From 9af50fbedf960e2e600c1bfcad0f611524c1bd56 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 19 Sep 2024 08:59:15 +0200 Subject: [PATCH 01/52] - files for preparing prod deployment --- .env.example | 3 + .github/workflows/deploy-to-prod.yml | 116 ++++++++++++++++++ .sops.yaml | 5 + Makefile | 24 ++++ docker-compose.yaml | 2 + environment/prod/deployment/prod/Makefile | 41 +++++++ .../deployment/prod/apps/eskrzypacz/.env.prod | 0 .../prod/apps/eskrzypacz/.env.prod.secrets | 0 .../deployment/prod/apps/kpiech/.env.prod | 0 .../prod/apps/kpiech/.env.prod.secrets | 0 .../deployment/prod/apps/krewak/.env.prod | 0 .../prod/apps/krewak/.env.prod.secrets | 0 .../deployment/prod/apps/kzygadlo/.env.prod | 0 .../prod/apps/kzygadlo/.env.prod.secrets | 0 .../deployment/prod/docker-compose.prod.yml | 78 ++++++++++++ 15 files changed, 269 insertions(+) create mode 100644 .github/workflows/deploy-to-prod.yml create mode 100644 environment/prod/deployment/prod/Makefile create mode 100644 environment/prod/deployment/prod/apps/eskrzypacz/.env.prod create mode 100644 environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets create mode 100644 environment/prod/deployment/prod/apps/kpiech/.env.prod create mode 100644 environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets create mode 100644 environment/prod/deployment/prod/apps/krewak/.env.prod create mode 100644 environment/prod/deployment/prod/apps/krewak/.env.prod.secrets create mode 100644 environment/prod/deployment/prod/apps/kzygadlo/.env.prod create mode 100644 environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets create mode 100644 environment/prod/deployment/prod/docker-compose.prod.yml diff --git a/.env.example b/.env.example index 0e7f2758..80014401 100644 --- a/.env.example +++ b/.env.example @@ -20,3 +20,6 @@ DOCKER_DATABASE_HOST_PORT=53853 DOCKER_REDIS_HOST_PORT=53852 DOCKER_INSTALL_XDEBUG=true DOCKER_HOST_USER_ID=1000 + +SOPS_AGE_BETA_SECRET_KEY= +SOPS_AGE_PROD_SECRET_KEY= diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml new file mode 100644 index 00000000..e58ae8a1 --- /dev/null +++ b/.github/workflows/deploy-to-prod.yml @@ -0,0 +1,116 @@ +name: Deploy to production Keating + +concurrency: + group: deploy-prod + cancel-in-progress: false + +on: + workflow_dispatch: + inputs: + appName: + description: 'For whom app should be deployed?' + required: true + type: choice + options: + - krewak + - eskrzypacz + - kzygadlo + - kpiech + +jobs: + deploy: + environment: production + runs-on: ubuntu-22.04 + name: Deploy to production - ${{ inputs.appName }} + env: + DOCKER_REGISTRY: registry.blumilk.pl + DOCKER_REGISTRY_USER_NAME: robot@blumilkbot-harbor + DOCKER_REGISTRY_PROJECT_NAME: internal-public + DOCKER_REGISTRY_REPO_NAME: keating + TARGET_DIR_ON_SERVER: /blumilk/production + APP_NAME: ${{ inputs.appName }} + steps: + - name: set branch name + run: echo "BRANCH_NAME=$GITHUB_REF_NAME" >> $GITHUB_ENV + + - name: checkout + uses: actions/checkout@v4.1.1 + with: + fetch-depth: 0 + ref: ${{ env.BRANCH_NAME }} + + - name: sync with main branch + run: | + git config user.name "GitHub Actions Bot" + git config user.email "<>" + git merge --no-commit --no-ff origin/main + + - name: set deployment project version + run: echo "DEPLOYMENT_PROJECT_VERSION=$(bash ./environment/prod/deployment/scripts/version.sh --long)" >> $GITHUB_ENV + + - name: set up Docker Buildx + uses: docker/setup-buildx-action@v3.1.0 + + - name: login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ${{ env.DOCKER_REGISTRY }} + username: ${{ env.DOCKER_REGISTRY_USER_NAME }} + password: ${{ secrets.BLUMILKBOT_HARBOR_TOKEN }} + + - name: set docker image name + run: echo "DOCKER_IMAGE_NAME=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_REGISTRY_PROJECT_NAME }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}" >> $GITHUB_ENV + + - name: Docker meta + id: meta + uses: docker/metadata-action@v5.5.1 + with: + images: ${{ env.DOCKER_IMAGE_NAME }} + tags: | + type=raw,value=${{ env.APP_NAME }} + context: workflow + + - name: build and push image + uses: docker/build-push-action@v5.1.0 + with: + context: . + file: ./environment/prod/app/Dockerfile + build-args: | + DEPLOYMENT_PROJECT_VERSION_ARG=${{ env.DEPLOYMENT_PROJECT_VERSION }} + APP_ID_ARG=${{ env.APP_NAME }} + push: true + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} + cache-from: type=gha, ref=${{ env.DOCKER_IMAGE_NAME }}-prod-build-cache + cache-to: type=gha, ref=${{ env.DOCKER_IMAGE_NAME }}-prod-build-cache, mode=max + + - name: copy files via ssh + uses: appleboy/scp-action@v0.1.7 + with: + timeout: 10s + command_timeout: 10m + host: ${{ secrets.VPS_OVH_BF7EC892_HOST }} + port: ${{ secrets.VPS_OVH_BF7EC892_PORT }} + username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} + key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} + passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} + source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml" + target: ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }} + rm: true + + - uses: appleboy/ssh-action@v1.0.3 + with: + timeout: 10s + command_timeout: 10m + host: ${{ secrets.VPS_OVH_BF7EC892_HOST }} + port: ${{ secrets.VPS_OVH_BF7EC892_PORT }} + username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} + key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} + passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} + script_stop: true + script: | + cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }}/environment/prod/deployment/prod/ + mv Makefile docker-compose.prod.yml apps/${{ env.APP_NAME }}/ + cd apps/${{ env.APP_NAME }} + make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi diff --git a/.sops.yaml b/.sops.yaml index a9a66f41..59a0e398 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,3 +4,8 @@ creation_rules: path_regex: \.env\.beta\.secrets.*$ age: >- age1vq7sw98g2xk9md2yg9f959k8xkaz8r32pds27jn3nsfcdue3757s0h7hd8 + + - name: prod + path_regex: \.env\.prod\.secrets.*$ + age: >- + age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w diff --git a/Makefile b/Makefile index 540f683b..62912439 100644 --- a/Makefile +++ b/Makefile @@ -65,6 +65,30 @@ encrypt-beta-secrets: decrypt-beta-secrets: @$(MAKE) decrypt-secrets SECRETS_ENV=beta AGE_SECRET_KEY=${SOPS_AGE_BETA_SECRET_KEY} +encrypt-krewak-prod-secrets: + @$(MAKE) encrypt-secrets SECRETS_ENV=krewak + +decrypt-krewak-prod-secrets: + @$(MAKE) decrypt-secrets SECRETS_ENV=krewak + +encrypt-eskrzypacz-prod-secrets: + @$(MAKE) encrypt-secrets SECRETS_ENV=eskrzypacz + +decrypt-eskrzypacz-prod-secrets: + @$(MAKE) decrypt-secrets SECRETS_ENV=eskrzypacz + +encrypt-kzygadlo-prod-secrets: + @$(MAKE) encrypt-secrets SECRETS_ENV=kzygadlo + +decrypt-kzygadlo-prod-secrets: + @$(MAKE) decrypt-secrets SECRETS_ENV=kzygadlo + +encrypt-kpiech-prod-secrets: + @$(MAKE) encrypt-secrets SECRETS_ENV=kpiech + +decrypt-kpiech-prod-secrets: + @$(MAKE) decrypt-secrets SECRETS_ENV=kpiech + decrypt-secrets: @docker compose exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" --env SOPS_AGE_KEY=${AGE_SECRET_KEY} ${DOCKER_COMPOSE_APP_CONTAINER} \ bash -c "echo 'Decrypting ${SECRETS_ENV} secrets' \ diff --git a/docker-compose.yaml b/docker-compose.yaml index 12473143..e95559ed 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -52,6 +52,7 @@ services: image: postgres:15.5-alpine3.17@sha256:1961f9d61a86948fb3c02ef87a6616f74f3530d10a1cd299b84abba7ed6db791 container_name: keating-db-dev environment: + - POSTGRES_MULTIPLE_DATABASES=test1,test2,test3,test4 - POSTGRES_USER=${DB_USERNAME} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_DATABASE} @@ -65,6 +66,7 @@ services: - ${DOCKER_DATABASE_HOST_PORT:-3853}:5432 volumes: - ./environment/dev/postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql + - ./environment/dev/scripts/multiple-database.sh:/docker-entrypoint-initdb.d/multiple-database.sh - keating-postgres-data:/var/lib/postgresql/data networks: - keating-dev diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile new file mode 100644 index 00000000..1065eec1 --- /dev/null +++ b/environment/prod/deployment/prod/Makefile @@ -0,0 +1,41 @@ +export COMPOSE_DOCKER_CLI_BUILD = 1 +export DOCKER_BUILDKIT = 1 + +MAKEFLAGS += --no-print-directory + +SHELL := /bin/bash + +CURRENT_USER_ID = $(shell id --user) +CURRENT_USER_GROUP_ID = $(shell id --group) + +DOCKER_COMPOSE_FILENAME = docker-compose.prod.yml +DOCKER_COMPOSE_APP_SERVICE = keating-prod-app + +DOCKER_EXEC_SCRIPT = docker compose --file ${DOCKER_COMPOSE_FILENAME} exec --workdir /application/environment/prod/deployment/scripts ${DOCKER_COMPOSE_APP_SERVICE} bash + +CURRENT_DIR = $(shell pwd) + +prod-deploy: decrypt-secrets create-deployment-file + @docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + echo "App post deploy actions" && \ + ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh + +SOPS_VERSION=3.8.1 + +decrypt-secrets: + @wget --output-document ./sops "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.amd64" \ + && chmod +x ./sops \ + && mv .env.prod .env \ + && echo "Decrypting secrets" \ + && ./sops --decrypt --input-type=dotenv --output-type=dotenv .env.prod.secrets >> .env \ + && echo "Done" + +DEPLOYMENT_DATETIME = $(shell TZ=Europe/Warsaw date --rfc-3339=seconds) + +create-deployment-file: + @echo "\ + DEPLOY_DATE='${DEPLOYMENT_DATETIME}'\ + " > .deployment + +.PHONY: prod-deploy decrypt-secrets create-deployment-file diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets new file mode 100644 index 00000000..e69de29b diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml new file mode 100644 index 00000000..c17f8e19 --- /dev/null +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -0,0 +1,78 @@ +networks: + traefik-proxy: + external: true + keating-prod: + driver: bridge + +volumes: + keating-postgres-data: + name: keating-prod-postgres-data + keating-redis-data: + name: keating-prod-redis-data + +services: + keating-prod-app: + image: registry.blumilk.pl/internal-public/keating:${COMPOSE_PROJECT_NAME} + container_name: keating-${COMPOSE_PROJECT_NAME}-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=response-gzip-compress@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment + + database: + image: postgres:15.5-alpine3.17@sha256:1961f9d61a86948fb3c02ef87a6616f74f3530d10a1cd299b84abba7ed6db791 + container_name: keating-prod-database + environment: + - POSTGRES_USER=${DB_USERNAME} + - POSTGRES_PASSWORD=${DB_PASSWORD} + - POSTGRES_DB=${DB_DATABASE} + - PGDATA=/var/lib/postgresql/data + healthcheck: + test: [ "CMD-SHELL", "pg_isready --dbname ${DB_DATABASE} --username ${DB_USERNAME}" ] + interval: 3s + timeout: 3s + retries: 5 + volumes: + - ./environment/dev/postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql + - keating-prod-postgres-data:/var/lib/postgresql/data + networks: + - keating-prod + restart: unless-stopped + + redis: + image: redis:7.0.11-alpine3.17@sha256:cbcf5bfbc3eaa232b1fa99e539459f46915a41334d46b54bf894f8837a7f071e + container_name: keating-prod-redis + healthcheck: + test: [ "CMD-SHELL", "redis-cli ping | grep PONG" ] + interval: 3s + timeout: 3s + retries: 5 + volumes: + - keating-prod-redis-data:/data + networks: + - keating-prod + restart: unless-stopped From 418a251a078f8a3a1c3fd1dddb7d0eaf4a33f702 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 19 Sep 2024 09:07:38 +0200 Subject: [PATCH 02/52] - add volume to prod docker-compose and add script for test create database --- .../deployment/scripts/multiple-database.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 environment/prod/deployment/scripts/multiple-database.sh diff --git a/environment/prod/deployment/scripts/multiple-database.sh b/environment/prod/deployment/scripts/multiple-database.sh new file mode 100644 index 00000000..542d6540 --- /dev/null +++ b/environment/prod/deployment/scripts/multiple-database.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +# -e is for "automatic error detection", tell shell to abort any time an error occurred +set -e +set -u + +function create_user_and_database() { + local database=$1 + echo " Creating user and database '$database'" + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL + CREATE USER $database; + CREATE DATABASE $database; + GRANT ALL PRIVILEGES ON DATABASE $database TO $database; +EOSQL +} + +if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then + echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" + for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do + create_user_and_database $db + done + echo "Multiple databases created" +fi From 2861e7cc09f751fe6ffbe63c770d0bcfd49c8293 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 19 Sep 2024 09:08:12 +0200 Subject: [PATCH 03/52] - add volume to prod docker-compose and add script for test create database --- environment/prod/deployment/prod/docker-compose.prod.