diff --git a/.github/templates/.env.j2 b/.github/templates/.env.j2 new file mode 100644 index 00000000..db59d5c5 --- /dev/null +++ b/.github/templates/.env.j2 @@ -0,0 +1,103 @@ +APP_NAME="Crowdsourcing platform | Let's crowdsource our future" +APP_ENV=production +APP_KEY={{ LARAVEL_STAGING_SEC_DATA_APP_KEY }} +APP_DEBUG=false +DEBUGBAR_ENABLED=false +APP_LOG_LEVEL=debug +APP_URL=https://{{ PROJECT_URL }} +ASSET_URL=${APP_URL} +MIX_ASSET_URL=${APP_URL} +APP_VERSION=v8.0 +GOOGLE_MAPS_KEY= + +DB_CONNECTION=mysql +DB_HOST=127.0.0.1 +DB_PORT=3306 +DB_DATABASE={{ DB_NAME }} +DB_USERNAME={{ DB_USER }} +DB_PASSWORD={{ DB_PASSWORD }} + +BROADCAST_DRIVER=redis +CACHE_DRIVER=file +QUEUE_CONNECTION=redis +SESSION_DRIVER=file +SESSION_LIFETIME=120 + +REDIS_CLIENT=phpredis +REDIS_HOST=127.0.0.1 +REDIS_PASSWORD=null +REDIS_PORT=6379 +REDIS_PREFIX=crowdsourcing_ecas_ + + +MAIL_MAILER=mailgun +MAIL_FROM_ADDRESS=noreply@ecas.org +MAIL_FROM_NAME="Crowdsourcing Platform" +MAIL_HOST=smtp.eu.mailgun.org +MAILGUN_DOMAIN=crowdsourcing.ecas.org +MAILGUN_SECRET={{ MAILGUN_SECRET }} +MAILGUN_ENDPOINT=api.eu.mailgun.net + + +PUSHER_APP_ID= +PUSHER_APP_KEY= +PUSHER_APP_SECRET= +PUSHER_APP_CLUSTER=mt1 + +PERSONAL_CLIENT_ID=1 +PERSONAL_CLIENT_SECRET= {{ PERSONAL_CLIENT_SECRET }} +PASSWORD_CLIENT_ID=2 +PASSWORD_CLIENT_SECRET={{ PASSWORD_CLIENT_SECRET }} + +FACEBOOK_CLIENT_ID={{ FACEBOOK_CLIENT_ID }} +FACEBOOK_CLIENT_SECRET={{ FACEBOOK_CLIENT_SECRET }} + +TWITTER_CLIENT_ID={{ TWITTER_CLIENT_ID }} +TWITTER_CLIENT_SECRET={{ TWITTER_CLIENT_SECRET }} + +GOOGLE_CLIENT_ID={{ GOOGLE_CLIENT_ID }} +GOOGLE_CLIENT_SECRET={{ GOOGLE_CLIENT_SECRET }} + +MICROSOFT_CLIENT_ID={{ MICROSOFT_CLIENT_ID }} +MICROSOFT_CLIENT_SECRET={{ MICROSOFT_CLIENT_SECRET }} + +LINKEDIN_CLIENT_ID={{ LINKEDIN_CLIENT_ID }} +LINKEDIN_CLIENT_SECRET={{ LINKEDIN_CLIENT_SECRET }} + +DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED={{ DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }} + +GOOGLE_TRANSLATE_KEY={{ GOOGLE_TRANSLATE_KEY }} +# MAILCHIMP INTEGRATION +MAILCHIMP_API_KEY={{ MAILCHIMP_API_KEY }} + +# SENTRY DSN +SENTRY_LARAVEL_DSN={{ SENTRY_LARAVEL_DSN }} +SENTRY_TRACES_SAMPLE_RATE=1 +VITE_SENTRY_DSN_PUBLIC="${SENTRY_LARAVEL_DSN}" + +VITE_APP_URL="${APP_URL}" + + +INSTALLATION_RESOURCES_DIR=ecas +API_AUTH_TOKEN={{ API_AUTH_TOKEN }} +MIX_API_AUTH_TOKEN="${API_AUTH_TOKEN}" +MIX_APP_URL="${APP_URL}" +USERWAY_ID={{ USERWAY_ID }} + + +# Newsletter variables +NEWSLETTER_LIST_ID_NEWSLETTER=# this should come from the mailchimp_lists DB table +NEWSLETTER_LIST_ID_NEWSLETTER_REGISTERED_USERS=# this should come from the mailchimp_lists DB table + +# Variables needed for S3-based filesystem to work +AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }} +AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }} +AWS_DEFAULT_REGION=eu-central-1 +AWS_BUCKET=crowdsourcing-ecas-bucket-s3 +AWS_USE_PATH_STYLE_ENDPOINT=false + +INSTALLATION_COMPANY_NAME="ECAS - European Citizen Action Service" +INSTALLATION_COMPANY_ADDRESS="BeCentral Cantersteen 12 B-1000 Brussels, Belgium" +INSTALLATION_COMPANY_PHONE="+32 (0) 2 548 04 90" +INSTALLATION_COMPANY_EMAIL="info(at)ecas.org" + diff --git a/.github/templates/wg0.j2 b/.github/templates/wg0.j2 new file mode 100644 index 00000000..77d437d8 --- /dev/null +++ b/.github/templates/wg0.j2 @@ -0,0 +1,10 @@ +[Interface] +Address = 10.10.0.19/32 +ListenPort = 48123 +PrivateKey = {{ WIREGUARD_PRIVATE_KEY }} + +[Peer] +PublicKey = {{ VPN_SERVER_PUBLIC_KEY }} +AllowedIPs = 10.10.0.0/24 +Endpoint = pegasus.scify.org:1194 +PersistentKeepalive = 25 \ No newline at end of file diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..adb279a5 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,137 @@ +name: Deploy to Secondary Staging Server + +on: + workflow_dispatch: + push: + branches: + - staging_sec_data + +env: + PHP_VERSION: '8.2' + SERVER_HOSTNAME: 'staging.scify.org' + REMOTE_USER: 'project_crowdsourcing_sec_data' + PROJECT_URL: 