public/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-12-07 19:53:59 +09:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

feat: Add DB_SSL_MODE environment variable for Postgres sslmode (#18025)
Some checks failed
CodeQL / Analyze (javascript) (push) Waiting to run
Details
CodeQL / Analyze (python) (push) Waiting to run
Details
Docker / pre-job (push) Waiting to run
Details
Docker / Re-Tag ML () (push) Blocked by required conditions
Details
Docker / Re-Tag ML (-armnn) (push) Blocked by required conditions
Details
Docker / Re-Tag ML (-cuda) (push) Blocked by required conditions
Details
Docker / Re-Tag ML (-openvino) (push) Blocked by required conditions
Details
Docker / Re-Tag ML (-rknn) (push) Blocked by required conditions
Details
Docker / Re-Tag ML (-rocm) (push) Blocked by required conditions
Details
Docker / Re-Tag Server () (push) Blocked by required conditions
Details
Docker / Build and Push ML (armnn, linux/arm64, ubuntu-24.04-arm, -armnn) (push) Blocked by required conditions
Details
Docker / Build and Push ML (cpu, linux/amd64, ubuntu-latest) (push) Blocked by required conditions
Details
Docker / Build and Push ML (cpu, linux/arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
Details
Docker / Build and Push ML (cuda, linux/amd64, ubuntu-latest, -cuda) (push) Blocked by required conditions
Details
Docker / Build and Push ML (openvino, linux/amd64, ubuntu-latest, -openvino) (push) Blocked by required conditions
Details
Docker / Build and Push ML (rknn, linux/arm64, ubuntu-24.04-arm, -rknn) (push) Blocked by required conditions
Details
Docker / Build and Push ML (rocm, linux/amd64, mich, -rocm) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (armnn, -armnn) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (cpu) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (cuda, -cuda) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (openvino, -openvino) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (rknn, -rknn) (push) Blocked by required conditions
Details
Docker / Merge & Push ML (rocm, -rocm) (push) Blocked by required conditions
Details
Docker / Build and Push Server (linux/amd64, ubuntu-latest) (push) Blocked by required conditions
Details
Docker / Build and Push Server (linux/arm64, ubuntu-24.04-arm) (push) Blocked by required conditions
Details
Docker / Merge & Push Server (push) Blocked by required conditions
Details
Docker / Docker Build & Push Server Success (push) Blocked by required conditions
Details
Docker / Docker Build & Push ML Success (push) Blocked by required conditions
Details
Docs build / pre-job (push) Waiting to run
Details
Docs build / Docs Build (push) Blocked by required conditions
Details
Static Code Analysis / pre-job (push) Waiting to run
Details
Static Code Analysis / Run Dart Code Analysis (push) Blocked by required conditions
Details
Static Code Analysis / zizmor (push) Waiting to run
Details
Test / pre-job (push) Waiting to run
Details
Test / Test & Lint Server (push) Blocked by required conditions
Details
Test / Unit Test CLI (push) Blocked by required conditions
Details
Test / Unit Test CLI (Windows) (push) Blocked by required conditions
Details
Test / Lint Web (push) Blocked by required conditions
Details
Test / Test Web (push) Blocked by required conditions
Details
Test / End-to-End Lint (push) Blocked by required conditions
Details
Test / Medium Tests (Server) (push) Blocked by required conditions
Details
Test / End-to-End Tests (Server & CLI) (mich) (push) Blocked by required conditions
Details
Test / End-to-End Tests (Server & CLI) (ubuntu-24.04-arm) (push) Blocked by required conditions
Details
Test / End-to-End Tests (Web) (mich) (push) Blocked by required conditions
Details
Test / End-to-End Tests (Web) (ubuntu-24.04-arm) (push) Blocked by required conditions
Details
Test / End-to-End Tests Success (push) Blocked by required conditions
Details
Test / Unit Test Mobile (push) Blocked by required conditions
Details
Test / Unit Test ML (push) Blocked by required conditions
Details
Test / .github Files Formatting (push) Blocked by required conditions
Details
Test / ShellCheck (push) Waiting to run
Details
Test / OpenAPI Clients (push) Waiting to run
Details
Test / TypeORM Checks (push) Waiting to run
Details
CLI Build / CLI Publish (push) Has been cancelled
Details
CLI Build / Docker (push) Has been cancelled
Details

