Default production SSO provider source to YAML to avoid boot-time schema errors (#1278)

* Initial plan * Default production SSO provider source to YAML Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> Agent-Logs-Url: https://github.com/we-promise/sure/sessions/d3a36ca8-e936-4687-a466-9b4c93c19150 --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
2026-04-06 22:11:23 +00:00 · 2026-03-25 15:08:36 +01:00
parent eb34a2f9de
commit 1527611239
3 changed files with 35 additions and 3 deletions
--- a/docs/hosting/oidc.md
+++ b/docs/hosting/oidc.md
@@ -346,6 +346,7 @@ When enabled:
 When disabled (default):
 - Providers are loaded from `config/auth.yml`
 - Changes require a server restart
+- In production, YAML is the default unless `AUTH_PROVIDERS_SOURCE=db` is explicitly set

 ### 6.2 Admin UI for SSO providers

--- a/lib/feature_flags.rb
+++ b/lib/feature_flags.rb
@@ -3,9 +3,14 @@
 module FeatureFlags
  class << self
    def db_sso_providers?
-      auth_source = ENV.fetch("AUTH_PROVIDERS_SOURCE") do
-        Rails.configuration.app_mode.self_hosted? ? "db" : "yaml"
-      end
+      auth_source = ENV["AUTH_PROVIDERS_SOURCE"]
+      return auth_source.to_s.downcase == "db" if auth_source.present?
+
+      # In production, prefer YAML by default so boot-time tasks (e.g. db:prepare)
+      # do not attempt to query SSO provider tables before migrations run.
+      return false if Rails.env.production?
+
+      auth_source = Rails.configuration.app_mode.self_hosted? ? "db" : "yaml"

      auth_source.to_s.downcase == "db"
    end
--- a/test/lib/feature_flags_test.rb
+++ b/test/lib/feature_flags_test.rb
@@ -0,0 +1,26 @@
+require "test_helper"
+
+class FeatureFlagsTest < ActiveSupport::TestCase
+  test "db_sso_providers? is true when AUTH_PROVIDERS_SOURCE is db in production" do
+    with_env_overrides("AUTH_PROVIDERS_SOURCE" => "db") do
+      Rails.stubs(:env).returns(ActiveSupport::StringInquirer.new("production"))
+      assert FeatureFlags.db_sso_providers?
+    end
+  end
+
+  test "db_sso_providers? defaults to yaml in production when AUTH_PROVIDERS_SOURCE is unset" do
+    with_env_overrides("AUTH_PROVIDERS_SOURCE" => nil) do
+      Rails.stubs(:env).returns(ActiveSupport::StringInquirer.new("production"))
+      assert_not FeatureFlags.db_sso_providers?
+    end
+  end
+
+  test "db_sso_providers? defaults to db for self hosted mode outside production" do
+    with_env_overrides("AUTH_PROVIDERS_SOURCE" => nil) do
+      Rails.stubs(:env).returns(ActiveSupport::StringInquirer.new("development"))
+      with_self_hosting do
+        assert FeatureFlags.db_sso_providers?
+      end
+    end
+  end
+end