From e764958de48b25a6c2f40288d3db7dff476f9ba2 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 16:27:43 +0300 Subject: [PATCH 01/16] read env vars for secrets --- .github/workflows/blank.yml | 6 ++++++ internal/config/app.go | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 46ef286..2635618 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -95,6 +95,12 @@ jobs: script: | mkdir -p /var/www/csr/stage/ echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json + sudo rm -rf /etc/systemd/system/stage.csr.service.d + sudo EDITOR='tee' systemctl edit stage.csr.service <<< '[Service] + Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" + Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}"' + Environment="DB_USER=${{ secrets.DB_USER }}"' + Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"' sudo systemctl daemon-reload && sudo service stage.csr stop cp ~/csr /var/www/csr/stage/server sudo service stage.csr start diff --git a/internal/config/app.go b/internal/config/app.go index abf850c..371c54e 100644 --- a/internal/config/app.go +++ b/internal/config/app.go @@ -85,6 +85,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) { if err := viper.ReadInConfig(); err != nil { return nil, fmt.Errorf("failed to read in config: %w", err) } + bindEnvVars() conf := getDefaultConfig() if err := viper.Unmarshal(&conf); err != nil { @@ -100,6 +101,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) { func getDefaultConfig() *AppConfig { return &AppConfig{ + JWTSecretKey: "default_value", DB: DB{ Host: "localhost", User: "csr", @@ -110,6 +112,7 @@ func getDefaultConfig() *AppConfig { ResetLinkExpiration: 15 * time.Minute, }, Email: Email{ + Password: "default_value", SenderWebsiteUrl: "https://csr.golangforall.com/", ConfirmLinkExpiration: 15 * time.Minute, }, @@ -119,3 +122,12 @@ func getDefaultConfig() *AppConfig { }, } } + +func bindEnvVars() { + viper.BindEnv("jwtsecretkey", "JWT_SECRET_KEY") + viper.BindEnv("email.password", "EMAIL_PASSWORD") + viper.BindEnv("db.user", "DB_USER") + viper.BindEnv("db.password", "DB_PASSWORD") + + viper.AutomaticEnv() +} From 391e77887dbfcd004a3c749d41ad5418c2265957 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 17:50:52 +0300 Subject: [PATCH 02/16] rm secrets from config.json --- config.json | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/config.json b/config.json index 80643e9..dd18c27 100644 --- a/config.json +++ b/config.json @@ -2,15 +2,12 @@ "db": { "host": "postgres", "port": "5432", - "user": "csr", - "database": "csr", + "database": "", "showSql": false }, - "JWTSecretKey": 123, "email": { "serverHost": "any", "serverPort": 1, - "password": "any", "senderFromAddress": "any", "senderFromName": "any", "confirmLinkExpiration": "15m", From 8bd565b929047c0ccf03cf6834364d5f1036f68d Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 17:59:42 +0300 Subject: [PATCH 03/16] test pipeline --- .github/workflows/blank.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 2635618..093d8a7 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["master"] + branches: ["feat/#8/separate_secrets"] pull_request: - branches: ["master"] + branches: ["feat/#8/separate_secrets"] jobs: test: runs-on: ubuntu-22.04 From f0f4b2959df9ef4ff5a456d148b9d80e978ad642 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 18:18:19 +0300 Subject: [PATCH 04/16] fix default db val --- config.json | 2 +- internal/config/app.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config.json b/config.json index dd18c27..6404924 100644 --- a/config.json +++ b/config.json @@ -2,7 +2,7 @@ "db": { "host": "postgres", "port": "5432", - "database": "", + "database": "csr", "showSql": false }, "email": { diff --git a/internal/config/app.go b/internal/config/app.go index 371c54e..986c787 100644 --- a/internal/config/app.go +++ b/internal/config/app.go @@ -106,6 +106,7 @@ func getDefaultConfig() *AppConfig { Host: "localhost", User: "csr", Password: "password", + Database: "csr", }, Password: Password{ Length: 8, From ab55a10766ac4232ecb36fcb513c09108debb3d1 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 18:32:29 +0300 Subject: [PATCH 05/16] add test deploy --- .github/workflows/blank.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 093d8a7..b1846b0 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/feat/#8/separate_secrets' environment: stage runs-on: ubuntu-latest From 572b2963367f16aa2e98520b40059121b6c73f5d Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 18:44:01 +0300 Subject: [PATCH 06/16] fix typo --- .github/workflows/blank.