drizzle-orm v0.45.2 declares a migrator export but does not ship the
actual .js file, causing all migrations to silently fail on every deploy.
This was the root cause of the missing "documents" table (AIIA-62).
The new script reads the drizzle journal and executes SQL files directly
via pg, with its own tracking table for idempotent re-runs.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The "Netzwerkfehler beim Speichern des Schlüssels" was caused by two issues:
1. ENCRYPTION_KEY env var was not passed to the Docker container, so
AES-256-GCM encrypt() threw at runtime on every POST/PATCH.
2. The 0003_tenant_api_keys migration was not in the drizzle journal
and no migration runner existed in the Docker image.
Changes:
- docker-compose.yml: pass ENCRYPTION_KEY to app container
- .env.example: document ENCRYPTION_KEY with generation command
- .gitignore: allow .env.example to be tracked
- Dockerfile: include drizzle/ migrations and entrypoint script
- entrypoint.sh: run migrations before starting the app
- migrate.mjs: runtime migration script using drizzle-orm migrator
- drizzle journal: register 0003_tenant_api_keys migration
Co-Authored-By: Paperclip <noreply@paperclip.ing>
