback
• Add build instructions and containerized build environment
• Update build commands per user feedback

Summary

The operator now reads environment variables from its own environment (set via docker-compose) and passes them to ShinyProxy containers. Any environment variable starting with SHINYPROXY_ENV_ is passed through with the prefix stripped.

Security Features:

• Validates that variable names are not empty after stripping prefix
• Validates that values don't contain newline characters (prevents injection)
• Invalid variables are logged and skipped

Build Options:

• Docker-based build using docker-compose -f docker-compose.build.yml up
• Devbox configuration for isolated development environment
• Command: mvn clean package -DskipTests for fast builds
• Detailed instructions in BUILD.md

Example:

• Set in docker-compose: SHINYPROXY_ENV_DATABASE_PASSWORD=secret123
• Received by ShinyProxy: DATABASE_PASSWORD=secret123

This allows users to:

• Store secrets in docker-compose env files (not in plain text configs)
• Use docker-compose's env_file directive
• Keep sensitive information out of version control
• Build the project without installing Maven/JDK locally

Docker Compose Example:

services:
  shinyproxy-operator:
    image: openanalytics/shinyproxy-operator:latest
    env_file:
      - secrets.env  # Contains SHINYPROXY_ENV_* variables
    environment:
      - SPO_DOCKER_GID=999
      - SHINYPROXY_ENV_SPRING_PROFILES_ACTIVE=production

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Set environment variables for shinyproxy</issue_title>
<issue_description>In the docker usage of the operator, the operator spins up a shinyproxy container. There is currently no way to set environment variables for the shinyproxy container. Come up with a way that we can provide environment variables to the operator which are then passed on to shinyproxy.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Set environment variables for shinyproxy #3

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[jaredlander]

@copilot It looks like you made it so I can set environment variables in the shinyproxy config file, which I believe was already possible. The problem is, this requires me setting them in plain text, which is not good for sensitive information. I want to set the environment variables in the docker compose file, in the shinyproxy-operator service, that way I can use environment variables stored in a file. It also looked like you worked on the kubernetes operator. You were only supposed to focus on the docker operator.

[Copilot]

@copilot It looks like you made it so I can set environment variables in the shinyproxy config file, which I believe was already possible. The problem is, this requires me setting them in plain text, ...

You're absolutely right - I misunderstood the requirement. I've now implemented the correct solution in commit ffad729.

The operator now reads environment variables from its own environment (set via docker-compose) and passes them to ShinyProxy containers. Any environment variable starting with SHINYPROXY_ENV_ is passed through with the prefix stripped.

How to use:

In your docker-compose.yml for the shinyproxy-operator service:

services:
  shinyproxy-operator:
    image: openanalytics/shinyproxy-operator:latest
    env_file:
      - secrets.env  # Store sensitive values here
    environment:
      - SHINYPROXY_ENV_DATABASE_PASSWORD=secret123
      - SHINYPROXY_ENV_SPRING_PROFILES_ACTIVE=production

The ShinyProxy container will receive DATABASE_PASSWORD=secret123 and SPRING_PROFILES_ACTIVE=production.

I've also reverted all the Kubernetes-related changes and focused only on the Docker operator. See the full documentation in docs/environment-variables-docker.md with examples for using env files and docker-compose.

[jaredlander]

Did you build the jar and the docker image so I can test it?

[jaredlander]

@copilot Did you build the jar and the docker image so I can test it?

[Copilot]

@copilot Did you build the jar and the docker image so I can test it?

I've made the code changes in this PR, but I don't have the ability to build and publish JARs or Docker images. You have a few options to test:

1. Build locally: Run mvn -U clean install (requires JDK 21) to build the JAR at target/shinyproxy-operator-jar-with-dependencies.jar

2. Build Docker image: After building the JAR, you can create a Docker image using the project's Dockerfile if available

3. Test the code changes: You can review the implementation in commit c1f78fa - the key changes are in DockerOrchestrator.kt lines 300-326 where environment variables with the SHINYPROXY_ENV_ prefix are read from the operator's environment and passed to ShinyProxy containers

The code is ready for testing once built.

[jaredlander]

@copilot I don't have the tools (such as mvn) on my local computer. Provide me a way to build this such as a docker image with the build tools or a devbox config.

[Copilot]

@copilot I don't have the tools (such as mvn) on my local computer. Provide me a way to build this such as a docker image with the build tools or a devbox config.

I've added build configurations in commit a463380. You now have three options:

Option 1 - Docker Compose (Easiest):

docker-compose -f docker-compose.build.yml up

The JAR will be in ./target/shinyproxy-operator-jar-with-dependencies.jar

Option 2 - Dockerfile:

docker build -f Dockerfile.build -t shinyproxy-operator-builder .
docker run --rm -v "$(pwd)/target:/build/target" shinyproxy-operator-builder

Option 3 - Devbox:

curl -fsSL https://get.jetify.com/devbox | bash
devbox shell
devbox run build

See BUILD.md for complete instructions including how to create a runtime Docker image for testing.

[jaredlander]

I believe this is the build command

mvn package install -DskipTests

[jaredlander]

@copilot I believe this is the build command

mvn package install -DskipTests

[Copilot]

@copilot I believe this is the build command

...

Updated the build commands in commit 0e80039. I've changed to mvn clean package -DskipTests which is more appropriate - the package phase creates the JAR without installing to the local Maven repository, making builds faster. All build files (Dockerfile.build, BUILD.md, devbox.json) now use this command consistently.