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index c17f8e19..5c59a2aa 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -58,6 +58,7 @@ services: retries: 5 volumes: - ./environment/dev/postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql + - ./environment/prod/deployment/scripts/multiple-database.sh:/docker-entrypoint-initdb.d/multiple-database.sh - keating-prod-postgres-data:/var/lib/postgresql/data networks: - keating-prod From b207739f958b9d0a2e1cf165cebffd1422462454 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 09:27:59 +0200 Subject: [PATCH 04/52] - delete script and update docker-compose --- docker-compose.yaml | 1 - .../deployment/scripts/multiple-database.sh | 23 ------------------- 2 files changed, 24 deletions(-) delete mode 100644 environment/prod/deployment/scripts/multiple-database.sh diff --git a/docker-compose.yaml b/docker-compose.yaml index e95559ed..dc6f21d4 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -52,7 +52,6 @@ services: image: postgres:15.5-alpine3.17@sha256:1961f9d61a86948fb3c02ef87a6616f74f3530d10a1cd299b84abba7ed6db791 container_name: keating-db-dev environment: - - POSTGRES_MULTIPLE_DATABASES=test1,test2,test3,test4 - POSTGRES_USER=${DB_USERNAME} - POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_DB=${DB_DATABASE} diff --git a/environment/prod/deployment/scripts/multiple-database.sh b/environment/prod/deployment/scripts/multiple-database.sh deleted file mode 100644 index 542d6540..00000000 --- a/environment/prod/deployment/scripts/multiple-database.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -# -e is for "automatic error detection", tell shell to abort any time an error occurred -set -e -set -u - -function create_user_and_database() { - local database=$1 - echo " Creating user and database '$database'" - psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL - CREATE USER $database; - CREATE DATABASE $database; - GRANT ALL PRIVILEGES ON DATABASE $database TO $database; -EOSQL -} - -if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then - echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES" - for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do - create_user_and_database $db - done - echo "Multiple databases created" -fi From 2aca15cc1a35b4e3ed46e0d7498dc14e10506680 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 09:53:12 +0200 Subject: [PATCH 05/52] - changes in secrets --- .gitignore | 1 + Makefile | 30 ++++++++++++++----- .../deployment/prod/apps/krewak/.env.prod | 8 +++++ .../prod/apps/krewak/.env.prod.secrets | 16 ++++++++++ 4 files changed, 47 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 6541a777..98fbf6ee 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ .env .env.backup .env.beta.secrets.decrypted +.env.prod.secrets.decrypted .phpunit.result.cache .php-cs-fixer.cache .appversion diff --git a/Makefile b/Makefile index 62912439..59f33b9d 100644 --- a/Makefile +++ b/Makefile @@ -66,28 +66,28 @@ decrypt-beta-secrets: @$(MAKE) decrypt-secrets SECRETS_ENV=beta AGE_SECRET_KEY=${SOPS_AGE_BETA_SECRET_KEY} encrypt-krewak-prod-secrets: - @$(MAKE) encrypt-secrets SECRETS_ENV=krewak + @$(MAKE) encrypt-secrets-prod SECRETS_ENV=krewak decrypt-krewak-prod-secrets: - @$(MAKE) decrypt-secrets SECRETS_ENV=krewak + @$(MAKE) decrypt-secrets-prod SECRETS_ENV=krewak AGE_SECRET_KEY=${SOPS_AGE_PROD_SECRET_KEY} encrypt-eskrzypacz-prod-secrets: - @$(MAKE) encrypt-secrets SECRETS_ENV=eskrzypacz + @$(MAKE) encrypt-secrets-prod SECRETS_ENV=eskrzypacz decrypt-eskrzypacz-prod-secrets: - @$(MAKE) decrypt-secrets SECRETS_ENV=eskrzypacz + @$(MAKE) decrypt-secrets-prod SECRETS_ENV=eskrzypacz AGE_SECRET_KEY=${SOPS_AGE_PROD_SECRET_KEY} encrypt-kzygadlo-prod-secrets: - @$(MAKE) encrypt-secrets SECRETS_ENV=kzygadlo + @$(MAKE) encrypt-secrets-prod SECRETS_ENV=kzygadlo decrypt-kzygadlo-prod-secrets: - @$(MAKE) decrypt-secrets SECRETS_ENV=kzygadlo + @$(MAKE) decrypt-secrets-prod SECRETS_ENV=kzygadlo AGE_SECRET_KEY=${SOPS_AGE_PROD_SECRET_KEY} encrypt-kpiech-prod-secrets: - @$(MAKE) encrypt-secrets SECRETS_ENV=kpiech + @$(MAKE) encrypt-secrets-prod SECRETS_ENV=kpiech decrypt-kpiech-prod-secrets: - @$(MAKE) decrypt-secrets SECRETS_ENV=kpiech + @$(MAKE) decrypt-secrets-prod SECRETS_ENV=kpiech AGE_SECRET_KEY=${SOPS_AGE_PROD_SECRET_KEY} decrypt-secrets: @docker compose exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" --env SOPS_AGE_KEY=${AGE_SECRET_KEY} ${DOCKER_COMPOSE_APP_CONTAINER} \ @@ -103,4 +103,18 @@ encrypt-secrets: && sops --encrypt --input-type=dotenv --output-type=dotenv --output .env.${SECRETS_ENV}.secrets .env.${SECRETS_ENV}.secrets.decrypted \ && echo 'Done'" +decrypt-secrets-prod: + @docker compose exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" --env SOPS_AGE_KEY=${AGE_SECRET_KEY} ${DOCKER_COMPOSE_APP_CONTAINER} \ + bash -c "echo 'Decrypting ${SECRETS_ENV} secrets' \ + && cd ./environment/prod/deployment/prod/apps/${SECRETS_ENV} \ + && sops --decrypt --input-type=dotenv --output-type=dotenv --output .env.prod.secrets.decrypted .env.prod.secrets \ + && echo 'Done'" + +encrypt-secrets-prod: + @docker compose exec --user "${CURRENT_USER_ID}:${CURRENT_USER_GROUP_ID}" ${DOCKER_COMPOSE_APP_CONTAINER} \ + bash -c "echo 'Encrypting ${SECRETS_ENV} secrets' \ + && cd ./environment/prod/deployment/prod/apps/${SECRETS_ENV} \ + && sops --encrypt --input-type=dotenv --output-type=dotenv --output .env.prod.secrets .env.prod.secrets.decrypted \ + && echo 'Done'" + .PHONY: init check-env-file build run stop restart shell shell-root test fix create-test-db queue encrypt-beta-secrets decrypt-beta-secrets diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index e69de29b..743fae29 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -0,0 +1,8 @@ +APP_NAME="KRewak Keating" +ENVIRONMENT=prod + +COMPOSE_PROJECT_NAME=krewak +TRAEFIK_ENABLED=true +KEATING_HOST_NAME= +APP_URL=https://${KEATING_HOST_NAME}/ +TRAEFIK_ROUTER_RULE= diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index e69de29b..a5a14cfd 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -0,0 +1,16 @@ +APP_KEY=ENC[AES256_GCM,data:2jAFpzWAGu5o/4b1/lOukA5CE2kWn4PbJoY+txTrFsnmHF3oPDAJWzG0sSHNrC2LIHju,iv:msZ72X3SnBVq/ORqWmcTg69s1SCoaoIDAkovYOx6S+E=,tag:6aay0/jTCWJRg/T4OMqixg==,type:str] +APP_DEBUG=ENC[AES256_GCM,data:d4+Pwpc=,iv:2EOYvimLRr98k/7bF9M477pR72Y5IOzSgPMceGW8TJg=,tag:mPiozNDMrDm/+IbyKl9Log==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:20mLfryrBQ==,iv:DlZbhZAnhIcP426HrSEGABnEep1D4WBiriywPZ2ujKk=,tag:F3xWV+eenpgpt0FoCZaqCg==,type:str] +DB_DATABASE=ENC[AES256_GCM,data:jdIlfknL,iv:kYPQR8bALCT6JMM5KiVo/86piJkQzIoHIWLQbNdgNAI=,tag:klKPNuPqy+fdrJWXkHBc6w==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:u+ZTWewa,iv:uGEokNpISTmTcrZqJcwe+W/UckbUhEI/qMMCI/hep7I=,tag:H41YvWageSS1zpm+HSuvRQ==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:NM0lQ2g1PHU=,iv:zmZUKe2CH8zgl+uxH3Gp+roxaeSU/z3cOdTV20AsifM=,tag:tDVB7ulE4CH4o2ijjMaXYg==,type:str] +CACHE_DRIVER=ENC[AES256_GCM,data:nTUFrLM=,iv:6xf1CExmI1qcHLDYhHNr3GxuB9R1wyc/yYLhbaOGO1c=,tag:qhHXWL01OQeO6W8C6KTgbA==,type:str] +QUEUE_CONNECTION=ENC[AES256_GCM,data:IfIbNX0=,iv:xjN27XROjDSgiqefls1dnK64ib4lVYycNabIXLHO/Lw=,tag:gRwk6zrzssoG7L5Yr83MHQ==,type:str] +SESSION_DRIVER=ENC[AES256_GCM,data:/Vzvcdo=,iv:xT2T8CCM9iVAm3gLupR0F55wKGhtP+rGxT00wcFU8To=,tag:C9L2h8a6CNZiW4bpTU9EAw==,type:str] +MAIL_ENCRYPTION=ENC[AES256_GCM,data:l/MQxA==,iv:e5FEah+0B3IbYc/blHR65UvFlhUNIvaEOxzMO522ydo=,tag:x7Wz/aAUP31FEKlPandQ+A==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzS1dpdVJQd1QxUlp6MURP\nT1ByZ0VqeDlnUmpuSXpmNG9wMmRBVy9MQ1hzCjB0MXhoNXRnRkUxSG0waWIxMXg3\nK0ViVkovRW1xNzNHc3VJM1V1bVFLcEUKLS0tIGdDdTJIWDZHSzVFdktWbXArT2Q1\nUXd6Tm9zOUt0NU9ldVlmOWg4a0lCRGMKT4o4HvZiXU7bNM58sgjB/b0+suEvCWne\no9raHyhHthHxNpwu/Ym5FFPhfWQ2JqePnyYZkrTdHHN1MlxwWHolAA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w +sops_lastmodified=2024-09-23T07:49:23Z +sops_mac=ENC[AES256_GCM,data:RZ5ii0voAl7+7HSdHeTJO9qf5eTyx+x7+DcgQRphWO0Dp2X2h7C5URlI1p4xVQIXBtsEeuLt+UIqazj2wQWJ1qResV8K4b1xPY/yJbu6oxZvKDgI8mPifSs1IA+IE+vnNux74SE36yv69KgtrdyIJvmz61tV+xaXZm6xDCT1aB4=,iv:u2IsKvL4T29fXtB7t+d5MDTtfmQ7ny4MKTIDb0piF/I=,tag:edRbaw4qDiUS+vFe/zygKw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 From 15cf549f028decdded3e5e90a02c18d18f18549b Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 09:56:05 +0200 Subject: [PATCH 06/52] - changes in secrets --- .../deployment/prod/apps/krewak/.env.prod | 5 +++++ .../prod/apps/krewak/.env.prod.secrets | 22 ++++++++----------- 2 files changed, 14 insertions(+), 13 deletions(-) diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index 743fae29..b4b0f0de 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -6,3 +6,8 @@ TRAEFIK_ENABLED=true KEATING_HOST_NAME= APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE= + +CACHE_DRIVER=redis +QUEUE_CONNECTION=redis +SESSION_DRIVER=redis +MAIL_ENCRYPTION=null diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index a5a14cfd..edd482b5 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,16 +1,12 @@ -APP_KEY=ENC[AES256_GCM,data:2jAFpzWAGu5o/4b1/lOukA5CE2kWn4PbJoY+txTrFsnmHF3oPDAJWzG0sSHNrC2LIHju,iv:msZ72X3SnBVq/ORqWmcTg69s1SCoaoIDAkovYOx6S+E=,tag:6aay0/jTCWJRg/T4OMqixg==,type:str] -APP_DEBUG=ENC[AES256_GCM,data:d4+Pwpc=,iv:2EOYvimLRr98k/7bF9M477pR72Y5IOzSgPMceGW8TJg=,tag:mPiozNDMrDm/+IbyKl9Log==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:20mLfryrBQ==,iv:DlZbhZAnhIcP426HrSEGABnEep1D4WBiriywPZ2ujKk=,tag:F3xWV+eenpgpt0FoCZaqCg==,type:str] -DB_DATABASE=ENC[AES256_GCM,data:jdIlfknL,iv:kYPQR8bALCT6JMM5KiVo/86piJkQzIoHIWLQbNdgNAI=,tag:klKPNuPqy+fdrJWXkHBc6w==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:u+ZTWewa,iv:uGEokNpISTmTcrZqJcwe+W/UckbUhEI/qMMCI/hep7I=,tag:H41YvWageSS1zpm+HSuvRQ==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:NM0lQ2g1PHU=,iv:zmZUKe2CH8zgl+uxH3Gp+roxaeSU/z3cOdTV20AsifM=,tag:tDVB7ulE4CH4o2ijjMaXYg==,type:str] -CACHE_DRIVER=ENC[AES256_GCM,data:nTUFrLM=,iv:6xf1CExmI1qcHLDYhHNr3GxuB9R1wyc/yYLhbaOGO1c=,tag:qhHXWL01OQeO6W8C6KTgbA==,type:str] -QUEUE_CONNECTION=ENC[AES256_GCM,data:IfIbNX0=,iv:xjN27XROjDSgiqefls1dnK64ib4lVYycNabIXLHO/Lw=,tag:gRwk6zrzssoG7L5Yr83MHQ==,type:str] -SESSION_DRIVER=ENC[AES256_GCM,data:/Vzvcdo=,iv:xT2T8CCM9iVAm3gLupR0F55wKGhtP+rGxT00wcFU8To=,tag:C9L2h8a6CNZiW4bpTU9EAw==,type:str] -MAIL_ENCRYPTION=ENC[AES256_GCM,data:l/MQxA==,iv:e5FEah+0B3IbYc/blHR65UvFlhUNIvaEOxzMO522ydo=,tag:x7Wz/aAUP31FEKlPandQ+A==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzS1dpdVJQd1QxUlp6MURP\nT1ByZ0VqeDlnUmpuSXpmNG9wMmRBVy9MQ1hzCjB0MXhoNXRnRkUxSG0waWIxMXg3\nK0ViVkovRW1xNzNHc3VJM1V1bVFLcEUKLS0tIGdDdTJIWDZHSzVFdktWbXArT2Q1\nUXd6Tm9zOUt0NU9ldVlmOWg4a0lCRGMKT4o4HvZiXU7bNM58sgjB/b0+suEvCWne\no9raHyhHthHxNpwu/Ym5FFPhfWQ2JqePnyYZkrTdHHN1MlxwWHolAA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:GFw2RWEbuCrh42jWdb7bd1nMO2TWD0+ldY2eUpSwcj8/bR1CaIkirIw5Bhf2Z9/QfywM,iv:NQjYylGxHreqX11JYGECi8v7HXOgPEu8f68LNKDz88Y=,tag:NKGfOQN/xeQMAQlQmiJ8Ig==,type:str] +APP_DEBUG=ENC[AES256_GCM,data:mgy4qXg=,iv:YVFSa+1dwpVhtJUuw0f2lu/CcA3EdeBFwXhuVlXgUWM=,tag:BJ2awc6J3d/Ytz72iUedOQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:x0THVs/SOg==,iv:jgjzhNAnKsONZkEQnSZt9uu7S4xxp/1Bzn5PdgkF4oU=,tag:0nbfCXo4OJU6XxpVgRhsDw==,type:str] +DB_DATABASE=ENC[AES256_GCM,data:ApLv6CXz,iv:1b4Bef4xhWiKOPDrt2gHiio3yeVxfUsdQjT0uV4CpyQ=,tag:87zYhunay0/ZaxiZa0BnMg==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:HK09DyU0,iv:2qZWCGLv6ac24z/jyLznTLEk64xRjQ7U9lgyrYYTyhU=,tag:zOyVf/k2nAE6f7WDFyBlJA==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:8ITxQLmfSE0=,iv:jV9UTuq/+GuJfaaoOelE6YRRSvKhGH/8nvB8eIQU/Aw=,tag:qJy4feFxARv9NsvgHELcNQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRGtNM25yYmJyUWQrYXlr\nbjcvWTRHMFhwRVJOMWkrSG1sYk53cGsyUkhzCm13K0RaWS90a3NWazE5ZVptSVM1\nR3VHZUZ2TlVvdmt3bjlxaW1sdU1ubUUKLS0tIEVxZ0xKQk9abGxKME1EdVdBbjVr\nMHU3ZTFLcXpxQTF2R2swQjljR2hiNVEKO//RIbosSot7ERbK0OHWtbEkaj17KH4P\npqYaMdaLRXogjmGdNWT5+j5c7Cdv7KvK+Be8d8KhErdPN03HaPY80Q==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T07:49:23Z -sops_mac=ENC[AES256_GCM,data:RZ5ii0voAl7+7HSdHeTJO9qf5eTyx+x7+DcgQRphWO0Dp2X2h7C5URlI1p4xVQIXBtsEeuLt+UIqazj2wQWJ1qResV8K4b1xPY/yJbu6oxZvKDgI8mPifSs1IA+IE+vnNux74SE36yv69KgtrdyIJvmz61tV+xaXZm6xDCT1aB4=,iv:u2IsKvL4T29fXtB7t+d5MDTtfmQ7ny4MKTIDb0piF/I=,tag:edRbaw4qDiUS+vFe/zygKw==,type:str] +sops_lastmodified=2024-09-23T07:54:27Z +sops_mac=ENC[AES256_GCM,data:mJ2XxJOdifCmqQVEfqayX/2CAZtFfQcciZIkjzt3JT0SoK9BS3MlFwyb+HTWDOuIFgNWn4MtSsdpPsRJW7mmvZerFBoI7pkVLrvJ21kGO5YE5Eisq2b4AUDcAGGfrdf+6rhRXKl2GXPekz5MNKZVfN8iWXjJvMqq+BhD0CspwlA=,iv:0SfPjyMUVF0vxJFQAAXHxEPHbQohdkBSX73eY4iNI84=,tag:Ro9EOhJaZRlq+7gTtQYqig==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From 2f2fb135aef614d2de5f6bff1dfe3a7a0e1082c8 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 10:45:49 +0200 Subject: [PATCH 07/52] - add secrets --- .../prod/deployment/prod/apps/eskrzypacz/.env.prod | 13 +++++++++++++ .../prod/apps/eskrzypacz/.env.prod.secrets | 12 ++++++++++++ .../prod/deployment/prod/apps/kpiech/.env.prod | 13 +++++++++++++ .../deployment/prod/apps/kpiech/.env.prod.secrets | 12 ++++++++++++ .../prod/deployment/prod/apps/kzygadlo/.env.prod | 14 ++++++++++++++ .../prod/apps/kzygadlo/.env.prod.secrets | 12 ++++++++++++ 6 files changed, 76 insertions(+) diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index e69de29b..63069c47 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -0,0 +1,13 @@ +APP_NAME="ESkrzypacz Keating" +ENVIRONMENT=prod + +COMPOSE_PROJECT_NAME=eskrzypacz +TRAEFIK_ENABLED=true +KEATING_HOST_NAME= +APP_URL=https://${KEATING_HOST_NAME}/ +TRAEFIK_ROUTER_RULE= + +CACHE_DRIVER=redis +QUEUE_CONNECTION=redis +SESSION_DRIVER=redis +MAIL_ENCRYPTION=null diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets index e69de29b..a3dd6e4c 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets @@ -0,0 +1,12 @@ +APP_KEY=ENC[AES256_GCM,data:TMwMKmhbFhKDTdtBKO+EKo1uBWUbKW2WgPtgsgHgDkKg8kYvX2hg8zo2BVNGMPxmuzNu,iv:SDin9e8Vd80qvJFNjBvacJeHf7c2vAM6xJZ0bh73xu0=,tag:k86wh2Yistuq9CETdMCHjQ==,type:str] +APP_DEBUG=ENC[AES256_GCM,data:giPQY38=,iv:tr4WD89pF6HULYEDzEOkyhJe6ZArisK/taGKy8rnooU=,tag:hdYyAD2v1uey373zmYtKpA==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:YRzDbbf9iw==,iv:CGN4QVkOyV9p6aQMMjQYm4JrT6pRdDAThY7L6d8Rs9Q=,tag:YDoz+XJlHtTodESPtiA9Uw==,type:str] +DB_DATABASE=ENC[AES256_GCM,data:3fzP+nqLuQ6oSw==,iv:2IvPcJYyr2Fs+s3CVqzidlRRyuV0eDbgJK51o6rUdeA=,tag:cpEy4WuqZ0QlaN+IDvvZ/w==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:q/OTCDh4oYDHWw==,iv:aC6LNSG/5BTe9IrE5nS9RvsOGYQhQJ5cGRI2zjTGYwM=,tag:yWUEns0+fKKZ1GogRG7DVg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:PZafoMdZAiA=,iv:4oLkrovedvVoMoKgU0BlTG9hGFUbul7O9Cm99n8nd4M=,tag:fJVTnjiiqSP0KGcnr2M5BA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaUxGRldTdmFRUElSeWVT\nSlhoUno4S29pUU9TcWdDak1mcG0ya1dpeVNNCklWazRIbjd0blRXTzZSSXJZeHJs\nbEJSYksxeWQ2NEx6aWFtbEpoSVZ3ZWsKLS0tIE9kTGtBeWdGS2hOQ011ZTh6OXpj\nWGl5ZjN3SWw2UnloT3Rqc1FFc1UzdW8KNjnL8XTpHd4mPU63HwRjwO9M5BMfJUsW\n+zlNUphW7Mfjj/WKG7RKoD+DYym/8iylEKp0RDEMIVUbPspQrxotaQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w +sops_lastmodified=2024-09-23T08:31:44Z +sops_mac=ENC[AES256_GCM,data:D74wDyQWWW5QAn8HEvlDiPy8i6eMN8ZMe1yGRsi8Ip+lM3MK7psLXdmdpuHT13myhJGVwuzrbcOEKgnPjJTpJPD27APgbEYwKsMHtCfEfPaw7fmhE5peJ032m7xMOwWN7xvLAitu8vmPXD5mYPeb383r8RDsFm1edFNZFocDbxU=,iv:W2+XU0EsMiA3Ey8B+sYfUd84QrRfELaJzHMeZ5OY8cU=,tag:Cbg9EtRWUkPrC2EajVU3uA==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index e69de29b..ebaf6fbb 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -0,0 +1,13 @@ +APP_NAME="KPiech Keating" +ENVIRONMENT=prod + +COMPOSE_PROJECT_NAME=kpiech +TRAEFIK_ENABLED=true +KEATING_HOST_NAME= +APP_URL=https://${KEATING_HOST_NAME}/ +TRAEFIK_ROUTER_RULE= + +CACHE_DRIVER=redis +QUEUE_CONNECTION=redis +SESSION_DRIVER=redis +MAIL_ENCRYPTION=null diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets index e69de29b..e8cd3bff 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets @@ -0,0 +1,12 @@ +APP_KEY=ENC[AES256_GCM,data:/M85d/DAy48bO4wngnJ0Wx5K0Sv4ylnb9Z3gpyvXMZc7ZnjJ6KeGDLiX0Ifsf7lsPZW0,iv:CnS5SoM5JY68QqmKhlU4sk36wzDIdAQSCVYGuLtsLC0=,tag:xJuMh5cnp0c65xp2uTKaqw==,type:str] +APP_DEBUG=ENC[AES256_GCM,data:0HMBoTs=,iv:ij7ve0SMomtRGw68SRMjBjwKK3XBdXNNJcQCEUVVbAs=,tag:FpdPEphENOruqZftcgPggg==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:htHjCu0Iiw==,iv:T1ttZXQWQda7MUMa1h7b5P2g7cEH8+Vj8hXzcd/A1wg=,tag:NlhN2fH6YbpHGnm/IJMI6Q==,type:str] +DB_DATABASE=ENC[AES256_GCM,data:GxPcyBsY,iv:aP1fae8lveEd7o9FiYERUh/CMze7IACv7y7jFYEJ0zI=,tag:EwXDySHsFrDDKhY/Jb9qSA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:CN/0p/Wp,iv:kUwaS2a8GSDod2QgFG6oYvR8TEGuIZKpc3VstzViN9Q=,tag:72xbK0sAAw6R6bdPHmrtpA==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:RQbIiAKGMSQ=,iv:ERPSbUo6Hl/U8gmmLYcigw4Pz/YOspdF/SiRUk73e5M=,tag:dLcaj7PeBg4ku8/Wbfbi8g==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZnliNjh2eExGckE3bjBI\naWhGWVhmRTFPdkNZNDZXY0xrN2lUaXZzZFRzCnJhWEkxakpqQlg3OEdydjR0cTZm\nY09SOEtHRDd5ZitESTBmSkg5emZLaWcKLS0tIGVqMjlZbjBEQWlTMmh4MVlFNzFr\nbkFKblNYMUI2aDBnN0FsSkRBY0NwRHcKG3GP1NTywsSm13eaVNy+HlW0lFRVFC1r\no7KQIAday68zpltUuOP+9S/O0OjlIYA3UfsFLQ7mJOW6ASXsmftNnw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w +sops_lastmodified=2024-09-23T08:32:51Z +sops_mac=ENC[AES256_GCM,data:KlFUlweZrnraIRf26Z5PwLdkvQxs7WmaAHT/BkJqcUu+YrVkpXnRq4TeeUjXNdztbVUgmRM0tc95cPBstAaUdbb0wTBPTA+9+mDGlBcaGDNp/9GZGeDYdbMqn/dTUsG/YdMpZ11vLWfdS7SbXB4G1Rb1A4k/fuCmQZy7OHjEFIo=,iv:VNd6VFz9LrS9zAQmI47zjTb4+ngMmPw0XYona0Mce6o=,tag:bnO0BDg0CsspHj7fxsU6Zg==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index e69de29b..9a7a39d0 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -0,0 +1,14 @@ +APP_NAME="KZygadlo Keating" +ENVIRONMENT=prod + +COMPOSE_PROJECT_NAME=kzygadlo +TRAEFIK_ENABLED=true +KEATING_HOST_NAME= +APP_URL=https://${KEATING_HOST_NAME}/ +TRAEFIK_ROUTER_RULE= + +CACHE_DRIVER=redis +QUEUE_CONNECTION=redis +SESSION_DRIVER=redis +MAIL_ENCRYPTION=null + diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets index e69de29b..f4781858 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets @@ -0,0 +1,12 @@ +APP_KEY=ENC[AES256_GCM,data:QSwQHUEjPAZnfubDXRHGo0BuVDV62MmuBmEiFsqjmKyYAQBi/uc9x7AmlRyeRtEXVgi4,iv:0mWkEtv/8oGjFbFbxIIkMW0SJ/XRxul/KbsZyZxlNkg=,tag:mg9cGi+4qCPowX+h+eqUFw==,type:str] +APP_DEBUG=ENC[AES256_GCM,data:IXxpKJA=,iv:onVrCTXAtEc47RDRoJqoW/ngyyPmm6cdvn7h9oXXYGY=,tag:KHX7ZR2xqJ/5Of2exWSHQQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:mPco+poDBg==,iv:KoLtHaDwsc/GA2UkgmDB+Nd7t9oWT/rc91ILB8xuZrY=,tag:xxWjR67OIsU33iP7/eVKOg==,type:str] +DB_DATABASE=ENC[AES256_GCM,data:r0OKpabnmaU=,iv:ik6hU1pMWpnH0e1BNFu2MioRgA4WI6a6AWQ5dSqLEQU=,tag:KmfOp2PqopiZ5KNTL0Xflw==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:8RTG+CgL9v0=,iv:vD7KEBDfvvD+jp9IRVb1RtoXwlvBe+VP4C/opvUKJdY=,tag:lgs2dpAqx6zO1qhmIunmDA==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:O6m46kynOsY=,iv:Da0tPlssB2aXINy8LBUQTtAUpIy9yOIz/si9Haa9d/I=,tag:m77VnCuX2IbqnN826XpmSQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSW5XYlI1aTJoMjVlcU95\ndDZnUWllTjRRbHp2OTNtTkMxeGRCM2hVdXdrCnBVTFFuMEhkdmNxcGxvdWJUbGhp\naXVSOW9qSEZISnN4dUdPV3hWK1J3WGMKLS0tIDBHOGhSQm5TTzNIN0V5c2ZjTDht\nTnU3d3EwR0xsS3o4aUpPdkthemVuTlEK6ZXzAp2yKbg+P5G6PcxjiIoj/BUKng4q\n6FMGz7j53prhbCjVvWXsC8t8pS7bGCQzjljcB95rdREuCePc50G4jA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w +sops_lastmodified=2024-09-23T08:34:42Z +sops_mac=ENC[AES256_GCM,data:sB8GLq1l0tKb8/6lDQhXz9isbyhXTWOa2+35RSLDjTyhzN6PtXfqe6ddQjwcLI/9U+kheqIRJszOneWEn0MZGGe2UYhF9JDfzgpt4riD8Hwn7YAuuYQAe/hz/BB19WYiB6/pXSsFiWILp+zrgZp2N38uZmefENPLYCsboJlU2EU=,iv:qR4a6FXoM0INxX5pLGr6sJv5YcoDfAQBgHoE//DyJe0=,tag:Egu8SbAbHjRM5u/hFavvvw==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 From 096552c975298052f9f81b2a875cf75b8df575b6 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 13:53:37 +0200 Subject: [PATCH 08/52] - update docker-compose.yml --- docker-compose.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yaml b/docker-compose.yaml index dc6f21d4..12473143 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -65,7 +65,6 @@ services: - ${DOCKER_DATABASE_HOST_PORT:-3853}:5432 volumes: - ./environment/dev/postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql - - ./environment/dev/scripts/multiple-database.sh:/docker-entrypoint-initdb.d/multiple-database.sh - keating-postgres-data:/var/lib/postgresql/data networks: - keating-dev From 3f6292870e782c5f3d65a8045f3f1d0b3ebf4469 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 15:17:43 +0200 Subject: [PATCH 09/52] - changes in .env's and workflow --- .github/workflows/deploy-to-prod.yml | 2 ++ .../deployment/prod/apps/eskrzypacz/.env.prod | 5 ++++- .../prod/apps/eskrzypacz/.env.prod.secrets | 16 +++++++--------- .../prod/deployment/prod/apps/kpiech/.env.prod | 5 ++++- .../prod/apps/kpiech/.env.prod.secrets | 16 +++++++--------- .../prod/deployment/prod/apps/krewak/.env.prod | 5 ++++- .../prod/apps/krewak/.env.prod.secrets | 16 +++++++--------- .../prod/deployment/prod/apps/kzygadlo/.env.prod | 3 +++ .../prod/apps/kzygadlo/.env.prod.secrets | 16 +++++++--------- 9 files changed, 45 insertions(+), 39 deletions(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index e58ae8a1..d9c19aa7 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -112,5 +112,7 @@ jobs: cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }}/environment/prod/deployment/prod/ mv Makefile docker-compose.prod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} + echo ${{ secrets.BLUMILKBOT_HARBOR_TOKEN }} | docker login ${{ env.DOCKER_REGISTRY }} --username ${{ env.DOCKER_REGISTRY_USER_NAME }} --password-stdin make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi + docker logout ${{ env.DOCKER_REGISTRY }} diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index 63069c47..cb21dc30 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -1,5 +1,6 @@ APP_NAME="ESkrzypacz Keating" ENVIRONMENT=prod +APP_DEBUG=false COMPOSE_PROJECT_NAME=eskrzypacz TRAEFIK_ENABLED=true @@ -7,7 +8,9 @@ KEATING_HOST_NAME= APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE= +DB_DATABASE=eskrzypacz + CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis -MAIL_ENCRYPTION=null +MAIL_ENCRYPTION=tls diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets index a3dd6e4c..9452a9dd 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets @@ -1,12 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:TMwMKmhbFhKDTdtBKO+EKo1uBWUbKW2WgPtgsgHgDkKg8kYvX2hg8zo2BVNGMPxmuzNu,iv:SDin9e8Vd80qvJFNjBvacJeHf7c2vAM6xJZ0bh73xu0=,tag:k86wh2Yistuq9CETdMCHjQ==,type:str] -APP_DEBUG=ENC[AES256_GCM,data:giPQY38=,iv:tr4WD89pF6HULYEDzEOkyhJe6ZArisK/taGKy8rnooU=,tag:hdYyAD2v1uey373zmYtKpA==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:YRzDbbf9iw==,iv:CGN4QVkOyV9p6aQMMjQYm4JrT6pRdDAThY7L6d8Rs9Q=,tag:YDoz+XJlHtTodESPtiA9Uw==,type:str] -DB_DATABASE=ENC[AES256_GCM,data:3fzP+nqLuQ6oSw==,iv:2IvPcJYyr2Fs+s3CVqzidlRRyuV0eDbgJK51o6rUdeA=,tag:cpEy4WuqZ0QlaN+IDvvZ/w==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:q/OTCDh4oYDHWw==,iv:aC6LNSG/5BTe9IrE5nS9RvsOGYQhQJ5cGRI2zjTGYwM=,tag:yWUEns0+fKKZ1GogRG7DVg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:PZafoMdZAiA=,iv:4oLkrovedvVoMoKgU0BlTG9hGFUbul7O9Cm99n8nd4M=,tag:fJVTnjiiqSP0KGcnr2M5BA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaUxGRldTdmFRUElSeWVT\nSlhoUno4S29pUU9TcWdDak1mcG0ya1dpeVNNCklWazRIbjd0blRXTzZSSXJZeHJs\nbEJSYksxeWQ2NEx6aWFtbEpoSVZ3ZWsKLS0tIE9kTGtBeWdGS2hOQ011ZTh6OXpj\nWGl5ZjN3SWw2UnloT3Rqc1FFc1UzdW8KNjnL8XTpHd4mPU63HwRjwO9M5BMfJUsW\n+zlNUphW7Mfjj/WKG7RKoD+DYym/8iylEKp0RDEMIVUbPspQrxotaQ==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:QPS4leL7OteykD3cNaCvneLZXsXPes5pPoKQYgPS+gungLGsR4BW6L+z52QzYgx4TLuk,iv:3Oj+TUJBXS+36+ZymItuM7cg1qbTwAp7HXUD1/PugHo=,tag:5iVfTAF0BaKhSAKCwnrn0g==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:4+A6SRUAbQ==,iv:tW3vo4XIFceYI3rHUBFusGacLGlCuGGmcTYrQMoiprM=,tag:tfRX6G/FI/pyqkyIlMQY9g==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:ATEhxeV2zv0u/g==,iv:Z85oBx1qWiYSSATiDGuTafNizJ7H1n2/+EUAMfgA1ag=,tag:Hhbv2R/LfhWhQE9a9Uaj0Q==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:vTIS0pUIuUI=,iv:5veb3bzdLXhOIZXY3OnGOCVRI/HnSdvnjHgDOVARUD0=,tag:93MDvNip+0uIoWRKpeJBYw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV3B5MW00ZFJLN0pXM3FV\neTlhZWdRUFRLZUVlSUZlWjRZclViNnRKSHdFCmpraVZ4OWpJRWZ3L0hOTmc3dlA5\nenp6bVZZdUhOazh2NWR2b25CamFNb1UKLS0tIFZDK0VmR0pObjdiQisyYzE4NlQw\nZjFqSkNpRVVNQ1ZwTDQ5WVl1UW1iRG8KO7/dXeiMuEzO0wZhzDutMDApANYhQhXv\nRqs47V4esJVvXv4aCTzuZecK69r/7cDJr5Pi2CmEh6xO4oDug0l5Aw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T08:31:44Z -sops_mac=ENC[AES256_GCM,data:D74wDyQWWW5QAn8HEvlDiPy8i6eMN8ZMe1yGRsi8Ip+lM3MK7psLXdmdpuHT13myhJGVwuzrbcOEKgnPjJTpJPD27APgbEYwKsMHtCfEfPaw7fmhE5peJ032m7xMOwWN7xvLAitu8vmPXD5mYPeb383r8RDsFm1edFNZFocDbxU=,iv:W2+XU0EsMiA3Ey8B+sYfUd84QrRfELaJzHMeZ5OY8cU=,tag:Cbg9EtRWUkPrC2EajVU3uA==,type:str] +sops_lastmodified=2024-09-23T13:12:58Z +sops_mac=ENC[AES256_GCM,data:VGugcNsO0MrU5fAdYRKESRbGlotswWSfmZMH/ia6RXdFvU5HN/o5Izzr9JyLqpC9Wv7k3hbV1+Sd6ZoEFkr+GE5r6u1eYajtO4v3p/VqeKNoAm375YFa9FwmMghV0auLyaEIZ6ho/hdnTFuTPd0GxqUmy6gwz0LIO3icH+RDBrI=,iv:4QPG1HsRaVOtcUBY9f3pU9aAJlgNsCYpB157t3t5Db4=,tag:crraDCmEQa+pseymh9ZTAg==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index ebaf6fbb..0cf4c3a4 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -1,5 +1,6 @@ APP_NAME="KPiech Keating" ENVIRONMENT=prod +APP_DEBUG=false COMPOSE_PROJECT_NAME=kpiech TRAEFIK_ENABLED=true @@ -7,7 +8,9 @@ KEATING_HOST_NAME= APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE= +DB_DATABASE=kpiech + CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis -MAIL_ENCRYPTION=null +MAIL_ENCRYPTION=tls diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets index e8cd3bff..7ac85af6 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets @@ -1,12 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:/M85d/DAy48bO4wngnJ0Wx5K0Sv4ylnb9Z3gpyvXMZc7ZnjJ6KeGDLiX0Ifsf7lsPZW0,iv:CnS5SoM5JY68QqmKhlU4sk36wzDIdAQSCVYGuLtsLC0=,tag:xJuMh5cnp0c65xp2uTKaqw==,type:str] -APP_DEBUG=ENC[AES256_GCM,data:0HMBoTs=,iv:ij7ve0SMomtRGw68SRMjBjwKK3XBdXNNJcQCEUVVbAs=,tag:FpdPEphENOruqZftcgPggg==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:htHjCu0Iiw==,iv:T1ttZXQWQda7MUMa1h7b5P2g7cEH8+Vj8hXzcd/A1wg=,tag:NlhN2fH6YbpHGnm/IJMI6Q==,type:str] -DB_DATABASE=ENC[AES256_GCM,data:GxPcyBsY,iv:aP1fae8lveEd7o9FiYERUh/CMze7IACv7y7jFYEJ0zI=,tag:EwXDySHsFrDDKhY/Jb9qSA==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:CN/0p/Wp,iv:kUwaS2a8GSDod2QgFG6oYvR8TEGuIZKpc3VstzViN9Q=,tag:72xbK0sAAw6R6bdPHmrtpA==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:RQbIiAKGMSQ=,iv:ERPSbUo6Hl/U8gmmLYcigw4Pz/YOspdF/SiRUk73e5M=,tag:dLcaj7PeBg4ku8/Wbfbi8g==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZnliNjh2eExGckE3bjBI\naWhGWVhmRTFPdkNZNDZXY0xrN2lUaXZzZFRzCnJhWEkxakpqQlg3OEdydjR0cTZm\nY09SOEtHRDd5ZitESTBmSkg5emZLaWcKLS0tIGVqMjlZbjBEQWlTMmh4MVlFNzFr\nbkFKblNYMUI2aDBnN0FsSkRBY0NwRHcKG3GP1NTywsSm13eaVNy+HlW0lFRVFC1r\no7KQIAday68zpltUuOP+9S/O0OjlIYA3UfsFLQ7mJOW6ASXsmftNnw==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:N7j9fYRw14xsdaiKyhsj4iJ+CceFB71mBidqZsj55GImfFPKRthN7XawVqS5KHNSyFcv,iv:EulPttVMp7dO4J1XLpcFNks7T/LIbeW/KaaFp79ksO0=,tag:IspqoGd10C3F398qWGz+7Q==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:nlg2iFlmaQ==,iv:4EWH68joMBuct2LZzfCnAmCjTfMN59MwBEKRcE/zDnY=,tag:ZLTLNp4KUEjpuGqZeNuu6g==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:MTO1ZUId,iv:c+vWDPh5TOYRtD0EJFnj9nZS1ORhC3hXTeuzIj9A/jA=,tag:52KuTWEy/Ecmr8MsRtKyBA==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:2oSfc41d5is=,iv:41XJ+3RgWDuOYLqByzPzVCYSztRYstF9DV8OvC5dwt8=,tag:zaQhWGqUGTnLsxfrSvIDqw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWlBCWGFYcWtzZ2xBT0xG\nUmoxMEc1TUdVUmF6eDB0UjBOaWprZy8vMXg4CmlmcTJqT3FoZ1AxaXpKSTA0b2pp\nYUFHRUFINkllSG9SMCthd0MwMU1PTzgKLS0tIEdrMno0Znp5d2lWNFJ6eGVyU0U3\ncjMvZm9SSHZQdDRWdXdnS1RLSm1JK2MKvuT4a1d6woeeagP7rSxZ792M8B9Jh8+x\ncUhIh2GdZyaugSzxCkUYwSwDXmpbXnjHPNf8IkdeWGFesvXfCD+UNA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T08:32:51Z -sops_mac=ENC[AES256_GCM,data:KlFUlweZrnraIRf26Z5PwLdkvQxs7WmaAHT/BkJqcUu+YrVkpXnRq4TeeUjXNdztbVUgmRM0tc95cPBstAaUdbb0wTBPTA+9+mDGlBcaGDNp/9GZGeDYdbMqn/dTUsG/YdMpZ11vLWfdS7SbXB4G1Rb1A4k/fuCmQZy7OHjEFIo=,iv:VNd6VFz9LrS9zAQmI47zjTb4+ngMmPw0XYona0Mce6o=,tag:bnO0BDg0CsspHj7fxsU6Zg==,type:str] +sops_lastmodified=2024-09-23T13:14:14Z +sops_mac=ENC[AES256_GCM,data:dAS6B6h4n6q9XV/cojNOTEt27clYWr4XFBV4YneQovOoQsyiCVCbKArVC5L9UBtXOgwmZCKYFzZUSovkug0QOhI4yB+XmUUwxf2gqVS+6B+vOhel6rH/b8yzvpVYX6kpKXOK5luneVXNXV30li2oB1Y06oszp0ySn0amNpbSTzc=,iv:fFel+qZkfnjvueDHCQs982MSrLJDZ3KIxi2IbxfoK1Y=,tag:oiu3h8+0fSpCv/VgZW3inw==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index b4b0f0de..a082166d 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -1,5 +1,6 @@ APP_NAME="KRewak Keating" ENVIRONMENT=prod +APP_DEBUG=false COMPOSE_PROJECT_NAME=krewak TRAEFIK_ENABLED=true @@ -7,7 +8,9 @@ KEATING_HOST_NAME= APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE= +DB_DATABASE=krewak + CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis -MAIL_ENCRYPTION=null +MAIL_ENCRYPTION=tls diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index edd482b5..bec06ebd 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,12 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:GFw2RWEbuCrh42jWdb7bd1nMO2TWD0+ldY2eUpSwcj8/bR1CaIkirIw5Bhf2Z9/QfywM,iv:NQjYylGxHreqX11JYGECi8v7HXOgPEu8f68LNKDz88Y=,tag:NKGfOQN/xeQMAQlQmiJ8Ig==,type:str] -APP_DEBUG=ENC[AES256_GCM,data:mgy4qXg=,iv:YVFSa+1dwpVhtJUuw0f2lu/CcA3EdeBFwXhuVlXgUWM=,tag:BJ2awc6J3d/Ytz72iUedOQ==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:x0THVs/SOg==,iv:jgjzhNAnKsONZkEQnSZt9uu7S4xxp/1Bzn5PdgkF4oU=,tag:0nbfCXo4OJU6XxpVgRhsDw==,type:str] -DB_DATABASE=ENC[AES256_GCM,data:ApLv6CXz,iv:1b4Bef4xhWiKOPDrt2gHiio3yeVxfUsdQjT0uV4CpyQ=,tag:87zYhunay0/ZaxiZa0BnMg==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:HK09DyU0,iv:2qZWCGLv6ac24z/jyLznTLEk64xRjQ7U9lgyrYYTyhU=,tag:zOyVf/k2nAE6f7WDFyBlJA==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:8ITxQLmfSE0=,iv:jV9UTuq/+GuJfaaoOelE6YRRSvKhGH/8nvB8eIQU/Aw=,tag:qJy4feFxARv9NsvgHELcNQ==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRGtNM25yYmJyUWQrYXlr\nbjcvWTRHMFhwRVJOMWkrSG1sYk53cGsyUkhzCm13K0RaWS90a3NWazE5ZVptSVM1\nR3VHZUZ2TlVvdmt3bjlxaW1sdU1ubUUKLS0tIEVxZ0xKQk9abGxKME1EdVdBbjVr\nMHU3ZTFLcXpxQTF2R2swQjljR2hiNVEKO//RIbosSot7ERbK0OHWtbEkaj17KH4P\npqYaMdaLRXogjmGdNWT5+j5c7Cdv7KvK+Be8d8KhErdPN03HaPY80Q==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:kmZ+oKJRGr7DjE7U57D5T38nbGqAx4Atf4Vr/gpkDWXxBWsdQEJXMOJpM/qcSlxSrNG1,iv:cjTDKtWD6pRChsh2XmnaS+N53aLQlOyqFqTi5OC2v7Q=,tag://cN7czWtzQUlGs0j706SQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:uMWjSidmUw==,iv:8+b0JZoDKC5YTjamWd9KJ0Bbd6aRHY8De0n6MvymqJM=,tag:M08ufjFZHZ36+WH8gO5lpA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:5i4eEFV0,iv:Zs1qef74U1aMzJs/cxL/siXuM2EqzkNtiT3VJJlK8Og=,tag:9pNvN2yF5Qeh3vmNfkk5mw==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:MHRxtiQ0kvc=,iv:n/uSXsLIn/bDs64E0hjAT+KIeo8aGBjLTqaL7L+8QM0=,tag:/TYPhwgEI4sElBBD7Es2bQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuY0pYdWR2dVQ1VzYwMmZu\nbm11Z3JPYWdodXc1bEFVRlZlZnpXakFsc0J3CnE0M1NRUnBBUnhVaS9PK3lZbENw\naDVGVHBQZUxSOWNOc1c2Z1NJWHhZdXMKLS0tIHRKa05kY3JtVWZYcDN0ZTFmN1gv\nV210QlFGcm9XeUZVSkxRd256M1ZTR1kKXBeY+Q6QRQBboAirXsjOgvSHU01CIQua\n9jQm885sfFtqMooGpPzZ6+AjlboniicQf9EkCHTKz9ZFUFg0eOOn9Q==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T07:54:27Z -sops_mac=ENC[AES256_GCM,data:mJ2XxJOdifCmqQVEfqayX/2CAZtFfQcciZIkjzt3JT0SoK9BS3MlFwyb+HTWDOuIFgNWn4MtSsdpPsRJW7mmvZerFBoI7pkVLrvJ21kGO5YE5Eisq2b4AUDcAGGfrdf+6rhRXKl2GXPekz5MNKZVfN8iWXjJvMqq+BhD0CspwlA=,iv:0SfPjyMUVF0vxJFQAAXHxEPHbQohdkBSX73eY4iNI84=,tag:Ro9EOhJaZRlq+7gTtQYqig==,type:str] +sops_lastmodified=2024-09-23T13:15:14Z +sops_mac=ENC[AES256_GCM,data:aSzdUup4Iv/FyqYuNXSAYj1E/3SB6Wi6vq4za/WufhG10tsH9M7JvNW45XQioss/cg/Bc/GAHXo+1t294Gz3wVMcUXIxQIQoCn0cn51LrDl5yTLqyEPK2PiRAS9PMVRjsHPrOAD6QqtSulSgP9jfbgnL8H58pckcALr5KeDiV9U=,iv:qCx44thyEAZS5Q4/7cqPlrdGZ0iBAiQBfhisPh9ND+Y=,tag:GYZL9vsEAB39s0f12AZFiQ==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index 9a7a39d0..ba273f35 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -1,5 +1,6 @@ APP_NAME="KZygadlo Keating" ENVIRONMENT=prod +APP_DEBUG=false COMPOSE_PROJECT_NAME=kzygadlo TRAEFIK_ENABLED=true @@ -7,6 +8,8 @@ KEATING_HOST_NAME= APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE= +DB_DATABASE=kzygadlo + CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets index f4781858..06699ea9 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets @@ -1,12 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:QSwQHUEjPAZnfubDXRHGo0BuVDV62MmuBmEiFsqjmKyYAQBi/uc9x7AmlRyeRtEXVgi4,iv:0mWkEtv/8oGjFbFbxIIkMW0SJ/XRxul/KbsZyZxlNkg=,tag:mg9cGi+4qCPowX+h+eqUFw==,type:str] -APP_DEBUG=ENC[AES256_GCM,data:IXxpKJA=,iv:onVrCTXAtEc47RDRoJqoW/ngyyPmm6cdvn7h9oXXYGY=,tag:KHX7ZR2xqJ/5Of2exWSHQQ==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:mPco+poDBg==,iv:KoLtHaDwsc/GA2UkgmDB+Nd7t9oWT/rc91ILB8xuZrY=,tag:xxWjR67OIsU33iP7/eVKOg==,type:str] -DB_DATABASE=ENC[AES256_GCM,data:r0OKpabnmaU=,iv:ik6hU1pMWpnH0e1BNFu2MioRgA4WI6a6AWQ5dSqLEQU=,tag:KmfOp2PqopiZ5KNTL0Xflw==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:8RTG+CgL9v0=,iv:vD7KEBDfvvD+jp9IRVb1RtoXwlvBe+VP4C/opvUKJdY=,tag:lgs2dpAqx6zO1qhmIunmDA==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:O6m46kynOsY=,iv:Da0tPlssB2aXINy8LBUQTtAUpIy9yOIz/si9Haa9d/I=,tag:m77VnCuX2IbqnN826XpmSQ==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSW5XYlI1aTJoMjVlcU95\ndDZnUWllTjRRbHp2OTNtTkMxeGRCM2hVdXdrCnBVTFFuMEhkdmNxcGxvdWJUbGhp\naXVSOW9qSEZISnN4dUdPV3hWK1J3WGMKLS0tIDBHOGhSQm5TTzNIN0V5c2ZjTDht\nTnU3d3EwR0xsS3o4aUpPdkthemVuTlEK6ZXzAp2yKbg+P5G6PcxjiIoj/BUKng4q\n6FMGz7j53prhbCjVvWXsC8t8pS7bGCQzjljcB95rdREuCePc50G4jA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:wPPiHEOBTRg6Lalc9sYRElpmsV9tl8wcCybD6gEOb5357hFdCnD2boDaZj/affqAwJql,iv:01ThHZDQGxIrj6K8bfrpPzDUeqjnljT+nT7gmBleExM=,tag:5LgQr1hiCKv3q6f1RFrN9Q==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:AQreoFN8hQ==,iv:UC5Q6XZn7eQvh62FfOVvu/+nWAAtYcLbTQ4O6JC46ZU=,tag:S+CRRLiwxCOwWe0jsNIgqA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:7zolMUIb/xA=,iv:69TiNMz09Bp3RYJ4u9WjUHB4MZTSyE9XvfkdvhbHnXw=,tag:cvtu33KOuNNZJutCQ/l+fg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:8QkcJvj/uz8=,iv:G6iYWUIDht7MmIeE95velfMpMKAY8wyV49YibGvtiJM=,tag:4Gfe3BmL9wRAWhi82nmtJg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVOGZlb09nVWZGcG9QVU0y\nTGFldWlYNnlxWW1yUHd6L0JGb3hlRmIwV0FnCnNNNDF4SHNBVXoxL0dGUHhZVGZx\nbUxxYmFEUGI0N3ppai80Z2pKK3JHaTQKLS0tIGlJalAwWFZTQWVzSGo5cGhMbm5n\nZHpVdjdTS1VaM0JXQlRsNFNET3BCUVUKSj09NgxtI6hlJTZbo8Dj5OCvgJ5YpLk+\nHfRQ+AZ1OKiPlokjWu0nYa9stDO8H56PBSSLOAhKJNKuXoBQrV08sA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T08:34:42Z -sops_mac=ENC[AES256_GCM,data:sB8GLq1l0tKb8/6lDQhXz9isbyhXTWOa2+35RSLDjTyhzN6PtXfqe6ddQjwcLI/9U+kheqIRJszOneWEn0MZGGe2UYhF9JDfzgpt4riD8Hwn7YAuuYQAe/hz/BB19WYiB6/pXSsFiWILp+zrgZp2N38uZmefENPLYCsboJlU2EU=,iv:qR4a6FXoM0INxX5pLGr6sJv5YcoDfAQBgHoE//DyJe0=,tag:Egu8SbAbHjRM5u/hFavvvw==,type:str] +sops_lastmodified=2024-09-23T13:15:21Z +sops_mac=ENC[AES256_GCM,data:d1+1I+YjzQblT7xFrjJc8zPX9cvhm1K9FOhoohbh/wb/VwZArKh0QU9unQKeHeW1cBTZ9NKLLAfFhPYUP1CPO7IpKeKlcd7pHToixvdLAp4r5PD+mTMKS1uw8nSAmyuuA2Nr0a/C1/YtYVAo9qDvEfnBCN1zZQnABO1rUKnm+1E=,iv:e1yS1vd4fMa+bWazNIaFsW/iMnFLjagL4BWbALl9Nxc=,tag:yAKBkfgWKljduFVyV/fruA==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From daa2600f1a51f5eaeaa012c42729fff86530d72c Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 15:29:01 +0200 Subject: [PATCH 10/52] - changes in .env --- environment/prod/deployment/prod/apps/kzygadlo/.env.prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index ba273f35..87420fb2 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -13,5 +13,5 @@ DB_DATABASE=kzygadlo CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=redis -MAIL_ENCRYPTION=null +MAIL_ENCRYPTION=tls From 9e15539faaf564144e8d6a37cfadfbfef9baafdd Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 23 Sep 2024 16:36:04 +0200 Subject: [PATCH 11/52] - changed to previous version --- .github/workflows/deploy-to-prod.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index d9c19aa7..e58ae8a1 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -112,7 +112,5 @@ jobs: cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }}/environment/prod/deployment/prod/ mv Makefile docker-compose.prod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} - echo ${{ secrets.BLUMILKBOT_HARBOR_TOKEN }} | docker login ${{ env.DOCKER_REGISTRY }} --username ${{ env.DOCKER_REGISTRY_USER_NAME }} --password-stdin make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi - docker logout ${{ env.DOCKER_REGISTRY }} From d3460fc44a266185b09551aeed9305f71a6f2cd2 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 24 Sep 2024 09:37:01 +0200 Subject: [PATCH 12/52] - add no-index-robots to traefik middleware in docker-compose.prod --- environment/prod/deployment/prod/docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 5c59a2aa..34b648f2 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -32,7 +32,7 @@ services: - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true" - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=response-gzip-compress@file" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" working_dir: /application volumes: - ./.env:/application/.env:ro From a0173c93819fd49beb2b0f851fc729f23ab20008 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 24 Sep 2024 11:45:27 +0200 Subject: [PATCH 13/52] - env's update --- .../prod/deployment/prod/apps/eskrzypacz/.env.prod | 4 ++-- .../prod/apps/eskrzypacz/.env.prod.secrets | 14 +++++++------- .../prod/deployment/prod/apps/kpiech/.env.prod | 4 ++-- .../deployment/prod/apps/kpiech/.env.prod.secrets | 14 +++++++------- .../prod/deployment/prod/apps/krewak/.env.prod | 4 ++-- .../deployment/prod/apps/krewak/.env.prod.secrets | 14 +++++++------- .../prod/deployment/prod/apps/kzygadlo/.env.prod | 4 ++-- .../prod/apps/kzygadlo/.env.prod.secrets | 14 +++++++------- 8 files changed, 36 insertions(+), 36 deletions(-) diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index cb21dc30..73cced2a 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -4,9 +4,9 @@ APP_DEBUG=false COMPOSE_PROJECT_NAME=eskrzypacz TRAEFIK_ENABLED=true -KEATING_HOST_NAME= +KEATING_HOST_NAME=ewelinaskrzypacz.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE= +TRAEFIK_ROUTER_RULE="Host(`ewelinaskrzypacz.collegiumwitelona.pl`)" DB_DATABASE=eskrzypacz diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets index 9452a9dd..e1c49456 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets @@ -1,10 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:QPS4leL7OteykD3cNaCvneLZXsXPes5pPoKQYgPS+gungLGsR4BW6L+z52QzYgx4TLuk,iv:3Oj+TUJBXS+36+ZymItuM7cg1qbTwAp7HXUD1/PugHo=,tag:5iVfTAF0BaKhSAKCwnrn0g==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:4+A6SRUAbQ==,iv:tW3vo4XIFceYI3rHUBFusGacLGlCuGGmcTYrQMoiprM=,tag:tfRX6G/FI/pyqkyIlMQY9g==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:ATEhxeV2zv0u/g==,iv:Z85oBx1qWiYSSATiDGuTafNizJ7H1n2/+EUAMfgA1ag=,tag:Hhbv2R/LfhWhQE9a9Uaj0Q==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:vTIS0pUIuUI=,iv:5veb3bzdLXhOIZXY3OnGOCVRI/HnSdvnjHgDOVARUD0=,tag:93MDvNip+0uIoWRKpeJBYw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyV3B5MW00ZFJLN0pXM3FV\neTlhZWdRUFRLZUVlSUZlWjRZclViNnRKSHdFCmpraVZ4OWpJRWZ3L0hOTmc3dlA5\nenp6bVZZdUhOazh2NWR2b25CamFNb1UKLS0tIFZDK0VmR0pObjdiQisyYzE4NlQw\nZjFqSkNpRVVNQ1ZwTDQ5WVl1UW1iRG8KO7/dXeiMuEzO0wZhzDutMDApANYhQhXv\nRqs47V4esJVvXv4aCTzuZecK69r/7cDJr5Pi2CmEh6xO4oDug0l5Aw==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:3gKCqu+z3i4GHnxb1ykAg25KPEHVsMTb0Ia5168AtpcAK81n8WGPSOhic+LXVKMPOUAu,iv:fYYe6Hs5ml6VIQzv7R0ZoWBqUe6PXvbH4AEXWHWB0d8=,tag:ZiTgVPfY+YUAj5rROyEHTg==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:tPRpBRWDxQ==,iv:EJO0+4KINNPDFqI2tg/VKtYKshD/+qAgqaB9XbVOqbI=,tag:yhS/9pQCIwfMTD+vdipWLQ==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:JuQUIjFAmBUv2Q==,iv:1TSLqFNknuTbTu7O9OhlSh2cFn7mk8v7XQastzLPGi0=,tag:G3jAIRnbsMfm8khbsDqeeg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:h8hOzEECR0vPaft8u+ONXYb7crE=,iv:E/qwxiJnuT5oD1SceAbDIHEdUGbwjwrjemc/h+cK3Hw=,tag:izGuUaOTzOBXC0nglPQ4qw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOWJBM2dLNkR3WXdoeThV\naFlmMzBXK0lhVzdMYVNpRW1LM2FPSnFUckdjCmtoakZzSGxRZm95Y3VhQWI5QTFY\nZHBDd1RqdTI2Vlloc1NVSDM3NFlxQ3cKLS0tIHFsTks3UFpqSDF1dG9ZL0xidTRy\nQWNzbFhiekJ4R0dkR0djejhMaHEwUlUKUBk221h4fVD64Uy8CHrLaZX4fB+Rho+K\nyXMuuPVUD6hlpZYqC9C5V6XQuzyLNcY4gJsf3I7rxrG+Jrr7vXu6MA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T13:12:58Z -sops_mac=ENC[AES256_GCM,data:VGugcNsO0MrU5fAdYRKESRbGlotswWSfmZMH/ia6RXdFvU5HN/o5Izzr9JyLqpC9Wv7k3hbV1+Sd6ZoEFkr+GE5r6u1eYajtO4v3p/VqeKNoAm375YFa9FwmMghV0auLyaEIZ6ho/hdnTFuTPd0GxqUmy6gwz0LIO3icH+RDBrI=,iv:4QPG1HsRaVOtcUBY9f3pU9aAJlgNsCYpB157t3t5Db4=,tag:crraDCmEQa+pseymh9ZTAg==,type:str] +sops_lastmodified=2024-09-24T09:16:26Z +sops_mac=ENC[AES256_GCM,data:XKUPPIfrzPUIA3ZLr/pfbB+HRKu1kv4KeVqhdw85LnFzzf1JFjfD8nKAXHgJhMbplcqFcdN3Jk5JC+1mdIIO3Jsy0GnUAekog+jmqE15P0WVi2V/YwTUImDpc2g/JCxFwAsYk/hYLbmhx6g/RQjylQkWbEqkC4LCu1IE+mgC4Aw=,iv:26CVn8kVB8H3e8d6mh7/Ec9UUbxFXB5DDJBAm0fnmx8=,tag:xgvcENRc9Q0XZ/zmEsDkDA==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index 0cf4c3a4..214a85dc 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -4,9 +4,9 @@ APP_DEBUG=false COMPOSE_PROJECT_NAME=kpiech TRAEFIK_ENABLED=true -KEATING_HOST_NAME= +KEATING_HOST_NAME=kamilpiech.