From 3ce80f5f336e69cefc7c8a28327f52848112fc59 Mon Sep 17 00:00:00 2001 From: Vitor Hideyoshi Date: Fri, 25 Aug 2023 04:24:53 -0300 Subject: [PATCH 1/3] Updated Storage Processor Deployment --- deployment/storage/storage-processor.yaml | 35 +++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/deployment/storage/storage-processor.yaml b/deployment/storage/storage-processor.yaml index 327dc07..4d8ce71 100644 --- a/deployment/storage/storage-processor.yaml +++ b/deployment/storage/storage-processor.yaml @@ -16,7 +16,8 @@ spec: containers: - name: storage-processor image: yoshiunfriendly/storage-hideyoshi.com:latest - command: [ "poetry", "run", "rq", "worker", " --with-scheduler" ] + command: [ "./run-queue.sh" ] + args: [ "-q" ] imagePullPolicy: "Always" env: - name: REDIS_BASE_URL @@ -38,4 +39,34 @@ spec: key: redis-password - name: REDIS_URL - value: "redis://:$(REDIS_PASSWORD)@$(REDIS_BASE_URL):$(REDIS_PORT)" \ No newline at end of file + value: "redis://:$(REDIS_PASSWORD)@$(REDIS_BASE_URL):$(REDIS_PORT)" + + - name: STORAGE_TYPE + valueFrom: + secretKeyRef: + name: storage-secret + key: storage_type + + - name: AWS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: storage-secret + key: aws_access_key_id + + - name: AWS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: storage-secret + key: aws_access_access_key + + - name: AWS_REGION_NAME + valueFrom: + secretKeyRef: + name: storage-secret + key: aws_region_name + + - name: AWS_BUCKET_NAME + valueFrom: + secretKeyRef: + name: storage-secret + key: aws_bucket_name \ No newline at end of file From f726bccbe56f601a42c1a7f9f4c9b34a352a4946 Mon Sep 17 00:00:00 2001 From: Vitor Hideyoshi Date: Sun, 10 Sep 2023 04:11:02 -0300 Subject: [PATCH 2/3] Implements Virus Checker Secrets --- deployment/storage/storage-processor.yaml | 14 +++++++++++++- deployment/storage/storage.yaml | 12 ++++++++++++ template/storage/storage-secret.template.yaml | 4 +++- 3 files changed, 28 insertions(+), 2 deletions(-) diff --git a/deployment/storage/storage-processor.yaml b/deployment/storage/storage-processor.yaml index 4d8ce71..32d0679 100644 --- a/deployment/storage/storage-processor.yaml +++ b/deployment/storage/storage-processor.yaml @@ -69,4 +69,16 @@ spec: valueFrom: secretKeyRef: name: storage-secret - key: aws_bucket_name \ No newline at end of file + key: aws_bucket_name + + - name: VIRUS_CHECKER_TYPE + valueFrom: + secretKeyRef: + name: storage-secret + key: virus_checker_type + + - name: VIRUS_CHECKER_API_KEY + valueFrom: + secretKeyRef: + name: storage-secret + key: virus_checher_api_key \ No newline at end of file diff --git a/deployment/storage/storage.yaml b/deployment/storage/storage.yaml index 10ff8ed..73d14dc 100644 --- a/deployment/storage/storage.yaml +++ b/deployment/storage/storage.yaml @@ -86,6 +86,18 @@ spec: name: storage-secret key: aws_bucket_name + - name: VIRUS_CHECKER_TYPE + valueFrom: + secretKeyRef: + name: storage-secret + key: virus_checker_type + + - name: VIRUS_CHECKER_API_KEY + valueFrom: + secretKeyRef: + name: storage-secret + key: virus_checher_api_key + --- apiVersion: v1 kind: Service diff --git a/template/storage/storage-secret.template.yaml b/template/storage/storage-secret.template.yaml index 4da3faf..959a281 100644 --- a/template/storage/storage-secret.template.yaml +++ b/template/storage/storage-secret.template.yaml @@ -9,4 +9,6 @@ data: aws_access_key_id: $AWS_ACCESS_KEY_ID aws_access_access_key: $AWS_SECRET_ACCESS_KEY aws_region_name: $AWS_REGION_NAME - aws_bucket_name: $AWS_BUCKET_NAME \ No