Conversation
✅ Deploy Preview for f3-the-codex-demo ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
taterhead247
requested review from
Copilot
and removed request for
victorSauceda
There was a problem hiding this comment.
Pull request overview
Adds support for connecting to the production PostgreSQL database via a Cloud SQL Auth Proxy Unix socket, with a fallback to the existing TCP DATABASE_URL connection based on environment configuration.
Changes:
- Updated DB pool initialization to prefer Cloud SQL Unix socket configuration when enabled, otherwise use
DATABASE_URL(TCP). - Extended deployment config (
apphosting.yaml) with env vars/secrets for Unix-socket connections. - Updated
.env.examplewith Unix-socket configuration examples.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/lib/db.ts |
Adds Unix-socket connection path and improves connection initialization messaging/errors. |
apphosting.yaml |
Adds runtime env vars/secrets for Cloud SQL Unix socket connection. |
.env.example |
Documents Unix-socket-related environment variables. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@taterhead247 I've opened a new pull request, #93, to work on those changes. Once the pull request is ready, I'll request review from you. |
|
@taterhead247 I've opened a new pull request, #94, to work on those changes. Once the pull request is ready, I'll request review from you. |
|
I think I'm fine with Copilot's suggestion on #93 but not #94... As far as I can tell from the documentation, if you're using the "unix sockets" approach, you still need a password. It's the "Cloud SQL connectors" approach that leverages IAM: https://docs.cloud.google.com/sql/docs/mysql/connect-run?_gl=1*hvyc3f*_ga*MTA3OTA4NzM1NC4xNzI1NTMzMDgy*_ga_WH2QY8WWF5*czE3NzMxNzQ4NzkkbzM1NyRnMSR0MTc3MzE3NTMwOCRqNjAkbDAkaDA.#node.js_1 Confusingly, the service account of the Cloud Run instance has to have Cloud SQL Client IAM access on the db project. But again, that just gets you tunnel access to the db, not into it |
…g.yaml (#93) Just updating .env.example. Ended up not using secrets for non-secret stuff.
|
@evanpetzoldt , I cancelled 94 and merged a modified 93, which just ended up being adding a few comment lines to the example .env because I asked it to use non-secrets for non-secret stuff. I'll hit up Roma to review. Thanks! |
This reverts commit f42ccdb.
This pull request adds support for connecting to our prod PG database using a Cloud SQL Unix socket, which will enable us to protect access to the prod db (right now it's fully open to all IP addresses and is being hit with a brute force attempt). The changes allow the application to choose between connecting via a Unix socket or a traditional TCP connection based on environment variables. Additionally, relevant configuration options and documentation have been updated to reflect these changes.
Cloud SQL Unix socket support and configuration:
src/lib/db.tsto allow connecting to PostgreSQL via a Cloud SQL Unix socket ifINSTANCE_UNIX_SOCKETis set andDB_USE_UNIX_SOCKETis not"false". Falls back toDATABASE_URL(TCP) if not configured. Improved error handling and logging for both connection methods. [1] [2].env.examplewith commented examples for Cloud SQL Unix socket configuration variables (INSTANCE_UNIX_SOCKET,DATABASE_PASSWORD,DB_USE_UNIX_SOCKET).apphosting.yamlto include environment variables needed for Cloud SQL Unix socket connections (INSTANCE_UNIX_SOCKET,DB_USER,DB_PASSWORD,DB_NAME).