old-portfolio/infra-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implementa Novo Deploy de Secrets

Browse Source
This commit is contained in:
Vitor Hideyoshi
2023-09-14 07:28:03 -03:00
parent 22b1962afc
commit 11ffc7e49b
3 changed files with 24 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.github/workflows/deploy-staging.yml vendored
View File

@@ -48,11 +48,11 @@ jobs:
envkey_VIRUS_CHECKER_TYPE: ${{ secrets.VIRUS_CHECKER_TYPE }} envkey_VIRUS_CHECKER_TYPE: ${{ secrets.VIRUS_CHECKER_TYPE }}
envkey_VIRUS_CHECKER_API_KEY: ${{ secrets.VIRUS_CHECKER_API_KEY }} envkey_VIRUS_CHECKER_API_KEY: ${{ secrets.VIRUS_CHECKER_API_KEY }}
- name: Inserts Prod Enviromental Variables # - name: Inserts Prod Enviromental Variables
run: | # run: |
python -m pip install --upgrade pip pipenv # python -m pip install --upgrade pip pipenv
pipenv install # pipenv install
pipenv run python setup.py -e staging -f .env # pipenv run python setup.py -e staging -f .env
- name: copy file via ssh - name: copy file via ssh
uses: appleboy/scp-action@master uses: appleboy/scp-action@master
@@ -64,13 +64,13 @@ jobs:
source: "." source: "."
target: "infra-hideyoshi.com" target: "infra-hideyoshi.com"
- name: executing remote ssh commands # - name: executing remote ssh commands
uses: appleboy/ssh-action@master # uses: appleboy/ssh-action@master
with: # with:
host: ${{ secrets.SSH_HOST }} # host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USER }} # username: ${{ secrets.SSH_USER }}
port: ${{ secrets.SSH_PORT }} # port: ${{ secrets.SSH_PORT }}
key: ${{ secrets.SSH_KEY }} # key: ${{ secrets.SSH_KEY }}
script: | # script: |
cd infra-hideyoshi.com # cd infra-hideyoshi.com
./deploy.sh --staging # ./deploy.sh --staging

2
.gitignore vendored
View File

@@ -1,4 +1,4 @@
.env .env*
.secret* .secret*

38
setup.py
View File

@@ -31,38 +31,19 @@ ENV_VARIABLES = [
"AWS_SECRET_ACCESS_KEY", "AWS_SECRET_ACCESS_KEY",
"AWS_REGION_NAME", "AWS_REGION_NAME",
"AWS_BUCKET_NAME", "AWS_BUCKET_NAME",
"VIRUS_CHECKER_TYPE",
"VIRUS_CHECKER_API_KEY",
] ]
FORCE_BASE64_FIELD = [
"OAUTH_GITHUB_CLIENT_ID",
"OAUTH_GITHUB_CLIENT_SECRET",
"AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY",
]
def is_force_base64_fields(field: str) -> bool:
return field in FORCE_BASE64_FIELD
def is_validate_base64(value: str) -> bool:
if not isinstance(value, str):
return False
try:
if b64encode(b64decode(value)).decode() == value:
return True
except:
pass
return False
def setting_environment(environment: str): def setting_environment(environment: str):
if not environment in ("prod", "staging", "dev"): if not environment in ("prod", "staging", "local", "dev"):
raise ValueError("Invalid Environment Selected") raise ValueError("Invalid Environment Selected")
match environment: match environment:
case "local":
DOMAIN = "local.hideyoshi.com.br"
API_DOMAIN = "api.local.hideyoshi.com.br"
case "staging": case "staging":
DOMAIN = "staging.hideyoshi.com.br" DOMAIN = "staging.hideyoshi.com.br"
API_DOMAIN = "api.staging.hideyoshi.com.br" API_DOMAIN = "api.staging.hideyoshi.com.br"
@@ -85,11 +66,8 @@ def load_secret_file(file: str):
def fetch_env_variables(): def fetch_env_variables():
for env in ENV_VARIABLES: for env in ENV_VARIABLES:
value = os.environ[env] value = os.environ[env]
if not is_force_base64_fields(env) and is_validate_base64(value): value = value.encode("utf-8")
os.environ[env] = value os.environ[env] = b64encode(value).decode()
else:
value = value.encode("utf-8")
os.environ[env] = b64encode(value).decode()
def envsubst_file(file: PosixPath): def envsubst_file(file: PosixPath):