'crowdsourcing-ecas.staging.scify.org' + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@v3.2.0 + + - name: Install wireguard + run: sudo apt install wireguard + + - name: Create wg0 file + uses: cuchi/jinja2-action@v1.2.0 + with: + template: .github/templates/wg0.j2 + output_file: wg0.conf + variables: | + WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }} + VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }} + + + + - name: Move wg0.conf to /etc/wireguard + run: sudo mv wg0.conf /etc/wireguard/wg0.conf + + - name: Start wireguard + run: sudo wg-quick up wg0 + + - name: Checkout repo + uses: actions/checkout@v3.2.0 + + - name: Add frodo to etc hosts + run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts + + - name: read password from vault + uses: hashicorp/vault-action@v2 + with: + url: https://frodo.scify.org:8200 + caCertificate: ${{ secrets.VAULT_CA_CERT }} + method: userpass + username: ${{ secrets.VAULT_USER }} + password: ${{ secrets.VAULT_PASSWORD }} + secrets: | + Projects/data/crowdsourcing/staging_sec_data/database db_name | DB_NAME ; + Projects/data/crowdsourcing/staging_sec_data/database db_user | DB_USER ; + Projects/data/crowdsourcing/staging_sec_data/database password | DB_PASSWORD ; + Projects/data/crowdsourcing/staging_sec_data/google_client_secrets google_client_id | GOOGLE_CLIENT_ID ; + Projects/data/crowdsourcing/production/email/laravel_mailgun_env_variables MAILGUN_SECRET | MAILGUN_SECRET ; + + + + + + - name: Create .env file + uses: cuchi/jinja2-action@v1.2.0 + with: + template: .github/templates/.env.j2 + output_file: .env + variables: | + DB_NAME=${{ env.DB_NAME }} + DB_USER=${{ env.DB_USER }} + DB_PASSWORD=${{ env.DB_PASSWORD }} + LARAVEL_STAGING_SEC_DATA_APP_KEY=${{ secrets.LARAVEL_STAGING_SEC_DATA_APP_KEY }} + PROJECT_URL=${{ env.PROJECT_URL }} + MAILGUN_SECRET=${{ env.MAILGUN_SECRET }} + PERSONAL_CLIENT_ID=${{ secrets.PERSONAL_CLIENT_ID }} + PERSONAL_CLIENT_SECRET=${{ secrets.PERSONAL_CLIENT_SECRET }} + PASSWORD_CLIENT_SECRET=${{ secrets.PASSWORD_CLIENT_SECRET }} + FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }} + FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }} + TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }} + TWITTER_CLIENT_SECRET=${{ secrets.TWITTER_CLIENT_SECRET }} + GOOGLE_CLIENT_ID=${{ env.GOOGLE_CLIENT_ID }} + GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} + MICROSOFT_CLIENT_ID=${{ secrets.MICROSOFT_CLIENT_ID }} + MICROSOFT_CLIENT_SECRET=${{ secrets.MICROSOFT_CLIENT_SECRET }} + LINKEDIN_CLIENT_ID=${{ secrets.LINKEDIN_CLIENT_ID }} + LINKEDIN_CLIENT_SECRET=${{ secrets.LINKEDIN_CLIENT_SECRET }} + DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED=${{ secrets.DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }} + GOOGLE_TRANSLATE_KEY=${{ secrets.GOOGLE_TRANSLATE_KEY }} + MAILCHIMP_API_KEY=${{ secrets.MAILCHIMP_API_KEY }} + SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN }} + API_AUTH_TOKEN=${{ secrets.API_AUTH_TOKEN }} + USERWAY_ID=${{ secrets.USERWAY_ID }} + AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} + + + + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version-file: '.nvmrc' + + - name: Install node dependencies + run: npm install + + - name: Build assets + run: npm run build + + + - name: SCP files to staging server + uses: easingthemes/ssh-deploy@v3.0.1 + env: + SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }} + REMOTE_PORT: 222 + SOURCE: "./" + REMOTE_HOST: ${{ env.SERVER_HOSTNAME }} + REMOTE_USER: ${{ env.REMOTE_USER }} + TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}" + + + - name: Run composer install on remote server + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.SERVER_HOSTNAME }} + port: 222 + username: ${{ env.REMOTE_USER }} + key: ${{ secrets.SSH_KEY_STAGING_SERVER }} + script: | + source /home/${{ env.REMOTE_USER }}/.profile + cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }} + composer install --no-interaction --no-progress --optimize-autoloader + # --no-dev \ No newline at end of file