newline at end of file + aws_bucket_name: $AWS_BUCKET_NAME + virus_checker_type: $VIRUS_CHECKER_TYPE + virus_checher_api_key: $VIRUS_CHECKER_API_KEY \ No newline at end of file From 11ffc7e49b35d34df03057a7fbaf4ef0b78aa570 Mon Sep 17 00:00:00 2001 From: Vitor Hideyoshi Date: Thu, 14 Sep 2023 07:28:03 -0300 Subject: [PATCH 3/3] Implementa Novo Deploy de Secrets --- .github/workflows/deploy-staging.yml | 30 +++++++++++----------- .gitignore | 2 +- setup.py | 38 ++++++---------------------- 3 files changed, 24 insertions(+), 46 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index fdb17c3..f1f4d0b 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -48,11 +48,11 @@ jobs: envkey_VIRUS_CHECKER_TYPE: ${{ secrets.VIRUS_CHECKER_TYPE }} envkey_VIRUS_CHECKER_API_KEY: ${{ secrets.VIRUS_CHECKER_API_KEY }} - - name: Inserts Prod Enviromental Variables - run: | - python -m pip install --upgrade pip pipenv - pipenv install - pipenv run python setup.py -e staging -f .env + # - name: Inserts Prod Enviromental Variables + # run: | + # python -m pip install --upgrade pip pipenv + # pipenv install + # pipenv run python setup.py -e staging -f .env - name: copy file via ssh uses: appleboy/scp-action@master @@ -64,13 +64,13 @@ jobs: source: "." target: "infra-hideyoshi.com" - - name: executing remote ssh commands - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.SSH_HOST }} - username: ${{ secrets.SSH_USER }} - port: ${{ secrets.SSH_PORT }} - key: ${{ secrets.SSH_KEY }} - script: | - cd infra-hideyoshi.com - ./deploy.sh --staging \ No newline at end of file + # - name: executing remote ssh commands + # uses: appleboy/ssh-action@master + # with: + # host: ${{ secrets.SSH_HOST }} + # username: ${{ secrets.SSH_USER }} + # port: ${{ secrets.SSH_PORT }} + # key: ${{ secrets.SSH_KEY }} + # script: | + # cd infra-hideyoshi.com + # ./deploy.sh --staging \ No newline at end of file diff --git a/.gitignore b/.gitignore index 0b4e79b..9a6a0f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -.env +.env* .secret* diff --git a/setup.py b/setup.py index 8147b65..5e0fc16 100644 --- a/setup.py +++ b/setup.py @@ -31,38 +31,19 @@ ENV_VARIABLES = [ "AWS_SECRET_ACCESS_KEY", "AWS_REGION_NAME", "AWS_BUCKET_NAME", + "VIRUS_CHECKER_TYPE", + "VIRUS_CHECKER_API_KEY", ] -FORCE_BASE64_FIELD = [ - "OAUTH_GITHUB_CLIENT_ID", - "OAUTH_GITHUB_CLIENT_SECRET", - "AWS_ACCESS_KEY_ID", - "AWS_SECRET_ACCESS_KEY", -] - - -def is_force_base64_fields(field: str) -> bool: - return field in FORCE_BASE64_FIELD - - -def is_validate_base64(value: str) -> bool: - if not isinstance(value, str): - return False - - try: - if b64encode(b64decode(value)).decode() == value: - return True - except: - pass - - return False - def setting_environment(environment: str): - if not environment in ("prod", "staging", "dev"): + if not environment in ("prod", "staging", "local", "dev"): raise ValueError("Invalid Environment Selected") match environment: + case "local": + DOMAIN = "local.hideyoshi.com.br" + API_DOMAIN = "api.local.hideyoshi.com.br" case "staging": DOMAIN = "staging.hideyoshi.com.br" API_DOMAIN = "api.staging.hideyoshi.com.br" @@ -85,11 +66,8 @@ def load_secret_file(file: str): def fetch_env_variables(): for env in ENV_VARIABLES: value = os.environ[env] - if not is_force_base64_fields(env) and is_validate_base64(value): - os.environ[env] = value - else: - value = value.encode("utf-8") - os.environ[env] = b64encode(value).decode() + value = value.encode("utf-8") + os.environ[env] = b64encode(value).decode() def envsubst_file(file: PosixPath):