fix: align docker compose environment variables

[pari-28]

Summary

Fix Docker Compose configuration to align with the application's expected environment variables and startup requirements.

Changes

• Renamed JWT_ACCESS_SECRET to JWT_SECRET to match the Go configuration.
• Kept JWT_REFRESH_SECRET unchanged and updated its default value to satisfy the application's minimum secret length requirement.
• Added ENCRYPTION_KEY to the Docker Compose environment configuration.
• Added a health check for the application service using the /health endpoint.
• Continued using .env via env_file for environment variable management.
• Updated default secret values to meet the validation requirements enforced by the application configuration.

Verification

• Verified that environment variable names match those expected in internal/config/config.go.
• Confirmed ENCRYPTION_KEY is available through Docker Compose.
• Verified that OAuth and SMTP variables are already documented in .env.example.
• Confirmed the /health endpoint exists and is suitable for container health checks.
• Verified there are no remaining references to JWT_ACCESS_SECRET in the repository.

Fixes #93

Checklist

• I have read and signed the CLA by commenting I have read the CLA and agree to its terms. on this PR.
• My changes follow the project's coding style.
• I have tested my changes.

Summary by CodeRabbit

• New Features
  • Added an application health check to help monitor service availability more reliably.
• Security
  • Updated secret configuration to support more secure default placeholders for deployment.

[coderabbitai]

Warning

Review limit reached

@pari-28, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 30 minutes and 48 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits.

🚦 How do rate limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 22e7bb42-a5d0-4832-8ec4-44d31782b7d4

📥 Commits

Reviewing files that changed from the base of the PR and between ac0d53f and b3de735.

📒 Files selected for processing (2)

• Dockerfile
• docker-compose.yml

📝 Walkthrough

Walkthrough

docker-compose.yml is updated to rename JWT_ACCESS_SECRET to JWT_SECRET, retain JWT_REFRESH_SECRET, and add ENCRYPTION_KEY, all with ${VAR:-change-me-to-a-secure-...} fallbacks. A healthcheck using wget against http://localhost:8080/health is added to the app service.

Changes

Docker Compose app service updates

Layer / File(s)	Summary
Env var fixes and healthcheck docker-compose.yml	Renames JWT_ACCESS_SECRET → JWT_SECRET to match Go config expectations, keeps JWT_REFRESH_SECRET, adds ENCRYPTION_KEY with a secure-default fallback, and introduces a wget-based healthcheck on /health:8080 with interval, timeout, retries, and start-period configured.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐇 A secret was named wrong, oh what a fright,
JWT_ACCESS was changed to set things right.
ENCRYPTION_KEY hopped in with a wave,
A healthcheck now watches the app behave.
No more silent failures in the night! 🌙

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly matches the main change: aligning Docker Compose environment variables.
Description check	✅ Passed	The description follows the template and includes the checklist, summary, changes, verification, and linked issue reference.
Linked Issues check	✅ Passed	The PR satisfies the linked issue by fixing env var names, adding ENCRYPTION_KEY, keeping .env support, and configuring a health check.
Out of Scope Changes check	✅ Passed	The changes stay focused on Docker Compose configuration and do not introduce unrelated scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@docker-compose.yml`:
- Around line 26-27: The healthcheck in docker-compose relies on wget, but the
runtime image used by the app container does not include it. Update the final
Dockerfile stage used by the container to install wget, or change the
healthcheck in docker-compose to use a command already available in the image.
Refer to the healthcheck test entry and the Dockerfile runtime stage so the fix
keeps the container healthy.
- Around line 15-17: The JWT_SECRET, JWT_REFRESH_SECRET, and ENCRYPTION_KEY
entries in docker-compose.yml currently fall back to repository-known defaults,
which allows predictable credentials when .env is absent. Update the compose
configuration to require these variables without shared fallback values, and
move any sample placeholders into .env.example so users must supply real secrets
before starting production. Use the existing JWT_SECRET, JWT_REFRESH_SECRET, and
ENCRYPTION_KEY variable definitions as the place to make this change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 49241714-471e-43db-a2b8-2e52626cac70

📥 Commits

Reviewing files that changed from the base of the PR and between d61168a and ac0d53f.

📒 Files selected for processing (1)

• docker-compose.yml

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud