chore: Add additional config options to match the helm chart features

.github/workflows/check-compose-sync.yml

@@ -2,6 +2,8 @@ name: Check Compose Files Sync
 
 on:
   push:
+    branches:
+      - main
     paths:
       - 'on-prem/templates/**'
       - 'on-prem/scripts/generate-compose.sh'

.github/workflows/validate-compose.yml

@@ -0,0 +1,117 @@
+name: Validate Docker Compose Files
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'on-prem/docker-compose.full.yml'
+      - 'on-prem/docker-compose.database.yml'
+      - 'on-prem/docker-compose.cache.yml'
+  pull_request:
+    paths:
+      - 'on-prem/docker-compose.full.yml'
+      - 'on-prem/docker-compose.database.yml'
+      - 'on-prem/docker-compose.cache.yml'
+
+jobs:
+  validate-docker:
+    name: Validate with Docker (Ubuntu)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Print versions
+        run: |
+          docker --version
+          docker compose version
+
+      - name: Create minimal .env for validation
+        working-directory: on-prem
+        run: |
+          cat > .env << 'EOF'
+          # Minimal env file for docker compose config validation
+          CLICKHOUSE_CURRENTS_PASSWORD=placeholder
+          TRAEFIK_DOMAIN=example.com
+          EOF
+
+      - name: Validate docker-compose.full.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.full.yml..."
+          docker compose -f docker-compose.full.yml config --quiet
+          echo "✅ docker-compose.full.yml is valid"
+
+      - name: Validate docker-compose.database.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.database.yml..."
+          docker compose -f docker-compose.database.yml config --quiet
+          echo "✅ docker-compose.database.yml is valid"
+
+      - name: Validate docker-compose.cache.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.cache.yml..."
+          docker compose -f docker-compose.cache.yml config --quiet
+          echo "✅ docker-compose.cache.yml is valid"
+
+  validate-podman:
+    name: Validate with Podman (AlmaLinux 8)
+    runs-on: ubuntu-latest
+    container:
+      image: almalinux:8
+      options: --privileged
+    steps:
+      - name: Install dependencies
+        run: |
+          dnf install -y podman git curl
+          # Download pre-built docker-compose binary (avoids pip compilation issues)
+          curl -L "https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64" -o /usr/local/bin/docker-compose
+          chmod +x /usr/local/bin/docker-compose
+
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Print versions
+        run: |
+          podman --version
+          docker-compose --version
+
+      - name: Create minimal .env for validation
+        working-directory: on-prem
+        run: |
+          cat > .env << 'EOF'
+          # Minimal env file for podman compose config validation
+          CLICKHOUSE_CURRENTS_PASSWORD=placeholder
+          TRAEFIK_DOMAIN=example.com
+          EOF
+
+      - name: Validate docker-compose.full.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.full.yml with podman compose..."
+          # Start Podman socket and run compose with DOCKER_HOST pointing to it
+          podman system service --time=0 unix:///tmp/podman.sock &
+          sleep 1
+          DOCKER_HOST=unix:///tmp/podman.sock podman compose -f docker-compose.full.yml config --quiet
+          echo "✅ docker-compose.full.yml is valid"
+
+      - name: Validate docker-compose.database.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.database.yml with podman compose..."
+          podman system service --time=0 unix:///tmp/podman.sock &
+          sleep 1
+          DOCKER_HOST=unix:///tmp/podman.sock podman compose -f docker-compose.database.yml config --quiet
+          echo "✅ docker-compose.database.yml is valid"
+
+      - name: Validate docker-compose.cache.yml
+        working-directory: on-prem
+        run: |
+          echo "Validating docker-compose.cache.yml with podman compose..."
+          podman system service --time=0 unix:///tmp/podman.sock &
+          sleep 1
+          DOCKER_HOST=unix:///tmp/podman.sock podman compose -f docker-compose.cache.yml config --quiet
+          echo "✅ docker-compose.cache.yml is valid"

AGENTS.md

@@ -26,6 +26,16 @@
   image: ${DC_MONGODB_IMAGE:-mongo:8.2.3}
   ```
 
+### Environment Variables
+
+- **Use key-value format** instead of array format for `environment:` sections - makes files more extensible and easier to merge:
+  ```yaml
+  environment:
+    KEY: value
+    ANOTHER_KEY: ${VAR}
+  ```
+  Not: `environment: - KEY=value` (array format)
+
 ### Initialization
 
 - Use `command` instead of `entrypoint` when you want to keep the default Docker entrypoint behavior
@@ -58,3 +68,18 @@
 - `generate-compose.sh` merges templates into final compose files
 - `setup.sh` generates secrets using `generate-secrets.sh`
 - `.env.example` documents all configurable variables
+
+
+## Environment Variables Reference
+
+When adding new environment variables, ensure they're documented in `.env.example`. Key variables that should be present:
+
+- **Authentication**: `JWT_SECRET`, `JWT_SECRET_EXPIRY`, `API_SECRET` (internal service-to-service auth)
+- **ClickHouse**: `CLICKHOUSE_CURRENTS_PASSWORD`, `CLICKHOUSE_ACCESS_TOKEN` (optional token-based auth)
+- **Object Storage**: `FILE_STORAGE_REGION` (required for AWS S3, optional for local/MinIO)
+- **Initial Setup**: `ON_PREM_EMAIL` (root admin user email)
+
+## CI/CD
+
+- GitHub workflows validate compose files using `docker compose config` and `podman compose config`
+- Validation runs on both Ubuntu (Docker) and AlmaLinux 8 (Podman) to ensure compatibility