-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #77 from scify/staging_sec_data
Staging sec data
- Loading branch information
Showing
3 changed files
with
250 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,103 @@ | ||
APP_NAME="Crowdsourcing platform | Let's crowdsource our future" | ||
APP_ENV=production | ||
APP_KEY={{ LARAVEL_STAGING_SEC_DATA_APP_KEY }} | ||
APP_DEBUG=false | ||
DEBUGBAR_ENABLED=false | ||
APP_LOG_LEVEL=debug | ||
APP_URL=https://{{ PROJECT_URL }} | ||
ASSET_URL=${APP_URL} | ||
MIX_ASSET_URL=${APP_URL} | ||
APP_VERSION=v8.0 | ||
GOOGLE_MAPS_KEY= | ||
|
||
DB_CONNECTION=mysql | ||
DB_HOST=127.0.0.1 | ||
DB_PORT=3306 | ||
DB_DATABASE={{ DB_NAME }} | ||
DB_USERNAME={{ DB_USER }} | ||
DB_PASSWORD={{ DB_PASSWORD }} | ||
|
||
BROADCAST_DRIVER=redis | ||
CACHE_DRIVER=file | ||
QUEUE_CONNECTION=redis | ||
SESSION_DRIVER=file | ||
SESSION_LIFETIME=120 | ||
|
||
REDIS_CLIENT=phpredis | ||
REDIS_HOST=127.0.0.1 | ||
REDIS_PASSWORD=null | ||
REDIS_PORT=6379 | ||
REDIS_PREFIX=crowdsourcing_ecas_ | ||
|
||
|
||
MAIL_MAILER=mailgun | ||
[email protected] | ||
MAIL_FROM_NAME="Crowdsourcing Platform" | ||
MAIL_HOST=smtp.eu.mailgun.org | ||
MAILGUN_DOMAIN=crowdsourcing.ecas.org | ||
MAILGUN_SECRET={{ MAILGUN_SECRET }} | ||
MAILGUN_ENDPOINT=api.eu.mailgun.net | ||
|
||
|
||
PUSHER_APP_ID= | ||
PUSHER_APP_KEY= | ||
PUSHER_APP_SECRET= | ||
PUSHER_APP_CLUSTER=mt1 | ||
|
||
PERSONAL_CLIENT_ID=1 | ||
PERSONAL_CLIENT_SECRET= {{ PERSONAL_CLIENT_SECRET }} | ||
PASSWORD_CLIENT_ID=2 | ||
PASSWORD_CLIENT_SECRET={{ PASSWORD_CLIENT_SECRET }} | ||
|
||
FACEBOOK_CLIENT_ID={{ FACEBOOK_CLIENT_ID }} | ||
FACEBOOK_CLIENT_SECRET={{ FACEBOOK_CLIENT_SECRET }} | ||
|
||
TWITTER_CLIENT_ID={{ TWITTER_CLIENT_ID }} | ||
TWITTER_CLIENT_SECRET={{ TWITTER_CLIENT_SECRET }} | ||
|
||
GOOGLE_CLIENT_ID={{ GOOGLE_CLIENT_ID }} | ||
GOOGLE_CLIENT_SECRET={{ GOOGLE_CLIENT_SECRET }} | ||
|
||
MICROSOFT_CLIENT_ID={{ MICROSOFT_CLIENT_ID }} | ||
MICROSOFT_CLIENT_SECRET={{ MICROSOFT_CLIENT_SECRET }} | ||
|
||
LINKEDIN_CLIENT_ID={{ LINKEDIN_CLIENT_ID }} | ||
LINKEDIN_CLIENT_SECRET={{ LINKEDIN_CLIENT_SECRET }} | ||
|
||
DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED={{ DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }} | ||
|
||
GOOGLE_TRANSLATE_KEY={{ GOOGLE_TRANSLATE_KEY }} | ||
# MAILCHIMP INTEGRATION | ||
MAILCHIMP_API_KEY={{ MAILCHIMP_API_KEY }} | ||
|
||
# SENTRY DSN | ||
SENTRY_LARAVEL_DSN={{ SENTRY_LARAVEL_DSN }} | ||
SENTRY_TRACES_SAMPLE_RATE=1 | ||
VITE_SENTRY_DSN_PUBLIC="${SENTRY_LARAVEL_DSN}" | ||
|
||
VITE_APP_URL="${APP_URL}" | ||
|
||
|
||
INSTALLATION_RESOURCES_DIR=ecas | ||
API_AUTH_TOKEN={{ API_AUTH_TOKEN }} | ||
MIX_API_AUTH_TOKEN="${API_AUTH_TOKEN}" | ||
MIX_APP_URL="${APP_URL}" | ||
USERWAY_ID={{ USERWAY_ID }} | ||
|
||
|
||
# Newsletter variables | ||
NEWSLETTER_LIST_ID_NEWSLETTER=# this should come from the mailchimp_lists DB table | ||