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE= +TRAEFIK_ROUTER_RULE="Host(`kamilpiech.collegiumwitelona.pl`)" DB_DATABASE=kpiech diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets index 7ac85af6..44ebc259 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets @@ -1,10 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:N7j9fYRw14xsdaiKyhsj4iJ+CceFB71mBidqZsj55GImfFPKRthN7XawVqS5KHNSyFcv,iv:EulPttVMp7dO4J1XLpcFNks7T/LIbeW/KaaFp79ksO0=,tag:IspqoGd10C3F398qWGz+7Q==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:nlg2iFlmaQ==,iv:4EWH68joMBuct2LZzfCnAmCjTfMN59MwBEKRcE/zDnY=,tag:ZLTLNp4KUEjpuGqZeNuu6g==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:MTO1ZUId,iv:c+vWDPh5TOYRtD0EJFnj9nZS1ORhC3hXTeuzIj9A/jA=,tag:52KuTWEy/Ecmr8MsRtKyBA==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:2oSfc41d5is=,iv:41XJ+3RgWDuOYLqByzPzVCYSztRYstF9DV8OvC5dwt8=,tag:zaQhWGqUGTnLsxfrSvIDqw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwWlBCWGFYcWtzZ2xBT0xG\nUmoxMEc1TUdVUmF6eDB0UjBOaWprZy8vMXg4CmlmcTJqT3FoZ1AxaXpKSTA0b2pp\nYUFHRUFINkllSG9SMCthd0MwMU1PTzgKLS0tIEdrMno0Znp5d2lWNFJ6eGVyU0U3\ncjMvZm9SSHZQdDRWdXdnS1RLSm1JK2MKvuT4a1d6woeeagP7rSxZ792M8B9Jh8+x\ncUhIh2GdZyaugSzxCkUYwSwDXmpbXnjHPNf8IkdeWGFesvXfCD+UNA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:3rveVvPCTwmOnbeDo3yGNH1rLPwP8WnvOPmIaFIkoKltPAZZ0xS8G41AXl5VepOKAEIK,iv:01gzvVtnAjuEuYY7vwryDOqzU1619/OIuaquqg5kXCM=,tag:xKsJxDyyf2CvxLB1W+z2yQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:EQXQ7VSwCA==,iv:YQ5lL8pxk1cOotyypwVXlBIBpsh0xpxrvZVXGiIt9ME=,tag:oBzq5hToLi2YrRd4oZsHrg==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:0O3VjyFk,iv:R/ke48MSEqhG0x4pOKYUHjz7Rb0P9MpSZU8zDmTJL04=,tag:136qEfhtYXn19420M7naTA==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:YLRbwT8dA7yVCD5DOmvq+yDKpww=,iv:jyjfeaQNOAfQzdDCM7vPz96Ee6BivnUG+2MWoiO1JYs=,tag:wmp8Cj5plg/rPZkjqFIDPA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdXpOcWkrZXo3VEp3ZXVV\nUm9RL0VDNGRVVmg4OFpraTRqd1Z5YU5WWGlzCnJFN3lXOTN0UHBmbUJYRHk1cVZz\nSEwvc1M3cTZWeURBV2NCS2hnOU52a0EKLS0tIEZGNUF6Q1diUWZIclJXbVJmQ1FI\nSFdWaWx2L0V2ZGlRSXAyMkFTUW5IUjAKdnpnSPXJGEBz9uRED9+/wrJK3K09gw0z\n7vyBLReYe0DuwrK0P78d9jCZ8LsZ3org8bTItUQBoOl8LHEFDAA8lg==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T13:14:14Z -sops_mac=ENC[AES256_GCM,data:dAS6B6h4n6q9XV/cojNOTEt27clYWr4XFBV4YneQovOoQsyiCVCbKArVC5L9UBtXOgwmZCKYFzZUSovkug0QOhI4yB+XmUUwxf2gqVS+6B+vOhel6rH/b8yzvpVYX6kpKXOK5luneVXNXV30li2oB1Y06oszp0ySn0amNpbSTzc=,iv:fFel+qZkfnjvueDHCQs982MSrLJDZ3KIxi2IbxfoK1Y=,tag:oiu3h8+0fSpCv/VgZW3inw==,type:str] +sops_lastmodified=2024-09-24T09:16:22Z +sops_mac=ENC[AES256_GCM,data:Eeivy45W4LauzD/jq8HzrwDBu8yWCIgCETBsoPWGZrJz5UkDHvdjHi+Zk2eJAiXkKKXVPFSUOLSSRmifMKS0tmx+y/QyNeBtVmM8hmg9fwNYGWxyOUCChzNP8wMR4dITHd8AoSQbBwAkyppKC7muccELzL83PlWsFr7+ilIOjrc=,iv:7UXZDvxOm2FcuPetW2P5olxIe3Uzz0kGzl208R0qyNw=,tag:IunoZOJhh6e3sUOpL5BH+w==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index a082166d..c6aba1f0 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -4,9 +4,9 @@ APP_DEBUG=false COMPOSE_PROJECT_NAME=krewak TRAEFIK_ENABLED=true -KEATING_HOST_NAME= +KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE= +TRAEFIK_ROUTER_RULE="Host(`krzysztofrewak.collegiumwitelona.pl`)" DB_DATABASE=krewak diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index bec06ebd..d8c081db 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,10 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:kmZ+oKJRGr7DjE7U57D5T38nbGqAx4Atf4Vr/gpkDWXxBWsdQEJXMOJpM/qcSlxSrNG1,iv:cjTDKtWD6pRChsh2XmnaS+N53aLQlOyqFqTi5OC2v7Q=,tag://cN7czWtzQUlGs0j706SQ==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:uMWjSidmUw==,iv:8+b0JZoDKC5YTjamWd9KJ0Bbd6aRHY8De0n6MvymqJM=,tag:M08ufjFZHZ36+WH8gO5lpA==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:5i4eEFV0,iv:Zs1qef74U1aMzJs/cxL/siXuM2EqzkNtiT3VJJlK8Og=,tag:9pNvN2yF5Qeh3vmNfkk5mw==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:MHRxtiQ0kvc=,iv:n/uSXsLIn/bDs64E0hjAT+KIeo8aGBjLTqaL7L+8QM0=,tag:/TYPhwgEI4sElBBD7Es2bQ==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuY0pYdWR2dVQ1VzYwMmZu\nbm11Z3JPYWdodXc1bEFVRlZlZnpXakFsc0J3CnE0M1NRUnBBUnhVaS9PK3lZbENw\naDVGVHBQZUxSOWNOc1c2Z1NJWHhZdXMKLS0tIHRKa05kY3JtVWZYcDN0ZTFmN1gv\nV210QlFGcm9XeUZVSkxRd256M1ZTR1kKXBeY+Q6QRQBboAirXsjOgvSHU01CIQua\n9jQm885sfFtqMooGpPzZ6+AjlboniicQf9EkCHTKz9ZFUFg0eOOn9Q==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:xsFv8xl/zJGheDf3daX2hhJFI+L1QZugogIrd6Wg9/w1Ah3rcThwaoMX9PsqwrBCIj16,iv:C4SryjbTCLN/2QyfOIq0sxRlVNnXO/RJfwdFvlCBLxk=,tag:gFuOyfqwmXCBPFBcNDgxEA==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:7kY1sbnneg==,iv:XJ2WMjnZcR2Im3hU8w7Qemo3s3i6HJkqpC2wb1AMTSU=,tag:yR5lFY4Z9lYRCt3ElJ6g2A==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:DDXlG9AK,iv:Z/r8d3dSlYMJ44lQc9QmQkKyNQbEMC6rJaJzu9MFxkk=,tag:85v+EfO3eQNq+Eg2Dh7mZw==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:psqQnuGhhhaE7WAfqdzR6dkE1S8=,iv:bzZkYKQN57+Cz/HIs0yMFgOdlgikWv93IbncH7Dq5Ec=,tag:qwYKclGMWimOP3msW26OnA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUytkaDRRQThSeWw2NFox\ncUptajFSM0RmTVdSR3hqcmZyR0RSSWttOVEwCi9QSnBBYUZMQ2tXTWVKalZWNGdw\ncU8rYktkTTVnTG1lenJVZUdtWHlJbVEKLS0tIG5WZnU1TC84ZGtLaElYaG1EbmpQ\nVmVjb1FTZHZmaERMbnR6UGFld1BBNG8KYnI1XfCjt9YzLp6yFHUcKCx0OpwB1h+D\npBgxpWg2oVOE1rO4o+wovTCrg7+AWMXaZ2unWu4HlgzTxryAuXSA9g==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T13:15:14Z -sops_mac=ENC[AES256_GCM,data:aSzdUup4Iv/FyqYuNXSAYj1E/3SB6Wi6vq4za/WufhG10tsH9M7JvNW45XQioss/cg/Bc/GAHXo+1t294Gz3wVMcUXIxQIQoCn0cn51LrDl5yTLqyEPK2PiRAS9PMVRjsHPrOAD6QqtSulSgP9jfbgnL8H58pckcALr5KeDiV9U=,iv:qCx44thyEAZS5Q4/7cqPlrdGZ0iBAiQBfhisPh9ND+Y=,tag:GYZL9vsEAB39s0f12AZFiQ==,type:str] +sops_lastmodified=2024-09-24T09:16:30Z +sops_mac=ENC[AES256_GCM,data:GgzOi3vNsqJqQOMRg/Y+49DEz20ogJxYn3ZjvEEBxj5y48+Mn04bFmspLLZ2vS+3BUXFub3Uk/qKJB2NyO7UgBV6eUtd8nEdk2XeY7vBkp4/YIcwRkzsRKn6CqDKlkdjXtxgayvVpESZ9eg7lK9qwRVRPqw5R8Zw//mCUXJ3zN4=,iv:hFouoxxZpgryCZ+W3hvQR+lDah6/48U1F649IlHabfE=,tag:nwZqeYZp4DifrGzzL/TYwg==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index 87420fb2..6ac180fa 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -4,9 +4,9 @@ APP_DEBUG=false COMPOSE_PROJECT_NAME=kzygadlo TRAEFIK_ENABLED=true -KEATING_HOST_NAME= +KEATING_HOST_NAME=karolzygadlo.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE= +TRAEFIK_ROUTER_RULE="Host(`karolzygadlo.collegiumwitelona.pl`)" DB_DATABASE=kzygadlo diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets index 06699ea9..aad7cf42 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets @@ -1,10 +1,10 @@ -APP_KEY=ENC[AES256_GCM,data:wPPiHEOBTRg6Lalc9sYRElpmsV9tl8wcCybD6gEOb5357hFdCnD2boDaZj/affqAwJql,iv:01ThHZDQGxIrj6K8bfrpPzDUeqjnljT+nT7gmBleExM=,tag:5LgQr1hiCKv3q6f1RFrN9Q==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:AQreoFN8hQ==,iv:UC5Q6XZn7eQvh62FfOVvu/+nWAAtYcLbTQ4O6JC46ZU=,tag:S+CRRLiwxCOwWe0jsNIgqA==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:7zolMUIb/xA=,iv:69TiNMz09Bp3RYJ4u9WjUHB4MZTSyE9XvfkdvhbHnXw=,tag:cvtu33KOuNNZJutCQ/l+fg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:8QkcJvj/uz8=,iv:G6iYWUIDht7MmIeE95velfMpMKAY8wyV49YibGvtiJM=,tag:4Gfe3BmL9wRAWhi82nmtJg==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVOGZlb09nVWZGcG9QVU0y\nTGFldWlYNnlxWW1yUHd6L0JGb3hlRmIwV0FnCnNNNDF4SHNBVXoxL0dGUHhZVGZx\nbUxxYmFEUGI0N3ppai80Z2pKK3JHaTQKLS0tIGlJalAwWFZTQWVzSGo5cGhMbm5n\nZHpVdjdTS1VaM0JXQlRsNFNET3BCUVUKSj09NgxtI6hlJTZbo8Dj5OCvgJ5YpLk+\nHfRQ+AZ1OKiPlokjWu0nYa9stDO8H56PBSSLOAhKJNKuXoBQrV08sA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:eWFy50obB0AuZs+fZQ+KyN39Sd0deFDMFMSKZWrKBoNfOT+wYrDqnVhcimh8wZVNEwUI,iv:n67lZ+Fd1TzaQIBXDcsaWoMFBUJ8VOuCFWvC3AdI5FQ=,tag:JOryOXA/rSbaNpVOU4mcig==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:NBdHASHs9g==,iv:aiKNfMpI7U+djn4iNriLvgltZzTXYW3DqOn1IhXS5Us=,tag:h8lBM9sAAv+Ay5FkpdowYg==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:CuJrkyNd4lY=,iv:TWqDGkK1um03mjcxV9ztVTCx+BV28fh+5TOIEuGGYnQ=,tag:YMq4/YPXSmKg9v8x08iVNg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:jzH+viQ3A6Otij1iJNYNxWjorGI=,iv:dUxAzs02iiFuxSLl0oKBJ0JzWG62y/CaxOH/Bck/Y2I=,tag:olOB9iMn5vyL4Hid7yD81g==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjN05yQk9pK0VTVGxmZXIv\nQjhDd3Y0U0VCTW14NllXV1lRMkxOMGhaSGg4CkgrazlvaWlzQ1VNZHdyWEh4aHBp\nMFBvb0RzK2F1ckgvLzh4cEdCUmM2ZWcKLS0tIGF2cEZGOGlBalJqZ0V3T3BvN25h\najVWRWRCZ1M2OUtSZkQwMzVGN0laajAKkfa4tiu/5A57AeVfM+7QwpYQeOv0EY/H\nKYn/VV6pezz2y18bWlMAHo4UsUuDZQmUyz8Mi6mv9HfEQq1MSz5/0A==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-23T13:15:21Z -sops_mac=ENC[AES256_GCM,data:d1+1I+YjzQblT7xFrjJc8zPX9cvhm1K9FOhoohbh/wb/VwZArKh0QU9unQKeHeW1cBTZ9NKLLAfFhPYUP1CPO7IpKeKlcd7pHToixvdLAp4r5PD+mTMKS1uw8nSAmyuuA2Nr0a/C1/YtYVAo9qDvEfnBCN1zZQnABO1rUKnm+1E=,iv:e1yS1vd4fMa+bWazNIaFsW/iMnFLjagL4BWbALl9Nxc=,tag:yAKBkfgWKljduFVyV/fruA==,type:str] +sops_lastmodified=2024-09-24T09:16:34Z +sops_mac=ENC[AES256_GCM,data:W0WxWU5eqFY7ishtOPJ+ET1hD2ZSyAKMq/yRaD6Nsw6r2mdgaRfYUQ+K/BwI/jpD+jCw84dpNUj4Rll3/tSVWWTR8r20zIRwdonR6NRXJPNhhg3NvkykD6nrTkQsGGB0LGv89Ie9fjUch8v8jlmuFaqbEnjiK48hGqyjys/NIok=,iv:T/ASwtqjNdbd9s+bq8AUwPqoBBqf51IrSuBz9M9p+so=,tag:008cHqmEWB2ZMq12NgunPA==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From da8b926f12ccaf5b5866591d03935aafc92e0b9f Mon Sep 17 00:00:00 2001 From: Blusia Date: Wed, 25 Sep 2024 11:04:22 +0200 Subject: [PATCH 14/52] - change volume name --- environment/prod/deployment/prod/docker-compose.prod.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 34b648f2..27ab0607 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -5,9 +5,9 @@ networks: driver: bridge volumes: - keating-postgres-data: + keating-prod-postgres-data: name: keating-prod-postgres-data - keating-redis-data: + keating-prod-redis-data: name: keating-prod-redis-data services: From 6147635d60bfc251989ee7c6652241c7ed4a3c8c Mon Sep 17 00:00:00 2001 From: Blusia Date: Wed, 25 Sep 2024 16:15:26 +0200 Subject: [PATCH 15/52] - update env's --- .../prod/deployment/prod/apps/krewak/.env.prod | 1 + .../prod/apps/krewak/.env.prod.secrets | 18 +++++++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index c6aba1f0..ed18d2d6 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -8,6 +8,7 @@ KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE="Host(`krzysztofrewak.collegiumwitelona.pl`)" +DB_CONNECTION=pgsql DB_DATABASE=krewak CACHE_DRIVER=redis diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index d8c081db..21dc5a7b 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,10 +1,14 @@ -APP_KEY=ENC[AES256_GCM,data:xsFv8xl/zJGheDf3daX2hhJFI+L1QZugogIrd6Wg9/w1Ah3rcThwaoMX9PsqwrBCIj16,iv:C4SryjbTCLN/2QyfOIq0sxRlVNnXO/RJfwdFvlCBLxk=,tag:gFuOyfqwmXCBPFBcNDgxEA==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:7kY1sbnneg==,iv:XJ2WMjnZcR2Im3hU8w7Qemo3s3i6HJkqpC2wb1AMTSU=,tag:yR5lFY4Z9lYRCt3ElJ6g2A==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:DDXlG9AK,iv:Z/r8d3dSlYMJ44lQc9QmQkKyNQbEMC6rJaJzu9MFxkk=,tag:85v+EfO3eQNq+Eg2Dh7mZw==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:psqQnuGhhhaE7WAfqdzR6dkE1S8=,iv:bzZkYKQN57+Cz/HIs0yMFgOdlgikWv93IbncH7Dq5Ec=,tag:qwYKclGMWimOP3msW26OnA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUytkaDRRQThSeWw2NFox\ncUptajFSM0RmTVdSR3hqcmZyR0RSSWttOVEwCi9QSnBBYUZMQ2tXTWVKalZWNGdw\ncU8rYktkTTVnTG1lenJVZUdtWHlJbVEKLS0tIG5WZnU1TC84ZGtLaElYaG1EbmpQ\nVmVjb1FTZHZmaERMbnR6UGFld1BBNG8KYnI1XfCjt9YzLp6yFHUcKCx0OpwB1h+D\npBgxpWg2oVOE1rO4o+wovTCrg7+AWMXaZ2unWu4HlgzTxryAuXSA9g==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:S2d4ev67EWhfr6z7zof+rlXSPduxVZm4Y5aFh1jKFnEF/eNwe2aGau4BKttJF616YSvL,iv:YfwatiD/IwdEPsb5xsi7g/reiwX1Jf26tP1+kYq3ivI=,tag:z4MiLMK9nJl/VEuAcnScKQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:XaGneNkW4g==,iv:9K6xUykmm3hO8qjY/Z/EBDZ439Wcqjlkb/IEnOVSZjo=,tag:iw5VcLad0ji5f7QEsfTgag==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:vr02DqPK,iv:g2INLt/1KUOD/TLFl70S9tS77i1VxgzKbgYCSek14+A=,tag:zZLLDmtBsI5pmKVdXj2lrg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:rOj5Psbi3ZPCH9Tc03Z5hZk+ly8=,iv:DrGahcpBQmt+EzKplqTo3FBHO/rGzf0LG/xwFFPU34c=,tag:kPM8xF7ssp3yeYnRhknH1Q==,type:str] +DB_HOST=ENC[AES256_GCM,data:jAN+VXxNBFHf4T9hYnLmfEZUWdDg,iv:KxqVkMI3yKKBmIJ0+A9rbNyZJ2NZi8X9wMTvOrrf4Fk=,tag:IGDn5Wq0yRGyCqIPU7RG7w==,type:str] +DB_PORT=ENC[AES256_GCM,data:k5gYQQ==,iv:AGsPqatbHqo4QtCnoguZeiea7oLOpEgP5mJT/2e03cU=,tag:maUg+R49fmra49QLmsiZwQ==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:WKIwLKq+uHYExI4rHQctmnF7,iv:bCjk40i1Tyk1yQw4nmrBV1AvmAj2jHTOdjwe7MyPWKs=,tag:GoGQLSzTwXH3Otx+s5QuoQ==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:3K5HCw==,iv:QKZ/Ep5KMcxK4sVN0/jRpDaQaxrLZRH20sDQ48+wi3s=,tag:8sAJ2g3Ivya3YztY9a1D+A==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5d285TytReTlZWEFnM1hv\nWDBxamJ5R3dmdG5DQWZWMFI2RjFLR3hjdlc0CmxnYmxxRW9PQnFKWENxK1lWeXBV\nelM3eGh6UXZaOGRSblUvZzQwRFZhV1kKLS0tIG81bW5QZ1BHdHRjQjlPaUQwOGtQ\naWxzdERHVUpCSDJjQ1pzTG0wZXQyblUKaMAPa6mEKJwAeHLvqH1+4AXO9fwU7V2k\nmSYw7cNsZIYPETXs15qC6cCACUFpAkhmlekbA5AvcLmvGPFdgjtdzA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-24T09:16:30Z -sops_mac=ENC[AES256_GCM,data:GgzOi3vNsqJqQOMRg/Y+49DEz20ogJxYn3ZjvEEBxj5y48+Mn04bFmspLLZ2vS+3BUXFub3Uk/qKJB2NyO7UgBV6eUtd8nEdk2XeY7vBkp4/YIcwRkzsRKn6CqDKlkdjXtxgayvVpESZ9eg7lK9qwRVRPqw5R8Zw//mCUXJ3zN4=,iv:hFouoxxZpgryCZ+W3hvQR+lDah6/48U1F649IlHabfE=,tag:nwZqeYZp4DifrGzzL/TYwg==,type:str] +sops_lastmodified=2024-09-25T14:15:02Z +sops_mac=ENC[AES256_GCM,data:J/n8Ch40DBvbsiHZHITVWXG3XN/otxU/G03K8ptbLH2LGD2D1dV66ubvzsZ8bbCQCGpVK16ZKfQC+D/LKKaiL4id9LNfpdx34CstSTsR0QsJ3K+cjQu8U/TYnekyRtPcO55tKId2GlUd4rU4c7cwgBoWO9V8y4y94PZiV72L8C0=,iv:vjWhWj/TTj1nOe+21pygrVdfrWm6hU4pmxk0Fb0Mw7s=,tag:MvLzX5YPH5WBL+8g0Oh6Jw==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From 40f769167b4c38c847812d0af9fbfcc71b06b589 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 08:44:05 +0200 Subject: [PATCH 16/52] - update docker-compose.prod --- environment/prod/deployment/prod/docker-compose.prod.