Allow assets:precompile to be run in a production build step without passing in RAILS_MASTER_KEY

[dhh]

When compiling assets in production as part of an image build step, it's inconvenient to have to pass in the real RAILS_MASTER_KEY. So allow passing in a dummy secret_key_base, just like we do in development and test, via ENV["SECRET_KEY_BASE_DUMMY"] = 1. This will not give access to any of the real credentials or message verifiers, but allow the build step to complete, since it typically does not need it anyway.

[aishek]

Passing a dummy secret_key_base was exactly the way I fix same problem:

# config/environments/production.rb

Rails.application.configure do
  # ...
  config.secret_key_base = ENV.fetch('SECRET_KEY_BASE')
  # ...
end

# Dockerfile

RUN SECRET_KEY_BASE=DummyValueToPassAssetsCompilation bundle exec rails assets:precompile

[morgoth]

@dhh This does not work when the config.require_master_key = true is set.

remote: Missing encryption key to decrypt file with. Ask your team for your master key and write it to /rails/config/master.key or put it in the ENV['RAILS_MASTER_KEY'].
remote: The command '/bin/sh -c SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile' returned a non-zero code: 1

Is the recommendation now to disable require_master_key enforcement or should SECRET_KEY_BASE_DUMMY=1 (or some other new name) maybe also take the master key into account?

[dhh]

Yeah, I don't think we want to make a liar about of that config. If you have a setup where you don't want to inject the master key during build (and use dummy key base), then you need to turn that off.