From ca015deea958efe9ab3ba367978f8ab7f74a5823 Mon Sep 17 00:00:00 2001 From: Waleed Date: Thu, 28 Aug 2025 23:00:43 -0700 Subject: [PATCH] fix(ssl): add envvar for optional ssl cert (#1179) --- .github/workflows/ci.yml | 1 + apps/sim/drizzle.config.ts | 6 ++++++ apps/sim/lib/env.ts | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dfc64829f9..626ad33244 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -74,4 +74,5 @@ jobs: working-directory: ./apps/sim env: DATABASE_URL: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_URL || secrets.STAGING_DATABASE_URL }} + DATABASE_SSL_CERT: ${{ github.ref == 'refs/heads/main' && secrets.DATABASE_SSL_CERT || '' }} run: bunx drizzle-kit migrate diff --git a/apps/sim/drizzle.config.ts b/apps/sim/drizzle.config.ts index a0088e017f..e2a9bc9d02 100644 --- a/apps/sim/drizzle.config.ts +++ b/apps/sim/drizzle.config.ts @@ -7,5 +7,11 @@ export default { dialect: 'postgresql', dbCredentials: { url: env.DATABASE_URL, + ssl: env.DATABASE_SSL_CERT + ? { + rejectUnauthorized: true, + ca: env.DATABASE_SSL_CERT, + } + : undefined, }, } satisfies Config diff --git a/apps/sim/lib/env.ts b/apps/sim/lib/env.ts index 67336a6448..d370d3a9fb 100644 --- a/apps/sim/lib/env.ts +++ b/apps/sim/lib/env.ts @@ -16,7 +16,8 @@ export const env = createEnv({ server: { // Core Database & Authentication - DATABASE_URL: z.string().url(), // Primary database connection string + DATABASE_URL: z.string().url(), // Primary database connection string (without SSL cert) + DATABASE_SSL_CERT: z.string().optional(), // SSL certificate content for database connection BETTER_AUTH_URL: z.string().url(), // Base URL for Better Auth service BETTER_AUTH_SECRET: z.string().min(32), // Secret key for Better Auth JWT signing DISABLE_REGISTRATION: z.boolean().optional(), // Flag to disable new user registration