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 27ab0607..d6141c70 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -57,8 +57,7 @@ services: timeout: 3s retries: 5 volumes: - - ./environment/dev/postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql - - ./environment/prod/deployment/scripts/multiple-database.sh:/docker-entrypoint-initdb.d/multiple-database.sh + - ../postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql - keating-prod-postgres-data:/var/lib/postgresql/data networks: - keating-prod From 4a05de5c45dcca9c1a4cd483e998fb79d17abc28 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 09:46:22 +0200 Subject: [PATCH 17/52] - update env --- .../prod/apps/krewak/.env.prod.secrets | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index 21dc5a7b..a729d991 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,14 +1,14 @@ -APP_KEY=ENC[AES256_GCM,data:S2d4ev67EWhfr6z7zof+rlXSPduxVZm4Y5aFh1jKFnEF/eNwe2aGau4BKttJF616YSvL,iv:YfwatiD/IwdEPsb5xsi7g/reiwX1Jf26tP1+kYq3ivI=,tag:z4MiLMK9nJl/VEuAcnScKQ==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:XaGneNkW4g==,iv:9K6xUykmm3hO8qjY/Z/EBDZ439Wcqjlkb/IEnOVSZjo=,tag:iw5VcLad0ji5f7QEsfTgag==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:vr02DqPK,iv:g2INLt/1KUOD/TLFl70S9tS77i1VxgzKbgYCSek14+A=,tag:zZLLDmtBsI5pmKVdXj2lrg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:rOj5Psbi3ZPCH9Tc03Z5hZk+ly8=,iv:DrGahcpBQmt+EzKplqTo3FBHO/rGzf0LG/xwFFPU34c=,tag:kPM8xF7ssp3yeYnRhknH1Q==,type:str] -DB_HOST=ENC[AES256_GCM,data:jAN+VXxNBFHf4T9hYnLmfEZUWdDg,iv:KxqVkMI3yKKBmIJ0+A9rbNyZJ2NZi8X9wMTvOrrf4Fk=,tag:IGDn5Wq0yRGyCqIPU7RG7w==,type:str] -DB_PORT=ENC[AES256_GCM,data:k5gYQQ==,iv:AGsPqatbHqo4QtCnoguZeiea7oLOpEgP5mJT/2e03cU=,tag:maUg+R49fmra49QLmsiZwQ==,type:str] -REDIS_HOST=ENC[AES256_GCM,data:WKIwLKq+uHYExI4rHQctmnF7,iv:bCjk40i1Tyk1yQw4nmrBV1AvmAj2jHTOdjwe7MyPWKs=,tag:GoGQLSzTwXH3Otx+s5QuoQ==,type:str] -REDIS_PORT=ENC[AES256_GCM,data:3K5HCw==,iv:QKZ/Ep5KMcxK4sVN0/jRpDaQaxrLZRH20sDQ48+wi3s=,tag:8sAJ2g3Ivya3YztY9a1D+A==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5d285TytReTlZWEFnM1hv\nWDBxamJ5R3dmdG5DQWZWMFI2RjFLR3hjdlc0CmxnYmxxRW9PQnFKWENxK1lWeXBV\nelM3eGh6UXZaOGRSblUvZzQwRFZhV1kKLS0tIG81bW5QZ1BHdHRjQjlPaUQwOGtQ\naWxzdERHVUpCSDJjQ1pzTG0wZXQyblUKaMAPa6mEKJwAeHLvqH1+4AXO9fwU7V2k\nmSYw7cNsZIYPETXs15qC6cCACUFpAkhmlekbA5AvcLmvGPFdgjtdzA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:m+HAMlXUrA1+zI+Hi+O96cGTGN71M42yfJ3r6Ifn4y9gls4SzOr/+tpW1LfX+zCJxnpo,iv:jhJ/skQBBHXaboLV1OpQhnY1kBcAYanuhrOGnfDzX4U=,tag:bu0DGVzv7ShpCNwQA9fH5w==,type:str] +DB_HOST=ENC[AES256_GCM,data:8X0rkaVe7Pz+Q6hRaNHxnip4Ub45,iv:07qBaR/2vw5TCXocIUW9tWpXv+NUgr5vpINz1niA7PE=,tag:o4WTS4K2zdb25XOOg18slQ==,type:str] +DB_PORT=ENC[AES256_GCM,data:jiF3lA==,iv:2g89kkZOf7JiHtofKO1rdpGKx/Ei7MZc0zKRInKEdxI=,tag:TULJv65Gb7n48y2oob7L5g==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:GOcv6D8IA8aZGENEGiUwUCVCk8o=,iv:m6Gq/d+fnciYFVgy1FzpzjKxXAl9iAph5dpwEie/tDc=,tag:9UBBpshlX3mHBV9yKj5CrA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:3LAIHlvw,iv:hav5ZtdMq/OSbpXoGuwJ1E7q+J9IjsUBXWKeqwFLqrI=,tag:r8dQiZ0PNRdQuGcLXiBXpg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:z5nROADHFah2z7VvoBXy4b1D2Dc=,iv:9cG5k5k0Rys+2yxMS1cJsnrq2rImzrjL8g+EEICjOxE=,tag:uJaWFHTvaDql218x9mI5pg==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:ZOG1ZY0ufsuoW6GrDiCcUYzC,iv:GJDUs40Lj8R6r2OIKlhCbJXXubSvHZbfyV3cKBB0wTY=,tag:m6lrGvLVqcf9eTAtdzFA5w==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:xZ8knw==,iv:MGAxb+fCy+nN9tjAbsCedSedUNArlKfXSRMacNUNLYQ=,tag:DpZbOJC3GEhi/fL0UZrzkg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eEdQcDdaWGJZcHZZeldV\nY0dBUXEwZE1nU0hqUUZhQ0hyd0xTVVlGRjJrClRYV2h5bXNYcW1pUkFuY2lQSU1u\nOGgrMVVQTmNKU1A3cGNjQm04WDFXWTgKLS0tIFVTWlJRZUhtUklqUVNYNnUyR3Yx\nekFZdTgxUHVCSnY5Zkc4UkRWT0lLMGcKVhKjLkUic/WSuHCBf7VCeNafkHKW6hLt\n62kIhXUzIHbUEZMmPMrTq8iv72pWz4LbOc701KVCLNpXlekCsHzkHQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-25T14:15:02Z -sops_mac=ENC[AES256_GCM,data:J/n8Ch40DBvbsiHZHITVWXG3XN/otxU/G03K8ptbLH2LGD2D1dV66ubvzsZ8bbCQCGpVK16ZKfQC+D/LKKaiL4id9LNfpdx34CstSTsR0QsJ3K+cjQu8U/TYnekyRtPcO55tKId2GlUd4rU4c7cwgBoWO9V8y4y94PZiV72L8C0=,iv:vjWhWj/TTj1nOe+21pygrVdfrWm6hU4pmxk0Fb0Mw7s=,tag:MvLzX5YPH5WBL+8g0Oh6Jw==,type:str] +sops_lastmodified=2024-09-26T07:33:59Z +sops_mac=ENC[AES256_GCM,data:tBVWLKfF1TNAgNgFabmeZ4hps0j9fUX34pofHvjhpuqtJMsVx3V+8x/A1s1B9FWxaDDCnJ2pslNI6AMRnfhlMDd1vf5zUXrg0SIzzBykofaNPpvD7OyBugmqq061g9GRnUbptEkJGH2JeOV77HKM7FQSEFpT0L4Our2WOPBes3g=,iv:M9iYujw03mK9rnijlOkk9W29ZxwOXuH01QnXrDIUWCY=,tag:2d85q81cEg3OQt7c+DFm3w==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From 078ec3b1dd72e5e549b6174f46c0231813ff5a84 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 10:56:28 +0200 Subject: [PATCH 18/52] - update docker-compose.prod --- environment/prod/deployment/prod/docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index d6141c70..bb3c3083 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -57,7 +57,7 @@ services: timeout: 3s retries: 5 volumes: - - ../postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql + - ../../../postgres/init-unaccent.sql:/docker-entrypoint-initdb.d/init-unaccent.sql - keating-prod-postgres-data:/var/lib/postgresql/data networks: - keating-prod From b539e244889523125ae58fbbeaf2ea343725a7c7 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 11:15:27 +0200 Subject: [PATCH 19/52] - update workflow --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index e58ae8a1..5a232316 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -94,7 +94,7 @@ jobs: username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} - source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml" + source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml, ,./environment/prod/deployment/postgres/*" target: ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }} rm: true From b77723b43c9eea5a30083544e74d7e02b94432ed Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 11:16:14 +0200 Subject: [PATCH 20/52] - update workflow --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index 5a232316..35515b9b 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -94,7 +94,7 @@ jobs: username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} - source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml, ,./environment/prod/deployment/postgres/*" + source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml, ./environment/prod/deployment/postgres/*" target: ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }} rm: true From 5721242ae06c53abe069dfa217cdc190ba7a840d Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 13:15:43 +0200 Subject: [PATCH 21/52] - add sleep to Makefile --- environment/prod/deployment/prod/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index 1065eec1..76d2c77d 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -18,6 +18,7 @@ CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file @docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ docker compose --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh From 146d1f41b165c7619f2b42a5b8b2c60bb6f91c56 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 15:12:09 +0200 Subject: [PATCH 22/52] - update post-deploy-actions --- environment/prod/deployment/scripts/post-deploy-actions.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/environment/prod/deployment/scripts/post-deploy-actions.sh b/environment/prod/deployment/scripts/post-deploy-actions.sh index ec4aa47e..42fb8c2d 100644 --- a/environment/prod/deployment/scripts/post-deploy-actions.sh +++ b/environment/prod/deployment/scripts/post-deploy-actions.sh @@ -6,8 +6,5 @@ set -e ARTISAN_PATH="/application/artisan" php ${ARTISAN_PATH} migrate --force && \ -php ${ARTISAN_PATH} route:cache && \ -php ${ARTISAN_PATH} view:cache && \ -php ${ARTISAN_PATH} event:cache && \ -php ${ARTISAN_PATH} config:cache && \ +php ${ARTISAN_PATH} optimize && \ php ${ARTISAN_PATH} cache:title:flush From 65434ac96b4e815c3ad72683c6b7dde14ee0003e Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 26 Sep 2024 16:12:38 +0200 Subject: [PATCH 23/52] - update .env's --- .../deployment/prod/apps/eskrzypacz/.env.prod | 3 ++- .../prod/apps/eskrzypacz/.env.prod.secrets | 18 +++++++++++------- .../prod/deployment/prod/apps/kpiech/.env.prod | 3 ++- .../prod/apps/kpiech/.env.prod.secrets | 18 +++++++++++------- .../prod/deployment/prod/apps/krewak/.env.prod | 2 +- .../deployment/prod/apps/kzygadlo/.env.prod | 3 ++- .../prod/apps/kzygadlo/.env.prod.secrets | 18 +++++++++++------- 7 files changed, 40 insertions(+), 25 deletions(-) diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index 73cced2a..834159ac 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -1,4 +1,4 @@ -APP_NAME="ESkrzypacz Keating" +APP_NAME="Ewelina Skrzypacz Keating" ENVIRONMENT=prod APP_DEBUG=false @@ -8,6 +8,7 @@ KEATING_HOST_NAME=ewelinaskrzypacz.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE="Host(`ewelinaskrzypacz.collegiumwitelona.pl`)" +DB_CONNECTION=pgsql DB_DATABASE=eskrzypacz CACHE_DRIVER=redis diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets index e1c49456..beb16a97 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets @@ -1,10 +1,14 @@ -APP_KEY=ENC[AES256_GCM,data:3gKCqu+z3i4GHnxb1ykAg25KPEHVsMTb0Ia5168AtpcAK81n8WGPSOhic+LXVKMPOUAu,iv:fYYe6Hs5ml6VIQzv7R0ZoWBqUe6PXvbH4AEXWHWB0d8=,tag:ZiTgVPfY+YUAj5rROyEHTg==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:tPRpBRWDxQ==,iv:EJO0+4KINNPDFqI2tg/VKtYKshD/+qAgqaB9XbVOqbI=,tag:yhS/9pQCIwfMTD+vdipWLQ==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:JuQUIjFAmBUv2Q==,iv:1TSLqFNknuTbTu7O9OhlSh2cFn7mk8v7XQastzLPGi0=,tag:G3jAIRnbsMfm8khbsDqeeg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:h8hOzEECR0vPaft8u+ONXYb7crE=,iv:E/qwxiJnuT5oD1SceAbDIHEdUGbwjwrjemc/h+cK3Hw=,tag:izGuUaOTzOBXC0nglPQ4qw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOWJBM2dLNkR3WXdoeThV\naFlmMzBXK0lhVzdMYVNpRW1LM2FPSnFUckdjCmtoakZzSGxRZm95Y3VhQWI5QTFY\nZHBDd1RqdTI2Vlloc1NVSDM3NFlxQ3cKLS0tIHFsTks3UFpqSDF1dG9ZL0xidTRy\nQWNzbFhiekJ4R0dkR0djejhMaHEwUlUKUBk221h4fVD64Uy8CHrLaZX4fB+Rho+K\nyXMuuPVUD6hlpZYqC9C5V6XQuzyLNcY4gJsf3I7rxrG+Jrr7vXu6MA==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:4lUXTgPfXLBQl0Yf80ItZvtBgaXsFR8/dDyZ1uaOQu8iJeXOFkNK1VDmthRgZZQOO4cL,iv:KttmOBe/Zjk1GpNIrp1KRB7Fjo+0KGJeh9n9hIcFfhw=,tag:UF9+TLnwqsDPnFOzswbeKQ==,type:str] +DB_HOST=ENC[AES256_GCM,data:FZa4l1d0cjNfc8at2M22LWGR40lK,iv:/Fg9yWh8H0BZ37c9x8M75mgWT8kDR9OGVpvItzakzTU=,tag:FGOjOPCgnAOw9yhN6qyDOg==,type:str] +DB_PORT=ENC[AES256_GCM,data:2WsXsA==,iv:KcI6/vjnVAkHLEvQ+ktsDmtpIcwpKg42tNKzjcpWFlQ=,tag:1R6H8FaXj73SmV1zd64iyw==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:vkv0YxwLqcrhnSoK4X+nbFeJGNA=,iv:PgKp6n1UMFGzeufJyj35qJJ/S0odipvMBcqBnWaTuTM=,tag:aUYa6rMHYb0lcxAA7H1KVA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:QMIzIsZhi6MhYQ==,iv:tFa73Kzv1f9qtPdDMo52eDMZ/Vyi7XafJj0+CvesBkQ=,tag:bxPkUi0+zzeTxOplj9hjtQ==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:a76eFQYUZdbU+WA5iT4vHeuIJIQ=,iv:Xj4hf502AvkyIeboprxCM4n45TkuYgBJZkNF7tCz/mA=,tag:oM0CYqUksWVhS5hopEg57g==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:+2Wx0Epi46tjKhMtFPIBhLR8,iv:QJfic4fPgmmrM8Da5OeOfvJggRIc1BzB1Q6fMWWLccs=,tag:sVacLOoJ9xbc3Qa5WdgDYg==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:IVxOng==,iv:5csznKbCfSfVz5te8fXjaLQ8pwDK3l1iJnX7UFPHxHs=,tag:6exUv7to7a4ta87+KZofRA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBld2ZybGVKMWdxSDJ0dFlj\nc2RDNnZhQTY2aHdBQXk5clZJUy9aZmtKdkJvCnJzUWpHdmdEc1drOG9NdmMyazVJ\nRFhsTWpya2JZaHE4dGt4N0FoSEdSQXMKLS0tIFdZN0U2VEN3U2VNRHlob0hOWVlo\nZWEwN09NY0haWjNKZ1RiUEsxbmJVY00KaL3dSz3uFzdS3+S9r0RT0lCPuLDl7rFS\nAAuOltzwZNFLym7pgOQfG3yGPutsn/U2HCLBvbb34TW9FVG8N+e67w==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-24T09:16:26Z -sops_mac=ENC[AES256_GCM,data:XKUPPIfrzPUIA3ZLr/pfbB+HRKu1kv4KeVqhdw85LnFzzf1JFjfD8nKAXHgJhMbplcqFcdN3Jk5JC+1mdIIO3Jsy0GnUAekog+jmqE15P0WVi2V/YwTUImDpc2g/JCxFwAsYk/hYLbmhx6g/RQjylQkWbEqkC4LCu1IE+mgC4Aw=,iv:26CVn8kVB8H3e8d6mh7/Ec9UUbxFXB5DDJBAm0fnmx8=,tag:xgvcENRc9Q0XZ/zmEsDkDA==,type:str] +sops_lastmodified=2024-09-26T14:07:13Z +sops_mac=ENC[AES256_GCM,data:nS5aL+RqKEzb2jEVWfB8GGMuIz/M9HlYE61WtyOoC58VGf9LJER2Ehu9aMaOc4W8DAn36hVzbsN5/C7ZK3BzpLmTYIUYwQdPr5fH0N5VbbCMtz/DLAV7cIWPMag5KxIp6yvv3U8jekLIX8lV433Wc4AHcd95ZTU5sl67LaDDMzA=,iv:brXSJnnlWvi1WApVAQxv86QzmlNwIniWSH45JhJiDfs=,tag:mBoyUHNkerZQBUMkK2dd3A==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index 214a85dc..2b45c9d4 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -1,4 +1,4 @@ -APP_NAME="KPiech Keating" +APP_NAME="Kamil Piech Keating" ENVIRONMENT=prod APP_DEBUG=false @@ -8,6 +8,7 @@ KEATING_HOST_NAME=kamilpiech.