jbourdon/social-media
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(cd): hardening of env settings
All checks were successful
deploy-socialize / image (push) Successful in 28s
Details
deploy-socialize / deploy (push) Successful in 15s
Details

Browse Source
This commit is contained in:
Jonathan Bourdon
2026-05-06 21:25:11 -04:00
parent 4eb0fbc22b
commit ef323c291f
2 changed files with 18 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.gitea/workflows/deploy-socialize.yml
View File

@@ -47,21 +47,9 @@ jobs:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }} DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_SSH_PRIVATE_KEY_B64: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY_B64 }} DEPLOY_SSH_PRIVATE_KEY_B64: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY_B64 }}
POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
POSTGRES_PORT: ${{ secrets.POSTGRES_PORT }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
RESEND_FROM_EMAIL: ${{ secrets.RESEND_FROM_EMAIL }}
JWT_SIGNING_KEY: ${{ secrets.JWT_SIGNING_KEY }}
SOCIALIZE_IMAGE_TAG: ${{ gitea.sha }} SOCIALIZE_IMAGE_TAG: ${{ gitea.sha }}
run: | run: |
: "${POSTGRES_PASSWORD:?POSTGRES_PASSWORD secret is required}"
: "${RESEND_API_KEY:?RESEND_API_KEY secret is required}"
: "${RESEND_FROM_EMAIL:?RESEND_FROM_EMAIL secret is required}"
: "${JWT_SIGNING_KEY:?JWT_SIGNING_KEY secret is required}"
: "${SOCIALIZE_IMAGE_TAG:?SOCIALIZE_IMAGE_TAG is required}" : "${SOCIALIZE_IMAGE_TAG:?SOCIALIZE_IMAGE_TAG is required}"
POSTGRES_HOST="${POSTGRES_HOST:-db}"
POSTGRES_PORT="${POSTGRES_PORT:-5432}"
mkdir -p ~/.ssh mkdir -p ~/.ssh
printf '%s' "$DEPLOY_SSH_PRIVATE_KEY_B64" | base64 -d > ~/.ssh/deploy_key printf '%s' "$DEPLOY_SSH_PRIVATE_KEY_B64" | base64 -d > ~/.ssh/deploy_key
@@ -76,36 +64,12 @@ jobs:
deploy_env="$(mktemp)" deploy_env="$(mktemp)"
{ {
write_env_value POSTGRES_USER sa
write_env_value POSTGRES_HOST "$POSTGRES_HOST"
write_env_value POSTGRES_PORT "$POSTGRES_PORT"
write_env_value POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
write_env_value POSTGRES_DB socialize
write_env_value ConnectionStrings__PostgresConnection "Host=$POSTGRES_HOST;Port=$POSTGRES_PORT;Database=socialize;Username=sa;Password=$POSTGRES_PASSWORD"
write_env_value ASPNETCORE_ENVIRONMENT Production
write_env_value ASPNETCORE_URLS http://0.0.0.0:8080
write_env_value WEBSITE_FRONTEND_BASE_URL https://socialize.mapachotes.com
write_env_value Website__FrontendBaseUrl https://socialize.mapachotes.com
write_env_value RESEND_API_KEY "$RESEND_API_KEY"
write_env_value Emailer__ApiKey "$RESEND_API_KEY"
write_env_value RESEND_FROM_EMAIL "$RESEND_FROM_EMAIL"
write_env_value Emailer__FromEmail "$RESEND_FROM_EMAIL"
write_env_value JWT_ISSUER https://socialize.mapachotes.com
write_env_value Authentication__Jwt__Issuer https://socialize.mapachotes.com
write_env_value JWT_AUDIENCE socialize-preprod
write_env_value Authentication__Jwt__Audience socialize-preprod
write_env_value JWT_SIGNING_KEY "$JWT_SIGNING_KEY"
write_env_value Authentication__Jwt__Key "$JWT_SIGNING_KEY"
write_env_value JWT_LIFETIME 00:05:00
write_env_value Authentication__Jwt__Lifetime 00:05:00
write_env_value JWT_REFRESH_TOKEN_LIFETIME 0.00:30:00
write_env_value Authentication__Jwt__RefreshTokenLifetime 0.00:30:00
write_env_value SOCIALIZE_IMAGE_TAG "$SOCIALIZE_IMAGE_TAG" write_env_value SOCIALIZE_IMAGE_TAG "$SOCIALIZE_IMAGE_TAG"
} > "$deploy_env" } > "$deploy_env"
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.env" scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.deploy.env"
rm -f "$deploy_env" rm -f "$deploy_env"
scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new deploy/compose.yml "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/compose.yml" scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new deploy/compose.yml "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/compose.yml"
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$DEPLOY_USER@$DEPLOY_HOST" \ ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$DEPLOY_USER@$DEPLOY_HOST" \
'cd /srv/prod/socialize && set -a && . ./.env && set +a && ./deploy.sh' 'test -r /etc/socialize/socialize.env && cd /srv/prod/socialize && ./deploy.sh'

18
deploy/compose.yml
View File

@@ -3,7 +3,8 @@ services:
image: postgres:16 image: postgres:16
restart: unless-stopped restart: unless-stopped
env_file: env_file:
- .env - /etc/socialize/socialize.env
- .deploy.env
environment: environment:
POSTGRES_DB: ${POSTGRES_DB} POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER} POSTGRES_USER: ${POSTGRES_USER}
@@ -22,7 +23,20 @@ services:
image: git.mapachotes.com/jbourdon/socialize-api:${SOCIALIZE_IMAGE_TAG} image: git.mapachotes.com/jbourdon/socialize-api:${SOCIALIZE_IMAGE_TAG}
restart: unless-stopped restart: unless-stopped
env_file: env_file:
- .env - /etc/socialize/socialize.env
- .deploy.env
environment:
ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT}
ASPNETCORE_URLS: ${ASPNETCORE_URLS}
ConnectionStrings__PostgresConnection: Host=${POSTGRES_HOST};Port=${POSTGRES_PORT};Database=${POSTGRES_DB};Username=${POSTGRES_USER};Password=${POSTGRES_PASSWORD}
Website__FrontendBaseUrl: ${WEBSITE_FRONTEND_BASE_URL}
Emailer__ApiKey: ${RESEND_API_KEY}
Emailer__FromEmail: ${RESEND_FROM_EMAIL}
Authentication__Jwt__Issuer: ${JWT_ISSUER}
Authentication__Jwt__Audience: ${JWT_AUDIENCE}
Authentication__Jwt__Key: ${JWT_SIGNING_KEY}
Authentication__Jwt__Lifetime: ${JWT_LIFETIME}
Authentication__Jwt__RefreshTokenLifetime: ${JWT_REFRESH_TOKEN_LIFETIME}
depends_on: depends_on:
db: db:
condition: service_healthy condition: service_healthy