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index b1846b0..b9800f4 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -98,8 +98,8 @@ jobs: sudo rm -rf /etc/systemd/system/stage.csr.service.d sudo EDITOR='tee' systemctl edit stage.csr.service <<< '[Service] Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" - Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}"' - Environment="DB_USER=${{ secrets.DB_USER }}"' + Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" + Environment="DB_USER=${{ secrets.DB_USER }}" Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"' sudo systemctl daemon-reload && sudo service stage.csr stop cp ~/csr /var/www/csr/stage/server From e020d14e0380fc31aa8da31b089a27b753a8df39 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 19:48:07 +0300 Subject: [PATCH 07/16] update pipeline config --- .github/workflows/blank.yml | 41 +++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index b9800f4..8edc762 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -86,21 +86,26 @@ jobs: source: csr target: ~/ - name: Deploy - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.DEPLOY_SSH_HOST }} - username: ${{ secrets.DEPLOY_SSH_USER }} - key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} - port: ${{ secrets.DEPLOY_SSH_PORT }} - script: | - mkdir -p /var/www/csr/stage/ - echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json - sudo rm -rf /etc/systemd/system/stage.csr.service.d - sudo EDITOR='tee' systemctl edit stage.csr.service <<< '[Service] - Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" - Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" - Environment="DB_USER=${{ secrets.DB_USER }}" - Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"' - sudo systemctl daemon-reload && sudo service stage.csr stop - cp ~/csr /var/www/csr/stage/server - sudo service stage.csr start + before_script: + - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' + - eval $(ssh-agent -s) + - echo ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} | tr -d '\r' | ssh-add - > /dev/null + - mkdir -p ~/.ssh + - chmod 700 ~/.ssh + - ssh-keyscan -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_HOST }} >> ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts + script: | + ssh -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }} " + mkdir -p /var/www/csr/stage/ && + echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json && + sudo rm -rf /etc/systemd/system/stage.csr.service.d && + echo -e '[Service] + Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\" + Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\" + Environment=\"DB_USER=${{ secrets.DB_USER }}\" + Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"' | + sudo EDITOR='tee' systemctl edit stage.csr.service && + sudo systemctl daemon-reload && + sudo systemctl stop stage.csr && + cp ~/csr /var/www/csr/stage/server && + sudo systemctl start stage.csr" \ No newline at end of file From 4527c4b5527c2453c26a40a7c6d810c12d6dc6c1 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 19:57:05 +0300 Subject: [PATCH 08/16] update pipeline config --- .github/workflows/blank.yml | 38 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 8edc762..a664a83 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -86,26 +86,18 @@ jobs: source: csr target: ~/ - name: Deploy - before_script: - - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' - - eval $(ssh-agent -s) - - echo ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} | tr -d '\r' | ssh-add - > /dev/null - - mkdir -p ~/.ssh - - chmod 700 ~/.ssh - - ssh-keyscan -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_HOST }} >> ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - script: | - ssh -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }} " - mkdir -p /var/www/csr/stage/ && - echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json && - sudo rm -rf /etc/systemd/system/stage.csr.service.d && - echo -e '[Service] - Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\" - Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\" - Environment=\"DB_USER=${{ secrets.DB_USER }}\" - Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"' | - sudo EDITOR='tee' systemctl edit stage.csr.service && - sudo systemctl daemon-reload && - sudo systemctl stop stage.csr && - cp ~/csr /var/www/csr/stage/server && - sudo systemctl start stage.csr" \ No newline at end of file + run: | + ssh -o "StrictHostKeyChecking=no" -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }} " + mkdir -p /var/www/csr/stage/ && + echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json && + sudo rm -rf /etc/systemd/system/stage.csr.service.d && + echo -e '[Service] + Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\" + Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\" + Environment=\"DB_USER=${{ secrets.DB_USER }}\" + Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"' | + sudo EDITOR='tee' systemctl edit stage.csr.service && + sudo systemctl daemon-reload && + sudo systemctl stop stage.csr && + cp ~/csr /var/www/csr/stage/server && + sudo systemctl start stage.csr" From a219f41518e2766b9cbd394bc9cfe7f65f499205 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 22:48:02 +0300 Subject: [PATCH 09/16] echo env vars --- .github/workflows/blank.yml | 38 ++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index a664a83..d2b21be 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -86,18 +86,26 @@ jobs: source: csr target: ~/ - name: Deploy - run: | - ssh -o "StrictHostKeyChecking=no" -p ${{ secrets.DEPLOY_SSH_PORT }} ${{ secrets.DEPLOY_SSH_USER }}@${{ secrets.DEPLOY_SSH_HOST }} " - mkdir -p /var/www/csr/stage/ && - echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json && - sudo rm -rf /etc/systemd/system/stage.csr.service.d && - echo -e '[Service] - Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\" - Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\" - Environment=\"DB_USER=${{ secrets.DB_USER }}\" - Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"' | - sudo EDITOR='tee' systemctl edit stage.csr.service && - sudo systemctl daemon-reload && - sudo systemctl stop stage.csr && - cp ~/csr /var/www/csr/stage/server && - sudo systemctl start stage.csr" + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.DEPLOY_SSH_HOST }} + username: ${{ secrets.DEPLOY_SSH_USER }} + key: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }} + port: ${{ secrets.DEPLOY_SSH_PORT }} + script: | + mkdir -p /var/www/csr/stage/ + echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json + sudo rm -rf /etc/systemd/system/stage.csr.service.d + mkdir -p /etc/systemd/system/stage.csr.service.d/override.conf + sudo chown root:root /etc/systemd/system/stage.csr.service.d + sudo chmod 755 /etc/systemd/system/stage.csr.service.d + echo '[Service] + Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" + Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" + Environment="DB_USER=${{ secrets.DB_USER }}" + Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"' > /etc/systemd/system/stage.csr.service.d/override.conf + sudo chown root:root /etc/systemd/system/stage.csr.service.d/override.conf + sudo chmod 644 root:root /etc/systemd/system/stage.csr.service.d/override.conf + sudo systemctl daemon-reload && sudo service stage.csr stop + cp ~/csr /var/www/csr/stage/server + sudo service stage.csr start From c3ad12118f6d371c6f4d8863630c947575ceca8f Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 23:17:38 +0300 Subject: [PATCH 10/16] fix format override.conf --- .github/workflows/blank.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index d2b21be..84d6c8a 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -96,16 +96,17 @@ jobs: mkdir -p /var/www/csr/stage/ echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json sudo rm -rf /etc/systemd/system/stage.csr.service.d - mkdir -p /etc/systemd/system/stage.csr.service.d/override.conf + sudo mkdir -p /etc/systemd/system/stage.csr.service.d sudo chown root:root /etc/systemd/system/stage.csr.service.d sudo chmod 755 /etc/systemd/system/stage.csr.service.d - echo '[Service] - Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" - Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" - Environment="DB_USER=${{ secrets.DB_USER }}" - Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"' > /etc/systemd/system/stage.csr.service.d/override.conf + echo -e "[Service]\n\ + Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\"\n\ + Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\"\n\ + Environment=\"DB_USER=${{ secrets.DB_USER }}\"\n\ + Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"" > override.conf + sudo mv override.conf /etc/systemd/system/stage.csr.service.d/override.conf sudo chown root:root /etc/systemd/system/stage.csr.service.d/override.conf - sudo chmod 644 root:root /etc/systemd/system/stage.csr.service.d/override.conf + sudo chmod 644 /etc/systemd/system/stage.csr.service.d/override.conf sudo systemctl daemon-reload && sudo service stage.csr stop cp ~/csr /var/www/csr/stage/server - sudo service stage.csr start + sudo service stage.csr start From 59882e7d06b0a19b3d0fc141c8f40f075b75fe9d Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Thu, 26 Sep 2024 23:37:31 +0300 Subject: [PATCH 11/16] revert trigger to master --- .github/workflows/blank.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 84d6c8a..2682929 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["feat/#8/separate_secrets"] + branches: ["master"] pull_request: - branches: ["feat/#8/separate_secrets"] + branches: ["master"] jobs: test: runs-on: ubuntu-22.04 @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/feat/#8/separate_secrets' + if: github.ref == 'refs/heads/master' environment: stage runs-on: ubuntu-latest From f77c3b13665648625bc3e501c5b3e41139e59e2e Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Fri, 27 Sep 2024 11:06:46 +0300 Subject: [PATCH 12/16] rm redundant cfg value --- .github/workflows/blank.yml | 3 +-- internal/config/app.go | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 2682929..cfc6f8f 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -102,8 +102,7 @@ jobs: echo -e "[Service]\n\ Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\"\n\ Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\"\n\ - Environment=\"DB_USER=${{ secrets.DB_USER }}\"\n\ - Environment=\"DB_PASSWORD=${{ secrets.DB_PASSWORD }}\"" > override.conf + Environment=\"DB_USER=${{ secrets.DB_USER }}\"" > override.conf sudo mv override.conf /etc/systemd/system/stage.csr.service.d/override.conf sudo chown root:root /etc/systemd/system/stage.csr.service.d/override.conf sudo chmod 644 /etc/systemd/system/stage.csr.service.d/override.conf diff --git a/internal/config/app.go b/internal/config/app.go index 986c787..4b09865 100644 --- a/internal/config/app.go +++ b/internal/config/app.go @@ -105,8 +105,7 @@ func getDefaultConfig() *AppConfig { DB: DB{ Host: "localhost", User: "csr", - Password: "password", - Database: "csr", + Database: "stage_csr", }, Password: Password{ Length: 8, @@ -128,7 +127,6 @@ func bindEnvVars() { viper.BindEnv("jwtsecretkey", "JWT_SECRET_KEY") viper.BindEnv("email.password", "EMAIL_PASSWORD") viper.BindEnv("db.user", "DB_USER") - viper.BindEnv("db.password", "DB_PASSWORD") viper.AutomaticEnv() } From 16804493b5be22e9fb01d01554c8c413057e981f Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Fri, 27 Sep 2024 12:23:21 +0300 Subject: [PATCH 13/16] test deploy --- .github/workflows/blank.