[PR #753] Update Langflow docker-compose.yml #7978

Open
opened 2026-05-21 23:27:56 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Dokploy/templates/pull/753
Author: @omarherri
Created: 3/26/2026
Status: 🔄 Open

Base: canaryHead: patch-1


📝 Commits (1)

  • bf8c13b Update docker-compose.yml

📊 Changes

1 file changed (+26 additions, -13 deletions)

View changed files

📝 blueprints/langflow/docker-compose.yml (+26 -13)

📄 Description

What is this PR about?

New PR of langflow

Checklist

Before submitting this PR, please make sure that:

Close automatically the related issues using the keywords: closes #ISSUE_NUMBER

Screenshots or Videos

Greptile Summary

This PR updates the Langflow blueprint's docker-compose.yml with several improvements — adding healthchecks for Postgres, better environment variable configuration, and cleaner volume naming — but introduces a number of violations of the repository's AGENTS.md conventions that must be fixed before merging.

Key issues found:

  • P0 – Hardcoded secret key: LANGFLOW_SECRET_KEY is set to a static value committed in a public repo. Every deployment shares the same cryptographic secret; it must be replaced with the ${base64:32} Dokploy helper.
  • P1 – Hardcoded superuser password: LANGFLOW_SUPERUSER_PASSWORD uses a plain-text default that will be used as-is unless users manually intervene. Should use the ${password:16} helper via the template variable system.
  • P1 – Missing version: "3.8": AGENTS.md mandates this declaration; it was removed entirely.
  • P1 – ports instead of expose: AGENTS.md explicitly forbids ports in compose files; expose must be used instead.
  • P1 – Unpinned latest image: Pinning to a specific version is required to ensure reproducible and supply-chain-safe deployments.
  • P2 – pull_policy: always: Combined with latest, this causes silent uncontrolled upgrades on every container restart.

Confidence Score: 1/5

Not safe to merge — contains a publicly exposed cryptographic secret and multiple AGENTS.md convention violations.

The hardcoded LANGFLOW_SECRET_KEY committed to a public repository is a P0 security issue that alone blocks merging. On top of that, there are four P1 violations of mandatory AGENTS.md conventions (missing version, ports vs expose, unpinned image, hardcoded password). All of these need to be resolved before the template is suitable for public use.

blueprints/langflow/docker-compose.yml requires significant rework; blueprints/langflow/template.toml also needs updating to expose the new credentials as auto-generated variables.

Important Files Changed

Filename Overview
blueprints/langflow/docker-compose.yml Updated Langflow compose with healthchecks and richer env config, but introduces a publicly committed secret key, hardcoded credentials, removed mandatory version declaration, uses ports instead of expose, and pins to the latest tag — all violating AGENTS.md conventions.

Reviews (1): Last reviewed commit: "Update docker-compose.yml" | Re-trigger Greptile

Greptile also left 6 inline comments on this PR.

(2/5) Greptile learns from your feedback when you react with thumbs up/down!

Context used:

  • Context used - AGENTS.md (source)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Dokploy/templates/pull/753 **Author:** [@omarherri](https://github.com/omarherri) **Created:** 3/26/2026 **Status:** 🔄 Open **Base:** `canary` ← **Head:** `patch-1` --- ### 📝 Commits (1) - [`bf8c13b`](https://github.com/Dokploy/templates/commit/bf8c13b23a5fd2a9ef66c2827643c70a1a99bf00) Update docker-compose.yml ### 📊 Changes **1 file changed** (+26 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `blueprints/langflow/docker-compose.yml` (+26 -13) </details> ### 📄 Description ## What is this PR about? New PR of langflow ## Checklist Before submitting this PR, please make sure that: - [ yes] I have read the suggestions in the README.md file https://github.com/Dokploy/templates?tab=readme-ov-file#general-requirements-when-creating-a-template - [ yes] I have tested the template in my instance, so the maintainers don't spend time trying to figure out what's wrong. - [ yes] I have added tests that demonstrate that my correction works or that my new feature works. ## Issues related (if applicable) Close automatically the related issues using the keywords: `closes #ISSUE_NUMBER` ## Screenshots or Videos <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR updates the Langflow blueprint's `docker-compose.yml` with several improvements — adding healthchecks for Postgres, better environment variable configuration, and cleaner volume naming — but introduces a number of violations of the repository's AGENTS.md conventions that must be fixed before merging. Key issues found: - **P0 – Hardcoded secret key**: `LANGFLOW_SECRET_KEY` is set to a static value committed in a public repo. Every deployment shares the same cryptographic secret; it must be replaced with the `${base64:32}` Dokploy helper. - **P1 – Hardcoded superuser password**: `LANGFLOW_SUPERUSER_PASSWORD` uses a plain-text default that will be used as-is unless users manually intervene. Should use the `${password:16}` helper via the template variable system. - **P1 – Missing `version: "3.8"`**: AGENTS.md mandates this declaration; it was removed entirely. - **P1 – `ports` instead of `expose`**: AGENTS.md explicitly forbids `ports` in compose files; `expose` must be used instead. - **P1 – Unpinned `latest` image**: Pinning to a specific version is required to ensure reproducible and supply-chain-safe deployments. - **P2 – `pull_policy: always`**: Combined with `latest`, this causes silent uncontrolled upgrades on every container restart. <h3>Confidence Score: 1/5</h3> Not safe to merge — contains a publicly exposed cryptographic secret and multiple AGENTS.md convention violations. The hardcoded LANGFLOW_SECRET_KEY committed to a public repository is a P0 security issue that alone blocks merging. On top of that, there are four P1 violations of mandatory AGENTS.md conventions (missing version, ports vs expose, unpinned image, hardcoded password). All of these need to be resolved before the template is suitable for public use. blueprints/langflow/docker-compose.yml requires significant rework; blueprints/langflow/template.toml also needs updating to expose the new credentials as auto-generated variables. <details><summary><h3>Important Files Changed</h3></summary> | Filename | Overview | |----------|----------| | blueprints/langflow/docker-compose.yml | Updated Langflow compose with healthchecks and richer env config, but introduces a publicly committed secret key, hardcoded credentials, removed mandatory version declaration, uses `ports` instead of `expose`, and pins to the `latest` tag — all violating AGENTS.md conventions. | </details> </details> <sub>Reviews (1): Last reviewed commit: ["Update docker-compose.yml"](https://github.com/dokploy/templates/commit/bf8c13b23a5fd2a9ef66c2827643c70a1a99bf00) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=26425858)</sub> > Greptile also left **6 inline comments** on this PR. <sub>(2/5) Greptile learns from your feedback when you react with thumbs up/down!</sub> **Context used:** - Context used - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=09330bde-2058-497c-9c64-ceae637fb5b2)) <!-- /greptile_comment --> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-21 23:27:56 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/templates#7978