NEWSLETTER_LIST_ID_NEWSLETTER_REGISTERED_USERS=# this should come from the mailchimp_lists DB table | ||
|
||
# Variables needed for S3-based filesystem to work | ||
AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }} | ||
AWS_DEFAULT_REGION=eu-central-1 | ||
AWS_BUCKET=crowdsourcing-ecas-bucket-s3 | ||
AWS_USE_PATH_STYLE_ENDPOINT=false | ||
|
||
INSTALLATION_COMPANY_NAME="ECAS - European Citizen Action Service" | ||
INSTALLATION_COMPANY_ADDRESS="BeCentral Cantersteen 12 B-1000 Brussels, Belgium" | ||
INSTALLATION_COMPANY_PHONE="+32 (0) 2 548 04 90" | ||
INSTALLATION_COMPANY_EMAIL="info(at)ecas.org" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
[Interface] | ||
Address = 10.10.0.19/32 | ||
ListenPort = 48123 | ||
PrivateKey = {{ WIREGUARD_PRIVATE_KEY }} | ||
|
||
[Peer] | ||
PublicKey = {{ VPN_SERVER_PUBLIC_KEY }} | ||
AllowedIPs = 10.10.0.0/24 | ||
Endpoint = pegasus.scify.org:1194 | ||
PersistentKeepalive = 25 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,137 @@ | ||
name: Deploy to Secondary Staging Server | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
branches: | ||
- staging_sec_data | ||
|
||
env: | ||
PHP_VERSION: '8.2' | ||
SERVER_HOSTNAME: 'staging.scify.org' | ||
REMOTE_USER: 'project_crowdsourcing_sec_data' | ||
PROJECT_URL: 'crowdsourcing-ecas.staging.scify.org' | ||
|
||
jobs: | ||
deploy: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repo | ||
uses: actions/[email protected] | ||
|
||
- name: Install wireguard | ||
run: sudo apt install wireguard | ||
|
||
- name: Create wg0 file | ||
uses: cuchi/[email protected] | ||
with: | ||
template: .github/templates/wg0.j2 | ||
output_file: wg0.conf | ||
variables: | | ||
WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }} | ||
VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }} | ||
|
||
|
||
- name: Move wg0.conf to /etc/wireguard | ||
run: sudo mv wg0.conf /etc/wireguard/wg0.conf | ||
|
||
- name: Start wireguard | ||
run: sudo wg-quick up wg0 | ||
|
||
- name: Checkout repo | ||
uses: actions/[email protected] | ||
|
||
- name: Add frodo to etc hosts | ||
run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts | ||
|
||
- name: read password from vault | ||
uses: hashicorp/vault-action@v2 | ||
with: | ||
url: https://frodo.scify.org:8200 | ||
caCertificate: ${{ secrets.VAULT_CA_CERT }} | ||
method: userpass | ||
username: ${{ secrets.VAULT_USER }} | ||
password: ${{ secrets.VAULT_PASSWORD }} | ||
secrets: | | ||
Projects/data/crowdsourcing/staging_sec_data/database db_name | DB_NAME ; | ||
Projects/data/crowdsourcing/staging_sec_data/database db_user | DB_USER ; | ||
Projects/data/crowdsourcing/staging_sec_data/database password | DB_PASSWORD ; | ||
Projects/data/crowdsourcing/staging_sec_data/google_client_secrets google_client_id | GOOGLE_CLIENT_ID ; | ||