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE="Host(`kamilpiech.collegiumwitelona.pl`)" +DB_CONNECTION=pgsql DB_DATABASE=kpiech CACHE_DRIVER=redis diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets index 44ebc259..94e6693d 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets @@ -1,10 +1,14 @@ -APP_KEY=ENC[AES256_GCM,data:3rveVvPCTwmOnbeDo3yGNH1rLPwP8WnvOPmIaFIkoKltPAZZ0xS8G41AXl5VepOKAEIK,iv:01gzvVtnAjuEuYY7vwryDOqzU1619/OIuaquqg5kXCM=,tag:xKsJxDyyf2CvxLB1W+z2yQ==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:EQXQ7VSwCA==,iv:YQ5lL8pxk1cOotyypwVXlBIBpsh0xpxrvZVXGiIt9ME=,tag:oBzq5hToLi2YrRd4oZsHrg==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:0O3VjyFk,iv:R/ke48MSEqhG0x4pOKYUHjz7Rb0P9MpSZU8zDmTJL04=,tag:136qEfhtYXn19420M7naTA==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:YLRbwT8dA7yVCD5DOmvq+yDKpww=,iv:jyjfeaQNOAfQzdDCM7vPz96Ee6BivnUG+2MWoiO1JYs=,tag:wmp8Cj5plg/rPZkjqFIDPA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdXpOcWkrZXo3VEp3ZXVV\nUm9RL0VDNGRVVmg4OFpraTRqd1Z5YU5WWGlzCnJFN3lXOTN0UHBmbUJYRHk1cVZz\nSEwvc1M3cTZWeURBV2NCS2hnOU52a0EKLS0tIEZGNUF6Q1diUWZIclJXbVJmQ1FI\nSFdWaWx2L0V2ZGlRSXAyMkFTUW5IUjAKdnpnSPXJGEBz9uRED9+/wrJK3K09gw0z\n7vyBLReYe0DuwrK0P78d9jCZ8LsZ3org8bTItUQBoOl8LHEFDAA8lg==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:5mMbVbTnxOMGCaTeaeYspowAvxgQ6muCOyG9LmMmoWWiGDBgmzT/tpqrdBJn8tup4CZJ,iv:8SSnepAKz3dKfnZNhs4FF9Jc0fyXNf8AGUvi/nyfyAU=,tag:ku9PxEDU3rvsy973zrN5gg==,type:str] +DB_HOST=ENC[AES256_GCM,data:X2gjelvSz5H1HdN8grFtn58nUN1v,iv:VrvOikIOy/G6B+KfDrsGcz0WB12+0JUdWEyZ0st6yU8=,tag:cqOYoV9l9HZzgERlgSGmtw==,type:str] +DB_PORT=ENC[AES256_GCM,data:kM4RVw==,iv:n2F+LKNSUP0fDVp1y9o8MTuthwap7kwgWVMXf1FVBG0=,tag:1PO0F0YbBe11JdAQ35Ycvg==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:7fQ9ZU8ZSQUWFii8lsBtYbs0Opk=,iv:5cB1RboUBLJqwoJhUq+ML/dZ/0rGLM+YoeSOP7hWOek=,tag:Yt0OrSzEcO8s47DWHdhBfQ==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:wbKJmZ/s,iv:xnlmcnWPqCJ6bLSTBHe2oKbr7cYm3XN0r8SC/fy0wS8=,tag:JTIVuDCRNd8SMlzQiU67mw==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data://cfR7YBKNZebcFgiKFDm25vCgg=,iv:h3hPH2/OwC1C3CNZdDeNswJmt49enPzW0Y8k0goW0v0=,tag:HJzHZXz6mQZXYgjggl8YtA==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:Z9cIp+zIpJBfRDLMDxIKAUrL,iv:6a6HGThH79JDNf9CYHeKDtMfxUs0dtW3MTVl5W+C0GI=,tag:uuHwBpa0x/8K5m9zu2MtXA==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:gDQLqA==,iv:45Lxn9gE3a5QnX4I0LcGlVqjoKpv1oeCE+Bdv4oQEjs=,tag:q3mgEtoswMQff4Dl4iJtzA==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdld0Uk9xYVBKR0ZQdlF3\nME5Zb3hwWkpjWFFVdEJYRnFnTkxXMXd4TUdvCnBFRllpSGY5aGY3QzU3UUJMQUtH\nSlZPRDBtOXBmMnJuTXdZaUV0S3FVRGMKLS0tIEx5V1dzZmFaVXgycFRDTXg5dDM3\nNFBCQlBPWHZ3NWdJQkd1YW9hUUpOak0Kyoq3+nwhJIBFzI2lthulz7Fuv0sv9XP+\nXA4/EavCygUZJ7abWGAdJY3f40IU4QpxqL6VyVc5/IeO0sEjYFRp/g==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-24T09:16:22Z -sops_mac=ENC[AES256_GCM,data:Eeivy45W4LauzD/jq8HzrwDBu8yWCIgCETBsoPWGZrJz5UkDHvdjHi+Zk2eJAiXkKKXVPFSUOLSSRmifMKS0tmx+y/QyNeBtVmM8hmg9fwNYGWxyOUCChzNP8wMR4dITHd8AoSQbBwAkyppKC7muccELzL83PlWsFr7+ilIOjrc=,iv:7UXZDvxOm2FcuPetW2P5olxIe3Uzz0kGzl208R0qyNw=,tag:IunoZOJhh6e3sUOpL5BH+w==,type:str] +sops_lastmodified=2024-09-26T14:09:31Z +sops_mac=ENC[AES256_GCM,data:PpSnxDqRYqhBwjAOYNEBtMqnRKEB1HHSCK4QqDrItnmWDQ5V8VZAJEyyYVP7DSWV1SV8c7xHFJjDmu73LB36+tzA9en8pIKQGorNUt3R+FiFW4erVhGlD2tP+hYeNA1rrJ9JmSeluPLGYNnmnZvgIPbKMbpnebFCvsFQ4Ct/i7w=,iv:XtUCdYpO85qA6Gfpo9cO4ZvWxVh0HPsN+tAweqgWOr8=,tag:m8BdfKRthxRAeZFHM/2zZw==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index ed18d2d6..54675cc6 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -1,4 +1,4 @@ -APP_NAME="KRewak Keating" +APP_NAME="Krzysztof Rewak Keating" ENVIRONMENT=prod APP_DEBUG=false diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index 6ac180fa..d8391428 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -1,4 +1,4 @@ -APP_NAME="KZygadlo Keating" +APP_NAME="Karol Zygadlo Keating" ENVIRONMENT=prod APP_DEBUG=false @@ -8,6 +8,7 @@ KEATING_HOST_NAME=karolzygadlo.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ TRAEFIK_ROUTER_RULE="Host(`karolzygadlo.collegiumwitelona.pl`)" +DB_CONNECTION=pgsql DB_DATABASE=kzygadlo CACHE_DRIVER=redis diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets index aad7cf42..82e7ddb1 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets @@ -1,10 +1,14 @@ -APP_KEY=ENC[AES256_GCM,data:eWFy50obB0AuZs+fZQ+KyN39Sd0deFDMFMSKZWrKBoNfOT+wYrDqnVhcimh8wZVNEwUI,iv:n67lZ+Fd1TzaQIBXDcsaWoMFBUJ8VOuCFWvC3AdI5FQ=,tag:JOryOXA/rSbaNpVOU4mcig==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:NBdHASHs9g==,iv:aiKNfMpI7U+djn4iNriLvgltZzTXYW3DqOn1IhXS5Us=,tag:h8lBM9sAAv+Ay5FkpdowYg==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:CuJrkyNd4lY=,iv:TWqDGkK1um03mjcxV9ztVTCx+BV28fh+5TOIEuGGYnQ=,tag:YMq4/YPXSmKg9v8x08iVNg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:jzH+viQ3A6Otij1iJNYNxWjorGI=,iv:dUxAzs02iiFuxSLl0oKBJ0JzWG62y/CaxOH/Bck/Y2I=,tag:olOB9iMn5vyL4Hid7yD81g==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjN05yQk9pK0VTVGxmZXIv\nQjhDd3Y0U0VCTW14NllXV1lRMkxOMGhaSGg4CkgrazlvaWlzQ1VNZHdyWEh4aHBp\nMFBvb0RzK2F1ckgvLzh4cEdCUmM2ZWcKLS0tIGF2cEZGOGlBalJqZ0V3T3BvN25h\najVWRWRCZ1M2OUtSZkQwMzVGN0laajAKkfa4tiu/5A57AeVfM+7QwpYQeOv0EY/H\nKYn/VV6pezz2y18bWlMAHo4UsUuDZQmUyz8Mi6mv9HfEQq1MSz5/0A==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:oc+49yAZ+flv8H/8T6tZv73Vv9Z6JW8pUXfejecCH2mqB+235PjIipIOdyIm+Y9tezzd,iv:hMRb/V3gEZo8yIhsYTIGZEXmupkLdpjlt3KqDefbywQ=,tag:nJj8zyB0z6Gb0Ns2VuWgVQ==,type:str] +DB_HOST=ENC[AES256_GCM,data:oel4lE3e6EWQMBfbCWGfPC9Ou49N,iv:3KvLSK40t6POkpEzRLhsUNIbbn5ZE26WNNec/bf3NHg=,tag:3x0SCGcebSfntP8ayxKo0Q==,type:str] +DB_PORT=ENC[AES256_GCM,data:LUNJBg==,iv:xcX52AYWO+SJmyW4u+NoxOptI0iSG1IoZbRWvfRWasQ=,tag:e0+ezNVIKuOGD9vyYdok6Q==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:JletDNyoAN025pJZsFXGC8tkO2A=,iv:jb54xoxEIWH050rqEEajFeFRgU1YJKeTPWLgw7qxolk=,tag:6pzehxbYd00F0hzwWccPlQ==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:RnvSVQ8SeEg=,iv:+FsSqUZzE7xkTMZYWxpkoeiVBajjcQx0Mplq/EEw5e4=,tag:Ufo829aLP8ePqJlTqZIxPg==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:6XpNsGBfFfx73yxwwzFYANtKaY8=,iv:wZeX8LNpVuBUhwtQ5BAb+o8TsPAHhwz/r5HRphEdnUM=,tag:KocsY1v2RJkHl6276UtJcA==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:qhaWxkZrkrcQUAq3GEDFQTGV,iv:SDRw24diS4qwS7mH2tHU01WUgV5TfJCRpZDPlnaOVFQ=,tag:uQe8UTHNwYRNU62aBBHUbg==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:Q76cFw==,iv:+2To7aQGUqtjzBcs4mloyiH2CctB0n056adG+OBIoV4=,tag:sZG8R14d3CAZ3SNTDkAQtQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNG1LUHVaY3hoOGxYSHR6\nMkFJd1gvN3pxN0NUTXMyTHB2QzR5VUFscUI4Clc5MzdYMER4ejlIVElmNWNObTRM\nVS9IbWExaDZUaHp0Z2lIQzk3R3BhU1kKLS0tIFY1TXJoUDZ4VTAxTi9QNkFjQzNh\naW0vUU9NamcxWkdqbmtuVEt6RnpSNk0KWru0/EhOyBrg7u3o+CEkFvbEN3jLTPRt\nmCt3ufvu6KdtN8G0q5OqoF873cNBJsNnGdNk1+bQlGEZ0TqnX5+pew==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-24T09:16:34Z -sops_mac=ENC[AES256_GCM,data:W0WxWU5eqFY7ishtOPJ+ET1hD2ZSyAKMq/yRaD6Nsw6r2mdgaRfYUQ+K/BwI/jpD+jCw84dpNUj4Rll3/tSVWWTR8r20zIRwdonR6NRXJPNhhg3NvkykD6nrTkQsGGB0LGv89Ie9fjUch8v8jlmuFaqbEnjiK48hGqyjys/NIok=,iv:T/ASwtqjNdbd9s+bq8AUwPqoBBqf51IrSuBz9M9p+so=,tag:008cHqmEWB2ZMq12NgunPA==,type:str] +sops_lastmodified=2024-09-26T14:10:12Z +sops_mac=ENC[AES256_GCM,data:sPh0/w77nAKQpe0jWi+y2M1acAprxj0lJL0Z5EFMV09uTS9FPWECisVc3+IhChOVC+pgW6Reqzo+M7SY9Ccycexx2vlz4vxnSU8k9k1MdbdB6T6LDBWJdokV4c4+dblEnHCEWln/hrnTIzLy8zoCzKeYMB7z7of6P0TvO1mZfFA=,iv:BAv+LDZ/B5EXmJMOOVi7SAzF5bwe6RWyZhXS6t9VKe4=,tag:aRR4Ng0QgWXwhAfymafwng==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 From 940020135638735b8c47658e1c764c0dceb9a062 Mon Sep 17 00:00:00 2001 From: Krzysztof Rewak Date: Thu, 26 Sep 2024 17:38:44 +0200 Subject: [PATCH 24/52] #145 - production seeder --- app/Console/Commands/FlushCache.php | 20 ++++++++++++++ .../Commands/FlushCachedScheduleLink.php | 19 +++++++++++++ database/seeders/ProductionSeeder.php | 27 +++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 app/Console/Commands/FlushCache.php create mode 100644 app/Console/Commands/FlushCachedScheduleLink.php create mode 100644 database/seeders/ProductionSeeder.php diff --git a/app/Console/Commands/FlushCache.php b/app/Console/Commands/FlushCache.php new file mode 100644 index 00000000..a35d8181 --- /dev/null +++ b/app/Console/Commands/FlushCache.php @@ -0,0 +1,20 @@ +call(FlushCachedPageTitle::class); + $this->call(FlushCachedScheduleLink::class); + } +} diff --git a/app/Console/Commands/FlushCachedScheduleLink.php b/app/Console/Commands/FlushCachedScheduleLink.php new file mode 100644 index 00000000..c6fcbbf8 --- /dev/null +++ b/app/Console/Commands/FlushCachedScheduleLink.php @@ -0,0 +1,19 @@ +forget("scheduleLink"); + } +} diff --git a/database/seeders/ProductionSeeder.php b/database/seeders/ProductionSeeder.php new file mode 100644 index 00000000..2b71f467 --- /dev/null +++ b/database/seeders/ProductionSeeder.php @@ -0,0 +1,27 @@ +create(["email" => "admin@example.com"]); + + Setting::factory()->create(); + SectionSettings::query()->create([ + "banner_enabled" => true, + "about_enabled" => true, + "counters_enabled" => true, + "contact_enabled" => true, + ]); + } +} From 230717516a9d8f3714cf70d86468a99686123839 Mon Sep 17 00:00:00 2001 From: Krzysztof Rewak Date: Thu, 26 Sep 2024 17:41:40 +0200 Subject: [PATCH 25/52] #145 - csf --- app/Console/Commands/FlushCache.php | 3 +-- database/seeders/ProductionSeeder.php | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/app/Console/Commands/FlushCache.php b/app/Console/Commands/FlushCache.php index a35d8181..6359c0d7 100644 --- a/app/Console/Commands/FlushCache.php +++ b/app/Console/Commands/FlushCache.php @@ -4,7 +4,6 @@ namespace Keating\Console\Commands; -use Illuminate\Cache\CacheManager; use Illuminate\Console\Command; class FlushCache extends Command @@ -12,7 +11,7 @@ class FlushCache extends Command protected $signature = "cache:flush"; protected $description = "Flush cached data"; - public function handle(CacheManager $cache): void + public function handle(): void { $this->call(FlushCachedPageTitle::class); $this->call(FlushCachedScheduleLink::class); diff --git a/database/seeders/ProductionSeeder.php b/database/seeders/ProductionSeeder.php index 2b71f467..b30e683e 100644 --- a/database/seeders/ProductionSeeder.php +++ b/database/seeders/ProductionSeeder.php @@ -5,7 +5,6 @@ namespace Database\Seeders; use Illuminate\Database\Seeder; -use Keating\Models\Section; use Keating\Models\SectionSettings; use Keating\Models\Setting; use Keating\Models\User; From c8b87d6b20eb88388e3ff0771f8e7d9e81360f8b Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 10:24:09 +0200 Subject: [PATCH 26/52] - add -p flag for test --- environment/prod/deployment/prod/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index 76d2c77d..8dd27324 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -16,8 +16,8 @@ DOCKER_EXEC_SCRIPT = docker compose --file ${DOCKER_COMPOSE_FILENAME} exec --wor CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file - @docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ - docker compose --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + @docker compose -p keating-prod --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose -p keating-prod --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh From 72671b8c18ab6bdee517ddaaad16cb6f2f3062ad Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 10:37:16 +0200 Subject: [PATCH 27/52] - update post deploy actions --- environment/prod/deployment/scripts/post-deploy-actions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/scripts/post-deploy-actions.sh b/environment/prod/deployment/scripts/post-deploy-actions.sh index 42fb8c2d..9a05a04b 100644 --- a/environment/prod/deployment/scripts/post-deploy-actions.sh +++ b/environment/prod/deployment/scripts/post-deploy-actions.sh @@ -7,4 +7,4 @@ ARTISAN_PATH="/application/artisan" php ${ARTISAN_PATH} migrate --force && \ php ${ARTISAN_PATH} optimize && \ -php ${ARTISAN_PATH} cache:title:flush +php ${ARTISAN_PATH} cache:flush From 9dbb22ed049fac23dba589d5eca5a3e6b9fcd7dc Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 10:54:08 +0200 Subject: [PATCH 28/52] - update files --- environment/prod/deployment/prod/Makefile | 4 ++-- .../prod/deployment/prod/apps/eskrzypacz/.env.prod | 3 ++- .../prod/deployment/prod/apps/kpiech/.env.prod | 3 ++- .../prod/deployment/prod/apps/krewak/.env.prod | 3 ++- .../prod/deployment/prod/apps/kzygadlo/.env.prod | 3 ++- .../prod/deployment/prod/docker-compose.prod.yml | 14 +++++++------- 6 files changed, 17 insertions(+), 13 deletions(-) diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index 8dd27324..dc8ae6cd 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -16,8 +16,8 @@ DOCKER_EXEC_SCRIPT = docker compose --file ${DOCKER_COMPOSE_FILENAME} exec --wor CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file - @docker compose -p keating-prod --file ${DOCKER_COMPOSE_FILENAME} pull && \ - docker compose -p keating-prod --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + @docker compose --project-name keating-prod --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose --project-name keating-prod --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index 834159ac..86fae9e2 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -2,7 +2,8 @@ APP_NAME="Ewelina Skrzypacz Keating" ENVIRONMENT=prod APP_DEBUG=false -COMPOSE_PROJECT_NAME=eskrzypacz +USER_PROJECT_NAME=eskrzypacz +COMPOSE_PROJECT_NAME=keating-prod TRAEFIK_ENABLED=true KEATING_HOST_NAME=ewelinaskrzypacz.