diff --git a/.env.development b/.env.development index 880382b80e..100f58d61e 100644 --- a/.env.development +++ b/.env.development @@ -28,6 +28,3 @@ RAILS_DB_HOST=postgres RAILS_DB_PORT=5432 RAILS_DB_NAME=manifold_production RAILS_REDIS_URL=redis://redis:6379 - -CAS_CLIENT_ID=AAABBBCCCDDDEEEFFF -CAS_CLIENT_SECRET=AAABBBCCCDDDEEEFFF diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 94d05f67d2..bd2e759132 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,7 +1,4 @@ -# This file is modeled after: -# - github.com/scientist-softserv/actions/blob/v0.0.22/.github/workflows/deploy.yaml -# This is so that we can inject the step "Load secrets into OAuth config" into the deployment -name: Deploy +name: "Deploy" run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }} on: workflow_dispatch: @@ -19,49 +16,7 @@ on: required: false default: false -env: - REGISTRY: ghcr.io - jobs: - deployment: - runs-on: ubuntu-latest - container: dtzar/helm-kubectl:3.9.4 - environment: ${{ inputs.environment }} - env: - CAS_CLIENT_ID: ${{ secrets.CAS_CLIENT_ID }} - CAS_CLIENT_SECRET: ${{ secrets.CAS_CLIENT_SECRET }} - DB_PASSWORD: ${{ secrets.DB_PASSWORD }} - HELM_EXPERIMENTAL_OCI: 1 - HELM_EXTRA_ARGS: > - --values ops/${{ inputs.environment }}-deploy.yaml - HELM_RELEASE_NAME: ${{ github.event.repository.name }}-${{ inputs.environment }} - KUBECONFIG: ./kubeconfig.yml - KUBECONFIG_FILE: ${{ secrets.KUBECONFIG_FILE }} - KUBE_NAMESPACE: ${{ github.event.repository.name }}-${{ inputs.environment }} - REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} - SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }} - - steps: - - id: setup - name: Setup - uses: scientist-softserv/actions/setup-env@v0.0.22 - with: - token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} - - - name: Setup tmate session - uses: mxschmitt/action-tmate@v3 - if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} - with: - limit-access-to-actor: true - - - name: Load secrets into OAuth config - run: envsubst < api/config/oauth.tmpl.yml > api/config/oauth.yml; - - - name: Do deploy - run: | - echo $KUBECONFIG_FILE | base64 -d > $KUBECONFIG; - DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml; - export DEPLOY_TAG=${TAG}; - export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER}; - export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker; - ./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} + deploy: + uses: scientist-softserv/actions/.github/workflows/deploy.yaml@v0.0.22 + secrets: inherit diff --git a/Dockerfile b/Dockerfile index c81ddddfa0..c70f18c33f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ FROM ruby:2.7.8 as manifold-api RUN apt-get -o Acquire::Check-Valid-Until=false update RUN apt-get install -y libicu-dev postgresql-client nano curl software-properties-common ghostscript \ - vim less gettext + vim less # We need Node and Mammoth for Word text ingestion RUN curl -sL https://deb.nodesource.com/setup_16.x | bash - @@ -21,7 +21,6 @@ RUN sed -i '//d' \ COPY api /opt/manifold/api WORKDIR /opt/manifold/api ENV RAILS_LOG_TO_STDOUT=1 -RUN envsubst < config/oauth.tmpl.yml > config/oauth.yml RUN gem install bundler:2.2.19 RUN bundle install COPY bin/start-and-run /opt/manifold/api/start-and-run diff --git a/api/.gitignore b/api/.gitignore index 032dfd8f9a..0e93b5192a 100644 --- a/api/.gitignore +++ b/api/.gitignore @@ -28,7 +28,6 @@ doc .generators /.rspec-local -config/oauth.yml data/* !data/.gitkeep examples.txt diff --git a/api/config/oauth.tmpl.yml b/api/config/oauth.yml similarity index 62% rename from api/config/oauth.tmpl.yml rename to api/config/oauth.yml index 6f810bc43f..6857ae40ff 100644 --- a/api/config/oauth.tmpl.yml +++ b/api/config/oauth.yml @@ -1,18 +1,18 @@ oauth: cas: - client_id: $CAS_CLIENT_ID - client_secret: $CAS_CLIENT_SECRET descriptive_name: Princeton CAS host: fed.princeton.edu protocol: https - email_key: 'mail' - name_key: 'displayname' - nickname_key: 'givenname' - uid_key: 'campusid' - # WARN: The values below are placeholders + # WARN: The values below are unused placeholders + client_id: AAABBBCCCDDDEEEFFF + client_secret: AAABBBCCCDDDEEEFFF + email_key: 'email' + name_key: 'name' + nickname_key: 'nickname' + uid_key: 'id' endpoints: authorize: - uri: '/cas/login' + uri: '/oauth/authorize' method: 'GET' query: another: 'param'