Projects/data/crowdsourcing/production/email/laravel_mailgun_env_variables MAILGUN_SECRET | MAILGUN_SECRET ; | ||
|
||
|
||
|
||
- name: Create .env file | ||
uses: cuchi/[email protected] | ||
with: | ||
template: .github/templates/.env.j2 | ||
output_file: .env | ||
variables: | | ||
DB_NAME=${{ env.DB_NAME }} | ||
DB_USER=${{ env.DB_USER }} | ||
DB_PASSWORD=${{ env.DB_PASSWORD }} | ||
LARAVEL_STAGING_SEC_DATA_APP_KEY=${{ secrets.LARAVEL_STAGING_SEC_DATA_APP_KEY }} | ||
PROJECT_URL=${{ env.PROJECT_URL }} | ||
MAILGUN_SECRET=${{ env.MAILGUN_SECRET }} | ||
PERSONAL_CLIENT_ID=${{ secrets.PERSONAL_CLIENT_ID }} | ||
PERSONAL_CLIENT_SECRET=${{ secrets.PERSONAL_CLIENT_SECRET }} | ||
PASSWORD_CLIENT_SECRET=${{ secrets.PASSWORD_CLIENT_SECRET }} | ||
FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }} | ||
FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }} | ||
TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }} | ||
TWITTER_CLIENT_SECRET=${{ secrets.TWITTER_CLIENT_SECRET }} | ||
GOOGLE_CLIENT_ID=${{ env.GOOGLE_CLIENT_ID }} | ||
GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} | ||
MICROSOFT_CLIENT_ID=${{ secrets.MICROSOFT_CLIENT_ID }} | ||
MICROSOFT_CLIENT_SECRET=${{ secrets.MICROSOFT_CLIENT_SECRET }} | ||
LINKEDIN_CLIENT_ID=${{ secrets.LINKEDIN_CLIENT_ID }} | ||
LINKEDIN_CLIENT_SECRET=${{ secrets.LINKEDIN_CLIENT_SECRET }} | ||
DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED=${{ secrets.DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }} | ||
GOOGLE_TRANSLATE_KEY=${{ secrets.GOOGLE_TRANSLATE_KEY }} | ||
MAILCHIMP_API_KEY=${{ secrets.MAILCHIMP_API_KEY }} | ||
SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN }} | ||
API_AUTH_TOKEN=${{ secrets.API_AUTH_TOKEN }} | ||
USERWAY_ID=${{ secrets.USERWAY_ID }} | ||
AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | ||
AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
|
||
- name: Setup node | ||
uses: actions/setup-node@v4 | ||
with: | ||
node-version-file: '.nvmrc' | ||
|
||
- name: Install node dependencies | ||
run: npm install | ||
|
||
- name: Build assets | ||
run: npm run build | ||
|
||
|
||
- name: SCP files to staging server | ||
uses: easingthemes/[email protected] | ||
env: | ||
SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }} | ||
REMOTE_PORT: 222 | ||
SOURCE: "./" | ||
REMOTE_HOST: ${{ env.SERVER_HOSTNAME }} | ||
REMOTE_USER: ${{ env.REMOTE_USER }} | ||
TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}" | ||
|
||
|
||
- name: Run composer install on remote server | ||
uses: appleboy/[email protected] | ||
with: | ||
host: ${{ env.SERVER_HOSTNAME }} | ||
port: 222 | ||
username: ${{ env.REMOTE_USER }} | ||
key: ${{ secrets.SSH_KEY_STAGING_SERVER }} | ||
script: | | ||
source /home/${{ env.REMOTE_USER }}/.profile | ||
cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }} | ||
composer install --no-interaction --no-progress --optimize-autoloader | ||
# --no-dev |