Browse Source 
* feat: Add DB_SSL_MODE environment variable for Postgres sslmode

* chore: clean up

---------

Co-authored-by: Jason Rasmussen <jason@rasm.me>
This commit is contained in:
David Cruz
2025-05-06 07:25:37 -06:00
committed by GitHub
parent ece977d9ca
commit 7072e48cbe
7 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/docs/install/environment-variables.md
View File

@@ -80,6 +80,7 @@ Information on the current workers can be found [here](/docs/administration/jobs
| `DB_USERNAME` | Database user | `postgres` | server, database<sup>\*1</sup> | | `DB_USERNAME` | Database user | `postgres` | server, database<sup>\*1</sup> |
| `DB_PASSWORD` | Database password | `postgres` | server, database<sup>\*1</sup> | | `DB_PASSWORD` | Database password | `postgres` | server, database<sup>\*1</sup> |
| `DB_DATABASE_NAME` | Database name | `immich` | server, database<sup>\*1</sup> | | `DB_DATABASE_NAME` | Database name | `immich` | server, database<sup>\*1</sup> |
| `DB_SSL_MODE` | Database SSL mode | | server |
| `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`pgvector`, `pgvecto.rs`]) | `pgvecto.rs` | server | | `DB_VECTOR_EXTENSION`<sup>\*2</sup> | Database vector extension (one of [`pgvector`, `pgvecto.rs`]) | `pgvecto.rs` | server |
| `DB_SKIP_MIGRATIONS` | Whether to skip running migrations on startup (one of [`true`, `false`]) | `false` | server | | `DB_SKIP_MIGRATIONS` | Whether to skip running migrations on startup (one of [`true`, `false`]) | `false` | server |

6
server/src/dtos/env.dto.ts
View File

@@ -1,6 +1,6 @@
import { Transform, Type } from 'class-transformer'; import { Transform, Type } from 'class-transformer';
import { IsEnum, IsInt, IsString } from 'class-validator'; import { IsEnum, IsInt, IsString } from 'class-validator';
import { ImmichEnvironment, LogLevel } from 'src/enum'; import { DatabaseSslMode, ImmichEnvironment, LogLevel } from 'src/enum';
import { IsIPRange, Optional, ValidateBoolean } from 'src/validation'; import { IsIPRange, Optional, ValidateBoolean } from 'src/validation';
export class EnvDto { export class EnvDto {
@@ -142,6 +142,10 @@ export class EnvDto {
@ValidateBoolean({ optional: true }) @ValidateBoolean({ optional: true })
DB_SKIP_MIGRATIONS?: boolean; DB_SKIP_MIGRATIONS?: boolean;
@IsEnum(DatabaseSslMode)
@Optional()
DB_SSL_MODE?: DatabaseSslMode;
@IsString() @IsString()
@Optional() @Optional()
DB_URL?: string; DB_URL?: string;

8
server/src/enum.ts
View File

@@ -610,3 +610,11 @@ export enum OAuthTokenEndpointAuthMethod {
CLIENT_SECRET_POST = 'client_secret_post', CLIENT_SECRET_POST = 'client_secret_post',
CLIENT_SECRET_BASIC = 'client_secret_basic', CLIENT_SECRET_BASIC = 'client_secret_basic',
} }
export enum DatabaseSslMode {
Disable = 'disable',
Allow = 'allow',
Prefer = 'prefer',
Require = 'require',
VerifyFull = 'verify-full',
}

