Frontend: replace baked-in URL hack with runtime config injection #63
Description
Problem
The frontend container currently uses a Python entrypoint that regex-replaces hardcoded default URLs baked into the JS bundle at build time (frontend-entrypoint.py). This is fragile and blocks:
- Helm/k8s deployment (Helm charts + MicroK8s deployment path #62): ConfigMaps and Secrets inject env vars into the container environment — they cannot reach into baked JS strings.
- .NET Aspire integration: Aspire's service discovery injects service URLs at orchestration time via env vars — same problem.
- Our own frontend build: We need our own image anyway (HoldFast branding, remove Highlight.io references). The upstream image + patch is explicitly a temporary workaround.
Solution
Implement a proper runtime config injection pattern:
- Build the frontend with placeholder/empty values for all service URLs
- Add a lightweight entrypoint script (bash or Node) that generates
/build/env.jsat container startup from actual env vars index.htmlloadsenv.jsbefore the bundle — setswindow.__env__- App code reads
window.__env__.REACT_APP_PRIVATE_GRAPH_URI(falling back toimport.meta.envfor local dev)
This makes the frontend a proper 12-factor app — all configuration via env vars, no runtime string replacement.
Scope
- Update
src/frontendto read fromwindow.__env__withimport.meta.envfallback - New
infra/docker/frontend-holdfast.Dockerfilethat builds from source - Replace
frontend-entrypoint.pywith a clean bash entrypoint that writesenv.js - Update
compose.hobby-dotnet.ymlto build from source - HoldFast branding pass (remove Highlight.io references from UI)
Dependencies
- Blocks Helm charts + MicroK8s deployment path #62 (Helm/k8s) — frontend image must be env-var-clean before Helm charts are written
- Current upstream image + patch is acceptable only until this is done