scify · PavlosIsaris · Oct 4, 2024 · Oct 3, 2024 · Oct 3, 2024 · Oct 3, 2024
diff --git a/.github/templates/.env.j2 b/.github/templates/.env.j2
@@ -0,0 +1,103 @@
+APP_NAME="Crowdsourcing platform | Let's crowdsource our future"
+APP_ENV=production
+APP_KEY={{ LARAVEL_STAGING_SEC_DATA_APP_KEY }}
+APP_DEBUG=false
+DEBUGBAR_ENABLED=false
+APP_LOG_LEVEL=debug
+APP_URL=https://{{ PROJECT_URL }}
+ASSET_URL=${APP_URL}
+MIX_ASSET_URL=${APP_URL}
+APP_VERSION=v8.0
+GOOGLE_MAPS_KEY=
+
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE={{ DB_NAME }}
+DB_USERNAME={{ DB_USER }}
+DB_PASSWORD={{ DB_PASSWORD }}
+
+BROADCAST_DRIVER=redis
+CACHE_DRIVER=file
+QUEUE_CONNECTION=redis
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+REDIS_CLIENT=phpredis
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+REDIS_PREFIX=crowdsourcing_ecas_
+
+
+MAIL_MAILER=mailgun
+[email protected]
+MAIL_FROM_NAME="Crowdsourcing Platform"
+MAIL_HOST=smtp.eu.mailgun.org
+MAILGUN_DOMAIN=crowdsourcing.ecas.org
+MAILGUN_SECRET={{ MAILGUN_SECRET }}
+MAILGUN_ENDPOINT=api.eu.mailgun.net
+
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_APP_CLUSTER=mt1
+
+PERSONAL_CLIENT_ID=1
+PERSONAL_CLIENT_SECRET= {{ PERSONAL_CLIENT_SECRET }}
+PASSWORD_CLIENT_ID=2
+PASSWORD_CLIENT_SECRET={{ PASSWORD_CLIENT_SECRET }}
+
+FACEBOOK_CLIENT_ID={{ FACEBOOK_CLIENT_ID }}
+FACEBOOK_CLIENT_SECRET={{ FACEBOOK_CLIENT_SECRET }}
+
+TWITTER_CLIENT_ID={{ TWITTER_CLIENT_ID }}
+TWITTER_CLIENT_SECRET={{ TWITTER_CLIENT_SECRET }}
+
+GOOGLE_CLIENT_ID={{ GOOGLE_CLIENT_ID }}
+GOOGLE_CLIENT_SECRET={{ GOOGLE_CLIENT_SECRET }}
+
+MICROSOFT_CLIENT_ID={{ MICROSOFT_CLIENT_ID }}
+MICROSOFT_CLIENT_SECRET={{ MICROSOFT_CLIENT_SECRET }}
+
+LINKEDIN_CLIENT_ID={{ LINKEDIN_CLIENT_ID }}
+LINKEDIN_CLIENT_SECRET={{ LINKEDIN_CLIENT_SECRET }}
+
+DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED={{ DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }}
+
+GOOGLE_TRANSLATE_KEY={{ GOOGLE_TRANSLATE_KEY }}
+# MAILCHIMP INTEGRATION
+MAILCHIMP_API_KEY={{ MAILCHIMP_API_KEY }}
+
+# SENTRY DSN
+SENTRY_LARAVEL_DSN={{ SENTRY_LARAVEL_DSN }}
+SENTRY_TRACES_SAMPLE_RATE=1
+VITE_SENTRY_DSN_PUBLIC="${SENTRY_LARAVEL_DSN}"
+
+VITE_APP_URL="${APP_URL}"
+
+
+INSTALLATION_RESOURCES_DIR=ecas
+API_AUTH_TOKEN={{ API_AUTH_TOKEN }}
+MIX_API_AUTH_TOKEN="${API_AUTH_TOKEN}"
+MIX_APP_URL="${APP_URL}"
+USERWAY_ID={{ USERWAY_ID }}
+
+
+# Newsletter variables
+NEWSLETTER_LIST_ID_NEWSLETTER=# this should come from the mailchimp_lists DB table
+NEWSLETTER_LIST_ID_NEWSLETTER_REGISTERED_USERS=# this should come from the mailchimp_lists DB table
+
+# Variables needed for S3-based filesystem to work
+AWS_ACCESS_KEY_ID={{ AWS_ACCESS_KEY_ID }}
+AWS_SECRET_ACCESS_KEY={{ AWS_SECRET_ACCESS_KEY }}
+AWS_DEFAULT_REGION=eu-central-1
+AWS_BUCKET=crowdsourcing-ecas-bucket-s3
+AWS_USE_PATH_STYLE_ENDPOINT=false
+
+INSTALLATION_COMPANY_NAME="ECAS - European Citizen Action Service"
+INSTALLATION_COMPANY_ADDRESS="BeCentral Cantersteen 12 B-1000 Brussels, Belgium"
+INSTALLATION_COMPANY_PHONE="+32 (0) 2 548 04 90"
+INSTALLATION_COMPANY_EMAIL="info(at)ecas.org"
+
diff --git a/.github/templates/wg0.j2 b/.github/templates/wg0.j2
@@ -0,0 +1,10 @@
+[Interface]
+Address = 10.10.0.19/32
+ListenPort = 48123
+PrivateKey = {{ WIREGUARD_PRIVATE_KEY }}
+
+[Peer]
+PublicKey = {{ VPN_SERVER_PUBLIC_KEY }}
+AllowedIPs = 10.10.0.0/24
+Endpoint = pegasus.scify.org:1194
+PersistentKeepalive = 25
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,137 @@
+name: Deploy to Secondary Staging Server
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - staging_sec_data
+
+env:
+  PHP_VERSION: '8.2'
+  SERVER_HOSTNAME: 'staging.scify.org'
+  REMOTE_USER: 'project_crowdsourcing_sec_data'
+  PROJECT_URL: 'crowdsourcing-ecas.staging.scify.org'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/[email protected]
+
+      - name: Install wireguard
+        run: sudo apt install wireguard
+
+      - name: Create wg0 file
+        uses: cuchi/[email protected]
+        with:
+          template: .github/templates/wg0.j2
+          output_file: wg0.conf
+          variables: |
+            WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }}
+            VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }}
+
+
+
+      - name: Move wg0.conf to /etc/wireguard