12
server/src/repositories/config.repository.spec.ts
View File

@@ -23,6 +23,7 @@ const resetEnv = () => {
'DB_USERNAME', 'DB_USERNAME',
'DB_PASSWORD', 'DB_PASSWORD',
'DB_DATABASE_NAME', 'DB_DATABASE_NAME',
'DB_SSL_MODE',
'DB_SKIP_MIGRATIONS', 'DB_SKIP_MIGRATIONS',
'DB_VECTOR_EXTENSION', 'DB_VECTOR_EXTENSION',
@@ -92,6 +93,17 @@ describe('getEnv', () => {
}); });
}); });
it('should validate DB_SSL_MODE', () => {
process.env.DB_SSL_MODE = 'invalid';
expect(() => getEnv()).toThrowError('Invalid environment variables: DB_SSL_MODE');
});
it('should accept a valid DB_SSL_MODE', () => {
process.env.DB_SSL_MODE = 'prefer';
const { database } = getEnv();
expect(database.config).toMatchObject(expect.objectContaining({ ssl: 'prefer' }));
});
it('should allow skipping migrations', () => { it('should allow skipping migrations', () => {
process.env.DB_SKIP_MIGRATIONS = 'true'; process.env.DB_SKIP_MIGRATIONS = 'true';
const { database } = getEnv(); const { database } = getEnv();

1
server/src/repositories/config.repository.ts
View File

@@ -193,6 +193,7 @@ const getEnv = (): EnvData => {
username: dto.DB_USERNAME || 'postgres', username: dto.DB_USERNAME || 'postgres',
password: dto.DB_PASSWORD || 'postgres', password: dto.DB_PASSWORD || 'postgres',
database: dto.DB_DATABASE_NAME || 'immich', database: dto.DB_DATABASE_NAME || 'immich',
ssl: dto.DB_SSL_MODE || undefined,
}; };
return { return {

2
server/src/types.ts
View File

@@ -2,6 +2,7 @@ import { SystemConfig } from 'src/config';
import { import {
AssetType, AssetType,
DatabaseExtension, DatabaseExtension,
DatabaseSslMode,
ExifOrientation, ExifOrientation,
ImageFormat, ImageFormat,
JobName, JobName,
@@ -380,6 +381,7 @@ export type DatabaseConnectionParts = {
username: string; username: string;
password: string; password: string;
database: string; database: string;
ssl?: DatabaseSslMode;
}; };
export type DatabaseConnectionParams = DatabaseConnectionURL | DatabaseConnectionParts; export type DatabaseConnectionParams = DatabaseConnectionURL | DatabaseConnectionParts;

4
server/src/utils/database.ts
View File

@@ -17,7 +17,7 @@ import { parse } from 'pg-connection-string';
import postgres, { Notice } from 'postgres'; import postgres, { Notice } from 'postgres';
import { columns, Exif, Person } from 'src/database'; import { columns, Exif, Person } from 'src/database';
import { DB } from 'src/db'; import { DB } from 'src/db';
import { AssetFileType, DatabaseExtension } from 'src/enum'; import { AssetFileType, DatabaseExtension, DatabaseSslMode } from 'src/enum';
import { TimeBucketSize } from 'src/repositories/asset.repository'; import { TimeBucketSize } from 'src/repositories/asset.repository';
import { AssetSearchBuilderOptions } from 'src/repositories/search.repository'; import { AssetSearchBuilderOptions } from 'src/repositories/search.repository';
import { DatabaseConnectionParams, VectorExtension } from 'src/types'; import { DatabaseConnectionParams, VectorExtension } from 'src/types';
@@ -35,7 +35,7 @@ export const asPostgresConnectionConfig = (params: DatabaseConnectionParams) =>
username: params.username, username: params.username,
password: params.password, password: params.password,
database: params.database, database: params.database,
ssl: undefined, ssl: params.ssl === DatabaseSslMode.Disable ? false : params.ssl,
}; };
} }