Skip to content

Commit

Permalink
Merge pull request #77 from scify/staging_sec_data
Browse files Browse the repository at this point in the history
Staging sec data
  • Loading branch information
PavlosIsaris authored Oct 4, 2024
2 parents f96f99b + 8027547 commit 691f90d
Show file tree
Hide file tree
Showing 3 changed files with 250 additions and 0 deletions.
103 changes: 103 additions & 0 deletions .github/templates/.env.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
APP_NAME="Crowdsourcing platform | Let's crowdsource our future"
APP_ENV=production
APP_KEY={{ LARAVEL_STAGING_SEC_DATA_APP_KEY }}
APP_DEBUG=false
DEBUGBAR_ENABLED=false
APP_LOG_LEVEL=debug
APP_URL=https://{{ PROJECT_URL }}
ASSET_URL=${APP_URL}
MIX_ASSET_URL=${APP_URL}
APP_VERSION=v8.0
GOOGLE_MAPS_KEY=

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE={{ DB_NAME }}
DB_USERNAME={{ DB_USER }}
DB_PASSWORD={{ DB_PASSWORD }}

BROADCAST_DRIVER=redis
CACHE_DRIVER=file
QUEUE_CONNECTION=redis
SESSION_DRIVER=file
SESSION_LIFETIME=120

REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
REDIS_PREFIX=crowdsourcing_ecas_


MAIL_MAILER=mailgun
[email protected]
MAIL_FROM_NAME="Crowdsourcing Platform"
MAIL_HOST=smtp.eu.mailgun.org
MAILGUN_DOMAIN=crowdsourcing.ecas.org
MAILGUN_SECRET={{ MAILGUN_SECRET }}
MAILGUN_ENDPOINT=api.eu.mailgun.net


PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

PERSONAL_CLIENT_ID=1
PERSONAL_CLIENT_SECRET= {{ PERSONAL_CLIENT_SECRET }}
PASSWORD_CLIENT_ID=2
PASSWORD_CLIENT_SECRET={{ PASSWORD_CLIENT_SECRET }}

FACEBOOK_CLIENT_ID={{ FACEBOOK_CLIENT_ID }}
FACEBOOK_CLIENT_SECRET={{ FACEBOOK_CLIENT_SECRET }}

TWITTER_CLIENT_ID={{ TWITTER_CLIENT_ID }}
TWITTER_CLIENT_SECRET={{ TWITTER_CLIENT_SECRET }}

GOOGLE_CLIENT_ID={{ GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET={{ GOOGLE_CLIENT_SECRET }}

MICROSOFT_CLIENT_ID={{ MICROSOFT_CLIENT_ID }}
MICROSOFT_CLIENT_SECRET={{ MICROSOFT_CLIENT_SECRET }}

LINKEDIN_CLIENT_ID={{ LINKEDIN_CLIENT_ID }}
LINKEDIN_CLIENT_SECRET={{ LINKEDIN_CLIENT_SECRET }}

DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED={{ DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }}

GOOGLE_TRANSLATE_KEY={{ GOOGLE_TRANSLATE_KEY }}
# MAILCHIMP INTEGRATION
MAILCHIMP_API_KEY={{ MAILCHIMP_API_KEY }}

# SENTRY DSN
SENTRY_LARAVEL_DSN={{ SENTRY_LARAVEL_DSN }}
SENTRY_TRACES_SAMPLE_RATE=1
VITE_SENTRY_DSN_PUBLIC="${SENTRY_LARAVEL_DSN}"

VITE_APP_URL="${APP_URL}"


INSTALLATION_RESOURCES_DIR=ecas
API_AUTH_TOKEN={{ API_AUTH_TOKEN }}
MIX_API_AUTH_TOKEN="${API_AUTH_TOKEN}"
MIX_APP_URL="${APP_URL}"
USERWAY_ID={{ USERWAY_ID }}


# Newsletter variables
NEWSLETTER_LIST_ID_NEWSLETTER=# this should come from the mailchimp_lists DB table
NEWSLETTER_LIST_ID_NEWSLETTER_REGISTERED_USERS=# this should come from the mailchimp_lists DB table

# Variables needed for S3-based filesystem to work
AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION=eu-central-1
AWS_BUCKET=crowdsourcing-ecas-bucket-s3
AWS_USE_PATH_STYLE_ENDPOINT=false

INSTALLATION_COMPANY_NAME="ECAS - European Citizen Action Service"
INSTALLATION_COMPANY_ADDRESS="BeCentral Cantersteen 12 B-1000 Brussels, Belgium"
INSTALLATION_COMPANY_PHONE="+32 (0) 2 548 04 90"
INSTALLATION_COMPANY_EMAIL="info(at)ecas.org"

10 changes: 10 additions & 0 deletions .github/templates/wg0.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[Interface]
Address = 10.10.0.19/32
ListenPort = 48123
PrivateKey = {{ WIREGUARD_PRIVATE_KEY }}

