Implementa Novo Deploy de Secrets

.github/workflows/deploy-staging.yml

@@ -48,11 +48,11 @@ jobs:
                   envkey_VIRUS_CHECKER_TYPE: ${{ secrets.VIRUS_CHECKER_TYPE }}
                   envkey_VIRUS_CHECKER_API_KEY: ${{ secrets.VIRUS_CHECKER_API_KEY }}
 
-            - name: Inserts Prod Enviromental Variables
+            # - name: Inserts Prod Enviromental Variables
-              run: |
+            #   run: |
-                python -m pip install --upgrade pip pipenv
+            #     python -m pip install --upgrade pip pipenv
-                pipenv install
+            #     pipenv install
-                pipenv run python setup.py -e staging -f .env
+            #     pipenv run python setup.py -e staging -f .env
 
             - name: copy file via ssh
               uses: appleboy/scp-action@master
@@ -64,13 +64,13 @@ jobs:
                 source: "."
                 target: "infra-hideyoshi.com"
 
-            - name: executing remote ssh commands
+            # - name: executing remote ssh commands
-              uses: appleboy/ssh-action@master
+            #   uses: appleboy/ssh-action@master
-              with:
+            #   with:
-                host: ${{ secrets.SSH_HOST }}
+            #     host: ${{ secrets.SSH_HOST }}
-                username: ${{ secrets.SSH_USER }}
+            #     username: ${{ secrets.SSH_USER }}
-                port: ${{ secrets.SSH_PORT }}
+            #     port: ${{ secrets.SSH_PORT }}
-                key: ${{ secrets.SSH_KEY }}
+            #     key: ${{ secrets.SSH_KEY }}
-                script: |
+            #     script: |
-                  cd infra-hideyoshi.com
+            #       cd infra-hideyoshi.com
-                  ./deploy.sh --staging
+            #       ./deploy.sh --staging

.gitignore

@@ -1,4 +1,4 @@
-.env
+.env*
 
 .secret*
 

setup.py

@@ -31,38 +31,19 @@ ENV_VARIABLES = [
     "AWS_SECRET_ACCESS_KEY",
     "AWS_REGION_NAME",
     "AWS_BUCKET_NAME",
+    "VIRUS_CHECKER_TYPE",
+    "VIRUS_CHECKER_API_KEY",
 ]
 
-FORCE_BASE64_FIELD = [
-    "OAUTH_GITHUB_CLIENT_ID",
-    "OAUTH_GITHUB_CLIENT_SECRET",
-    "AWS_ACCESS_KEY_ID",
-    "AWS_SECRET_ACCESS_KEY",
-]
-
-
-def is_force_base64_fields(field: str) -> bool:
-    return field in FORCE_BASE64_FIELD
-
-
-def is_validate_base64(value: str) -> bool:
-    if not isinstance(value, str):
-        return False
-
-    try:
-        if b64encode(b64decode(value)).decode() == value:
-            return True
-    except:
-        pass
-
-    return False
-
 
 def setting_environment(environment: str):
-    if not environment in ("prod", "staging", "dev"):
+    if not environment in ("prod", "staging", "local", "dev"):
         raise ValueError("Invalid Environment Selected")
 
     match environment:
+        case "local":
+            DOMAIN = "local.hideyoshi.com.br"
+            API_DOMAIN = "api.local.hideyoshi.com.br"
         case "staging":
             DOMAIN = "staging.hideyoshi.com.br"
             API_DOMAIN = "api.staging.hideyoshi.com.br"
@@ -85,9 +66,6 @@ def load_secret_file(file: str):
 def fetch_env_variables():
     for env in ENV_VARIABLES:
         value = os.environ[env]
-        if not is_force_base64_fields(env) and is_validate_base64(value):
-            os.environ[env] = value
-        else:
         value = value.encode("utf-8")
         os.environ[env] = b64encode(value).decode()