Fix ClickHouse migration DSN handling for HTTP URLs in the webapp entrypoint

[darshitp091]

This PR fixes the startup failure reported in issue #3674 for self-hosted Docker setups using ClickHouse over HTTP.

The bug was in entrypoint.sh, where the ClickHouse migration DSN was being built with secure=true appended unconditionally unless the URL already contained a secure parameter. That caused Goose to reject valid http:// ClickHouse URLs with an error like: clickhouse [dsn parse]: http with TLS specify

As a result, the webapp container failed during startup and entered a restart loop.

This change makes the DSN construction scheme-aware:

It strips any existing secure query parameter.
It only adds secure=true when the ClickHouse URL uses https://.
For http:// URLs, it leaves the URL unmodified so Goose can parse it correctly.
In short, the fix removes the mismatch between the URL scheme and the forced TLS flag, which was the root cause of the startup failure.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7b9c274

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ff0bef63-db4a-43ac-8285-3494841e2036

📥 Commits

Reviewing files that changed from the base of the PR and between 61ca40b and 7b9c274.

📒 Files selected for processing (1)

• docker/scripts/entrypoint.sh

---

Walkthrough

The entrypoint script now generates GOOSE_DBSTRING for ClickHouse database migrations using Node.js URL parsing instead of shell string manipulation. The logic removes any existing secure query parameter from the CLICKHOUSE_URL and then conditionally appends secure=true only when the URL scheme is https:, replacing the previous approach that attempted to preserve or append the parameter based on string matching.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Hi @darshitp091, thanks for your interest in contributing!

This project requires that pull request authors are vouched, and you are not in the list of vouched users.

This PR will be closed automatically. See https://github.com/triggerdotdev/trigger.dev/blob/main/CONTRIBUTING.md for more details.

[Copilot]

Pull request overview

This PR fixes a startup failure in self-hosted deployments where ClickHouse migrations (via Goose) would reject valid http:// ClickHouse URLs due to secure=true being appended unconditionally in the webapp container entrypoint.

Changes:

• Reworks ClickHouse migration DSN construction to be scheme-aware (https:// → secure=true, http:// → no secure flag).
• Strips any existing secure query parameter before constructing GOOSE_DBSTRING to avoid mismatches.