[Peer]
PublicKey = {{ VPN_SERVER_PUBLIC_KEY }}
AllowedIPs = 10.10.0.0/24
Endpoint = pegasus.scify.org:1194
PersistentKeepalive = 25
137 changes: 137 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
name: Deploy to Secondary Staging Server

on:
workflow_dispatch:
push:
branches:
- staging_sec_data

env:
PHP_VERSION: '8.2'
SERVER_HOSTNAME: 'staging.scify.org'
REMOTE_USER: 'project_crowdsourcing_sec_data'
PROJECT_URL: 'crowdsourcing-ecas.staging.scify.org'

jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/[email protected]

- name: Install wireguard
run: sudo apt install wireguard

- name: Create wg0 file
uses: cuchi/[email protected]
with:
template: .github/templates/wg0.j2
output_file: wg0.conf
variables: |
WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }}
VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }}


- name: Move wg0.conf to /etc/wireguard
run: sudo mv wg0.conf /etc/wireguard/wg0.conf

- name: Start wireguard
run: sudo wg-quick up wg0

- name: Checkout repo
uses: actions/[email protected]

- name: Add frodo to etc hosts
run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts

- name: read password from vault
uses: hashicorp/vault-action@v2
with:
url: https://frodo.scify.org:8200
caCertificate: ${{ secrets.VAULT_CA_CERT }}
method: userpass
username: ${{ secrets.VAULT_USER }}
password: ${{ secrets.VAULT_PASSWORD }}
secrets: |
Projects/data/crowdsourcing/staging_sec_data/database db_name | DB_NAME ;
Projects/data/crowdsourcing/staging_sec_data/database db_user | DB_USER ;
Projects/data/crowdsourcing/staging_sec_data/database password | DB_PASSWORD ;
Projects/data/crowdsourcing/staging_sec_data/google_client_secrets google_client_id | GOOGLE_CLIENT_ID ;
Projects/data/crowdsourcing/production/email/laravel_mailgun_env_variables MAILGUN_SECRET | MAILGUN_SECRET ;



- name: Create .env file
uses: cuchi/[email protected]
with:
template: .github/templates/.env.j2
output_file: .env
variables: |
DB_NAME=${{ env.DB_NAME }}
DB_USER=${{ env.DB_USER }}
DB_PASSWORD=${{ env.DB_PASSWORD }}
LARAVEL_STAGING_SEC_DATA_APP_KEY=${{ secrets.LARAVEL_STAGING_SEC_DATA_APP_KEY }}
PROJECT_URL=${{ env.PROJECT_URL }}
MAILGUN_SECRET=${{ env.MAILGUN_SECRET }}
PERSONAL_CLIENT_ID=${{ secrets.PERSONAL_CLIENT_ID }}
PERSONAL_CLIENT_SECRET=${{ secrets.PERSONAL_CLIENT_SECRET }}
PASSWORD_CLIENT_SECRET=${{ secrets.PASSWORD_CLIENT_SECRET }}
FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }}
FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }}
TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
TWITTER_CLIENT_SECRET=${{ secrets.TWITTER_CLIENT_SECRET }}
GOOGLE_CLIENT_ID=${{ env.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}
MICROSOFT_CLIENT_ID=${{ secrets.MICROSOFT_CLIENT_ID }}
MICROSOFT_CLIENT_SECRET=${{ secrets.MICROSOFT_CLIENT_SECRET }}
LINKEDIN_CLIENT_ID=${{ secrets.LINKEDIN_CLIENT_ID }}
LINKEDIN_CLIENT_SECRET=${{ secrets.LINKEDIN_CLIENT_SECRET }}
DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED=${{ secrets.DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }}
GOOGLE_TRANSLATE_KEY=${{ secrets.GOOGLE_TRANSLATE_KEY }}
MAILCHIMP_API_KEY=${{ secrets.MAILCHIMP_API_KEY }}
SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN }}
API_AUTH_TOKEN=${{ secrets.API_AUTH_TOKEN }}
USERWAY_ID=${{ secrets.USERWAY_ID }}
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}

- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'

- name: Install node dependencies
run: npm install

- name: Build assets
run: npm run build


- name: SCP files to staging server
uses: easingthemes/[email protected]
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }}
REMOTE_PORT: 222
SOURCE: "./"
REMOTE_HOST: ${{ env.SERVER_HOSTNAME }}
REMOTE_USER: ${{ env.REMOTE_USER }}
TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}"


- name: Run composer install on remote server
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_HOSTNAME }}
port: 222
username: ${{ env.REMOTE_USER }}
key: ${{ secrets.SSH_KEY_STAGING_SERVER }}
script: |
source /home/${{ env.REMOTE_USER }}/.profile
cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}
composer install --no-interaction --no-progress --optimize-autoloader
# --no-dev

0 comments on commit 691f90d

Please sign in to comment.