Moving secrets to a .env file for dockerfile

.gitignore

@@ -2,6 +2,8 @@ app/tmp/*
 *.tar.gz
 *.swp
 *.swo
+.env.prod
+.env.stg
 app/vendors/tcpdf/cache/*
 app/tests/*
 app/emails/*

deploy/deploy-prod.sh

@@ -41,7 +41,20 @@ ssh $SERVER \
     cd "$PROD_DIR"
   fi
 
-    # Create .env file for go-app if it doesn't exist
+  # Create .env.prod file for docker-compose if it doesn't exist
+  COMPOSE_ENV_PATH="/home/cmc/$PROD_DIR/.env.prod"
+  if [ ! -f "$COMPOSE_ENV_PATH" ]; then
+    echo "Creating .env.prod file for docker-compose..."
+    cat > "$COMPOSE_ENV_PATH" <<'COMPOSEENVEOF'
+# SMTP Configuration for postfix relay
+SMTP_USERNAME=sales
+SMTP_PASSWORD=S%s'mMZ})MGsg$k!5N|mPSQ>
+COMPOSEENVEOF
+  else
+    echo ".env.prod already exists, skipping creation..."
+  fi
+
+  # Create .env file for go-app if it doesn't exist
   ENV_PATH="/home/cmc/$PROD_DIR/go-app/.env"
   echo "(Re)creating .env file for go-app..."
   cat > "$ENV_PATH" <<'ENVEOF'

docker-compose.prod.yml

@@ -3,14 +3,16 @@ services:
     image: boky/postfix
     restart: unless-stopped
     container_name: cmc-prod-postfix
+    env_file:
+      - .env.prod
     # Production: relay to Gmail SMTP
     environment:
       - ALLOWED_SENDER_DOMAINS=cmctechnologies.com.au
       # Gmail SMTP relay settings
       - RELAYHOST=smtp-relay.gmail.com
       - RELAYHOST_PORT=587
-      - SMTP_USERNAME=sales
-      - SMTP_PASSWORD="S%s'mMZ})MGsg$k!5N|mPSQ>"
+      - SMTP_USERNAME=${SMTP_USERNAME}
+      - SMTP_PASSWORD=${SMTP_PASSWORD}
       - SMTP_TLS_SECURITY_LEVEL=encrypt
       - SMTP_USE_TLS=yes
       - SMTP_USE_STARTTLS=yes