+        run: sudo mv wg0.conf /etc/wireguard/wg0.conf
+
+      - name: Start wireguard
+        run: sudo wg-quick up wg0
+
+      - name: Checkout repo
+        uses: actions/[email protected]
+
+      - name: Add frodo to etc hosts
+        run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts
+
+      - name: read password from vault
+        uses: hashicorp/vault-action@v2
+        with:
+          url: https://frodo.scify.org:8200
+          caCertificate: ${{ secrets.VAULT_CA_CERT }}
+          method: userpass
+          username: ${{ secrets.VAULT_USER }}
+          password: ${{ secrets.VAULT_PASSWORD }}
+          secrets: |
+            Projects/data/crowdsourcing/staging_sec_data/database db_name | DB_NAME ;
+            Projects/data/crowdsourcing/staging_sec_data/database db_user | DB_USER ;
+            Projects/data/crowdsourcing/staging_sec_data/database password | DB_PASSWORD ;
+            Projects/data/crowdsourcing/staging_sec_data/google_client_secrets google_client_id | GOOGLE_CLIENT_ID ;
+            Projects/data/crowdsourcing/production/email/laravel_mailgun_env_variables MAILGUN_SECRET | MAILGUN_SECRET ;
+
+
+
+
+
+      - name: Create .env file
+        uses: cuchi/[email protected]
+        with:
+          template: .github/templates/.env.j2
+          output_file: .env
+          variables: |
+            DB_NAME=${{ env.DB_NAME }}
+            DB_USER=${{ env.DB_USER }}
+            DB_PASSWORD=${{ env.DB_PASSWORD }}
+            LARAVEL_STAGING_SEC_DATA_APP_KEY=${{ secrets.LARAVEL_STAGING_SEC_DATA_APP_KEY }}
+            PROJECT_URL=${{ env.PROJECT_URL }}
+            MAILGUN_SECRET=${{ env.MAILGUN_SECRET }}
+            PERSONAL_CLIENT_ID=${{ secrets.PERSONAL_CLIENT_ID }}
+            PERSONAL_CLIENT_SECRET=${{ secrets.PERSONAL_CLIENT_SECRET }}
+            PASSWORD_CLIENT_SECRET=${{ secrets.PASSWORD_CLIENT_SECRET }}
+            FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }}
+            FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }}
+            TWITTER_CLIENT_ID=${{ secrets.TWITTER_CLIENT_ID }}
+            TWITTER_CLIENT_SECRET=${{ secrets.TWITTER_CLIENT_SECRET }}
+            GOOGLE_CLIENT_ID=${{ env.GOOGLE_CLIENT_ID }}
+            GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}
+            MICROSOFT_CLIENT_ID=${{ secrets.MICROSOFT_CLIENT_ID }}
+            MICROSOFT_CLIENT_SECRET=${{ secrets.MICROSOFT_CLIENT_SECRET }}
+            LINKEDIN_CLIENT_ID=${{ secrets.LINKEDIN_CLIENT_ID }}
+            LINKEDIN_CLIENT_SECRET=${{ secrets.LINKEDIN_CLIENT_SECRET }}
+            DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED=${{ secrets.DEFAULT_ADMIN_USER_PASSWORD_FOR_SEED }}
+            GOOGLE_TRANSLATE_KEY=${{ secrets.GOOGLE_TRANSLATE_KEY }}
+            MAILCHIMP_API_KEY=${{ secrets.MAILCHIMP_API_KEY }}
+            SENTRY_LARAVEL_DSN=${{ secrets.SENTRY_LARAVEL_DSN }}
+            API_AUTH_TOKEN=${{ secrets.API_AUTH_TOKEN }}
+            USERWAY_ID=${{ secrets.USERWAY_ID }}
+            AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
+            AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
+
+
+
+      - name: Setup node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: '.nvmrc'
+
+      - name: Install node dependencies
+        run: npm install
+
+      - name: Build assets
+        run: npm run build
+
+
+      - name: SCP files to staging server
+        uses: easingthemes/[email protected]
+        env:
+            SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }}
+            REMOTE_PORT: 222
+            SOURCE: "./"
+            REMOTE_HOST: ${{ env.SERVER_HOSTNAME }}
+            REMOTE_USER: ${{ env.REMOTE_USER }}
+            TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}"
+
+
+      - name: Run composer install on remote server
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ env.SERVER_HOSTNAME }}
+          port: 222
+          username: ${{ env.REMOTE_USER }}
+          key: ${{ secrets.SSH_KEY_STAGING_SERVER }}
+          script: |
+            source /home/${{ env.REMOTE_USER }}/.profile
+            cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}
+            composer install --no-interaction --no-progress --optimize-autoloader 
+  # --no-dev