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index cfc6f8f..f2cbd27 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["master"] + branches: ["feat/#8/separate_secrets"] pull_request: - branches: ["master"] + branches: ["feat/#8/separate_secrets"] jobs: test: runs-on: ubuntu-22.04 @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/feat/#8/separate_secrets' environment: stage runs-on: ubuntu-latest From 3080474631f1a8029ff75e9bc798b2cfdd8e637e Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Fri, 27 Sep 2024 12:44:21 +0300 Subject: [PATCH 14/16] revert trigger on master --- .github/workflows/blank.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index f2cbd27..0e1dee5 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["feat/#8/separate_secrets"] + branches: ["feat/master"] pull_request: - branches: ["feat/#8/separate_secrets"] + branches: ["master"] jobs: test: runs-on: ubuntu-22.04 @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/feat/#8/separate_secrets' + if: github.ref == 'refs/heads/master' environment: stage runs-on: ubuntu-latest From d342337630f85ba8209e6587bf33328ad25cf414 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Mon, 30 Sep 2024 15:20:54 +0300 Subject: [PATCH 15/16] update env file creation --- .github/workflows/blank.yml | 22 +++++++------------ .../etc/systemd/system/stage.csr.service | 1 + 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 0e1dee5..c0d6297 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["feat/master"] + branches: ["feat/#8/separate_secrets"] pull_request: - branches: ["master"] + branches: ["feat/#8/separate_secrets"] jobs: test: runs-on: ubuntu-22.04 @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/feat/#8/separate_secrets' environment: stage runs-on: ubuntu-latest @@ -95,17 +95,11 @@ jobs: script: | mkdir -p /var/www/csr/stage/ echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json - sudo rm -rf /etc/systemd/system/stage.csr.service.d - sudo mkdir -p /etc/systemd/system/stage.csr.service.d - sudo chown root:root /etc/systemd/system/stage.csr.service.d - sudo chmod 755 /etc/systemd/system/stage.csr.service.d - echo -e "[Service]\n\ - Environment=\"JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\"\n\ - Environment=\"EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\"\n\ - Environment=\"DB_USER=${{ secrets.DB_USER }}\"" > override.conf - sudo mv override.conf /etc/systemd/system/stage.csr.service.d/override.conf - sudo chown root:root /etc/systemd/system/stage.csr.service.d/override.conf - sudo chmod 644 /etc/systemd/system/stage.csr.service.d/override.conf + sudo rm /etc/systemd/system/stage.csr.env + echo -e "JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}\n\ + EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}\n\ + DB_USER=${{ secrets.DB_USER }}" > stage.csr.env + sudo mv stage.csr.env /etc/systemd/system/stage.csr.env sudo systemctl daemon-reload && sudo service stage.csr stop cp ~/csr /var/www/csr/stage/server sudo service stage.csr start diff --git a/deploy/centos/stage/rootfs/etc/systemd/system/stage.csr.service b/deploy/centos/stage/rootfs/etc/systemd/system/stage.csr.service index a4a4e7d..889aa11 100644 --- a/deploy/centos/stage/rootfs/etc/systemd/system/stage.csr.service +++ b/deploy/centos/stage/rootfs/etc/systemd/system/stage.csr.service @@ -3,6 +3,7 @@ Description=stage.csr After=network.target [Service] +EnvironmentFile=/etc/systemd/system/stage.csr.env Type=simple WorkingDirectory=/var/www/csr/stage User=csr From 16d4989fe6852b673d6992d3d71f0a1a8e41d689 Mon Sep 17 00:00:00 2001 From: Daniil_Gorpinchenko Date: Mon, 30 Sep 2024 15:30:06 +0300 Subject: [PATCH 16/16] revert trigger on master --- .github/workflows/blank.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index c0d6297..19523f5 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -2,9 +2,9 @@ name: build-deploy on: workflow_dispatch: push: - branches: ["feat/#8/separate_secrets"] + branches: ["master"] pull_request: - branches: ["feat/#8/separate_secrets"] + branches: ["master"] jobs: test: runs-on: ubuntu-22.04 @@ -67,7 +67,7 @@ jobs: path: csr retention-days: 5 deploy: - if: github.ref == 'refs/heads/feat/#8/separate_secrets' + if: github.ref == 'refs/heads/master' environment: stage runs-on: ubuntu-latest @@ -102,4 +102,4 @@ jobs: sudo mv stage.csr.env /etc/systemd/system/stage.csr.env sudo systemctl daemon-reload && sudo service stage.csr stop cp ~/csr /var/www/csr/stage/server - sudo service stage.csr start + sudo service stage.csr start