From 36b89d7620f795f98aacbdc5e06a72b5caee5810 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Thu, 26 Mar 2026 11:11:53 +0000
Subject: [PATCH] fix: use FORGEJO_DB_PASSWORD env var in postgres init script

Replaced hardcoded 'CHANGE_ME' in the SQL init file with a shell script
that reads FORGEJO_DB_PASSWORD from the environment. Also pass the variable
into the postgres service in docker-compose.yml so it is available at init time.

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
---
 infra/docker-compose.yml           |  1 +
 infra/postgres-init/01-forgejo.sh  | 10 ++++++++++
 infra/postgres-init/01-forgejo.sql |  5 -----
 3 files changed, 11 insertions(+), 5 deletions(-)
 create mode 100755 infra/postgres-init/01-forgejo.sh
 delete mode 100644 infra/postgres-init/01-forgejo.sql

diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml
index 53c1a97..d8f5299 100644
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@@ -68,6 +68,7 @@ services:
       POSTGRES_DB: hiy
       POSTGRES_USER: hiy_admin
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      FORGEJO_DB_PASSWORD: ${FORGEJO_DB_PASSWORD}
     volumes:
       - hiy-pg-data:/var/lib/postgresql/data
       # SQL files here run once on first init (ignored if data volume already exists).
diff --git a/infra/postgres-init/01-forgejo.sh b/infra/postgres-init/01-forgejo.sh
new file mode 100755
index 0000000..b401aa6
--- /dev/null
+++ b/infra/postgres-init/01-forgejo.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# Create a dedicated database and user for Forgejo.
+# Runs once when the Postgres container is first initialised.
+# FORGEJO_DB_PASSWORD must be set in the environment (via docker-compose.yml).
+set -euo pipefail
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
+    CREATE USER forgejo WITH PASSWORD '${FORGEJO_DB_PASSWORD}';
+    CREATE DATABASE forgejo OWNER forgejo;
+EOSQL
diff --git a/infra/postgres-init/01-forgejo.sql b/infra/postgres-init/01-forgejo.sql
deleted file mode 100644
index 1031b90..0000000
--- a/infra/postgres-init/01-forgejo.sql
+++ /dev/null
@@ -1,5 +0,0 @@
--- Create a dedicated database and user for Forgejo.
--- This script runs once when the Postgres container is first initialised.
--- If the container already has data it is skipped automatically.
-CREATE USER forgejo WITH PASSWORD 'CHANGE_ME';
-CREATE DATABASE forgejo OWNER forgejo;