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index 2b45c9d4..eb378d61 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -2,7 +2,8 @@ APP_NAME="Kamil Piech Keating" ENVIRONMENT=prod APP_DEBUG=false -COMPOSE_PROJECT_NAME=kpiech +USER_PROJECT_NAME=kpiech +COMPOSE_PROJECT_NAME=keating-prod TRAEFIK_ENABLED=true KEATING_HOST_NAME=kamilpiech.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index 54675cc6..846f6eab 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -2,7 +2,8 @@ APP_NAME="Krzysztof Rewak Keating" ENVIRONMENT=prod APP_DEBUG=false -COMPOSE_PROJECT_NAME=krewak +USER_PROJECT_NAME=krewak +COMPOSE_PROJECT_NAME=keating-prod TRAEFIK_ENABLED=true KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index d8391428..dc438c44 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -2,7 +2,8 @@ APP_NAME="Karol Zygadlo Keating" ENVIRONMENT=prod APP_DEBUG=false -COMPOSE_PROJECT_NAME=kzygadlo +USER_PROJECT_NAME=kzygadlo +COMPOSE_PROJECT_NAME=keating-prod TRAEFIK_ENABLED=true KEATING_HOST_NAME=karolzygadlo.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index bb3c3083..0399ce92 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -12,8 +12,8 @@ volumes: services: keating-prod-app: - image: registry.blumilk.pl/internal-public/keating:${COMPOSE_PROJECT_NAME} - container_name: keating-${COMPOSE_PROJECT_NAME}-app-container + image: registry.blumilk.pl/internal-public/keating:${USER_PROJECT_NAME} + container_name: keating-${USER_PROJECT_NAME}-app-container pull_policy: always logging: driver: "json-file" @@ -28,11 +28,11 @@ services: memory: 512M labels: - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + - "traefik.http.routers.${USER_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.${USER_PROJECT_NAME}.entrypoints=websecure" + - "traefik.http.routers.${USER_PROJECT_NAME}.tls=true" + - "traefik.http.routers.${USER_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.${USER_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" working_dir: /application volumes: - ./.env:/application/.env:ro From 5b8cfc686151bd22bd6f9391d2f9e658b8645b11 Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 12:00:19 +0200 Subject: [PATCH 29/52] - update files --- environment/prod/deployment/prod/Makefile | 5 +++-- environment/prod/deployment/prod/docker-compose.prod.yml | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index dc8ae6cd..18dedaab 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -10,14 +10,15 @@ CURRENT_USER_GROUP_ID = $(shell id --group) DOCKER_COMPOSE_FILENAME = docker-compose.prod.yml DOCKER_COMPOSE_APP_SERVICE = keating-prod-app +PROJECT_NAME=keating-prod DOCKER_EXEC_SCRIPT = docker compose --file ${DOCKER_COMPOSE_FILENAME} exec --workdir /application/environment/prod/deployment/scripts ${DOCKER_COMPOSE_APP_SERVICE} bash CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file - @docker compose --project-name keating-prod --file ${DOCKER_COMPOSE_FILENAME} pull && \ - docker compose --project-name keating-prod --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 0399ce92..660db86f 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -3,6 +3,7 @@ networks: external: true keating-prod: driver: bridge + name: keating-prod volumes: keating-prod-postgres-data: From f37c09e943a0b1d4d499872a02c7d4c901514907 Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 14:57:33 +0200 Subject: [PATCH 30/52] - update docker compose --- environment/prod/deployment/prod/docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 660db86f..8eb1c95f 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -23,7 +23,7 @@ services: max-file: "5" deploy: mode: replicated - replicas: 1 + replicas: 4 resources: limits: memory: 512M From ed3156bc5d54bdf91aab5958a14ea0beb165e2f6 Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 27 Sep 2024 15:09:21 +0200 Subject: [PATCH 31/52] - changes replcas to previous --- environment/prod/deployment/prod/docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 8eb1c95f..660db86f 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -23,7 +23,7 @@ services: max-file: "5" deploy: mode: replicated - replicas: 4 + replicas: 1 resources: limits: memory: 512M From 171f0b6d7efcfc1579f4ee9a072cfb594549d2ba Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 09:32:27 +0200 Subject: [PATCH 32/52] - changed in deployment files --- .github/workflows/deploy-to-prod.yml | 4 +- environment/prod/deployment/prod/Makefile | 3 ++ .../apps/eskrzypacz/docker-compose.prod.yml | 39 +++++++++++++++++++ .../prod/apps/kpiech/docker-compose.prod.yml | 39 +++++++++++++++++++ .../prod/apps/krewak/docker-compose.prod.yml | 39 +++++++++++++++++++ .../apps/kzygadlo/docker-compose.prod.yml | 39 +++++++++++++++++++ ...ose.prod.yml => docker-compose.dbprod.yml} | 32 --------------- 7 files changed, 161 insertions(+), 34 deletions(-) create mode 100644 environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml create mode 100644 environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml create mode 100644 environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml create mode 100644 environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml rename environment/prod/deployment/prod/{docker-compose.prod.yml => docker-compose.dbprod.yml} (55%) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index 35515b9b..e0c5a6dc 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -94,7 +94,7 @@ jobs: username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} - source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.prod.yml, ./environment/prod/deployment/postgres/*" + source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.dbprod.yml, ./environment/prod/deployment/postgres/*" target: ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }} rm: true @@ -110,7 +110,7 @@ jobs: script_stop: true script: | cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }}/environment/prod/deployment/prod/ - mv Makefile docker-compose.prod.yml apps/${{ env.APP_NAME }}/ + mv Makefile docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index 18dedaab..d34c8b56 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -9,6 +9,7 @@ CURRENT_USER_ID = $(shell id --user) CURRENT_USER_GROUP_ID = $(shell id --group) DOCKER_COMPOSE_FILENAME = docker-compose.prod.yml +DOCKER_COMPOSE_DB_FILENAME = docker-compose.dbprod.yml DOCKER_COMPOSE_APP_SERVICE = keating-prod-app PROJECT_NAME=keating-prod @@ -19,6 +20,8 @@ CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} pull && \ docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ + @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} pull && \ + docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml new file mode 100644 index 00000000..af3c8a24 --- /dev/null +++ b/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml @@ -0,0 +1,39 @@ +networks: + traefik-proxy: + external: true + keating-prod: + driver: bridge + name: keating-prod + +services: + keating-eskrzypacz-prod-app: + image: registry.blumilk.pl/internal-public/keating:eskrzypacz + container_name: keating-eskrzypacz-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.eskrzypacz.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.eskrzypacz.entrypoints=websecure" + - "traefik.http.routers.eskrzypacz.tls=true" + - "traefik.http.routers.eskrzypacz.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.eskrzypacz.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment diff --git a/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml new file mode 100644 index 00000000..11f6aec6 --- /dev/null +++ b/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml @@ -0,0 +1,39 @@ +networks: + traefik-proxy: + external: true + keating-prod: + driver: bridge + name: keating-prod + +services: + keating-kpiech-prod-app: + image: registry.blumilk.pl/internal-public/keating:kpiech + container_name: keating-kpiech-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.kpiech.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.kpiech.entrypoints=websecure" + - "traefik.http.routers.kpiech.tls=true" + - "traefik.http.routers.kpiech.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.kpiech.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment diff --git a/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml new file mode 100644 index 00000000..11b77c40 --- /dev/null +++ b/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml @@ -0,0 +1,39 @@ +networks: + traefik-proxy: + external: true + keating-prod: + driver: bridge + name: keating-prod + +services: + keating-krewak-prod-app: + image: registry.blumilk.pl/internal-public/keating:krewak + container_name: keating-krewak-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.krewak.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.krewak.entrypoints=websecure" + - "traefik.http.routers.krewak.tls=true" + - "traefik.http.routers.krewak.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.krewak.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment diff --git a/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml new file mode 100644 index 00000000..18db0b95 --- /dev/null +++ b/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml @@ -0,0 +1,39 @@ +networks: + traefik-proxy: + external: true + keating-prod: + driver: bridge + name: keating-prod + +services: + keating-kzygadlo-prod-app: + image: registry.blumilk.pl/internal-public/keating:kzygadlo + container_name: keating-kzygadlo-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.kzygadlo.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.kzygadlo.entrypoints=websecure" + - "traefik.http.routers.kzygadlo.tls=true" + - "traefik.http.routers.kzygadlo.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.kzygadlo.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.dbprod.yml similarity index 55% rename from environment/prod/deployment/prod/docker-compose.prod.yml rename to environment/prod/deployment/prod/docker-compose.dbprod.yml index 660db86f..28e2d0e0 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.dbprod.yml @@ -12,38 +12,6 @@ volumes: name: keating-prod-redis-data services: - keating-prod-app: - image: registry.blumilk.pl/internal-public/keating:${USER_PROJECT_NAME} - container_name: keating-${USER_PROJECT_NAME}-app-container - pull_policy: always - logging: - driver: "json-file" - options: - max-size: "50m" - max-file: "5" - deploy: - mode: replicated - replicas: 1 - resources: - limits: - memory: 512M - labels: - - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.${USER_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.${USER_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.routers.${USER_PROJECT_NAME}.tls=true" - - "traefik.http.routers.${USER_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.${USER_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" - working_dir: /application - volumes: - - ./.env:/application/.env:ro - networks: - - keating-prod - - traefik-proxy - restart: unless-stopped - env_file: - - .deployment - database: image: postgres:15.5-alpine3.17@sha256:1961f9d61a86948fb3c02ef87a6616f74f3530d10a1cd299b84abba7ed6db791 container_name: keating-prod-database From f052e409d03cae090d2e0f45fe3cc93728872295 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 11:07:25 +0200 Subject: [PATCH 33/52] - changes in deployment files --- .github/workflows/deploy-to-prod.yml | 4 +- environment/prod/deployment/prod/Makefile | 4 +- .../apps/eskrzypacz/docker-compose.prod.yml | 39 ------------------- .../prod/apps/kpiech/docker-compose.prod.yml | 39 ------------------- .../prod/apps/krewak/docker-compose.prod.yml | 39 ------------------- .../apps/kzygadlo/docker-compose.prod.yml | 39 ------------------- .../deployment/prod/docker-compose.prod.yml | 38 ++++++++++++++++++ 7 files changed, 42 insertions(+), 160 deletions(-) delete mode 100644 environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml delete mode 100644 environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml delete mode 100644 environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml delete mode 100644 environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml create mode 100644 environment/prod/deployment/prod/docker-compose.prod.yml diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index e0c5a6dc..dc98ad6e 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -94,7 +94,7 @@ jobs: username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }} key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }} passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }} - source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.dbprod.yml, ./environment/prod/deployment/postgres/*" + source: "./environment/prod/deployment/prod/apps/${{ env.APP_NAME }}/*,./environment/prod/deployment/scripts/*, ./environment/prod/deployment/prod/Makefile, ./environment/prod/deployment/prod/docker-compose.dbprod.yml, ./environment/prod/deployment/prod/docker-compose.prod.yml, ./environment/prod/deployment/postgres/*" target: ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }} rm: true @@ -110,7 +110,7 @@ jobs: script_stop: true script: | cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.DOCKER_REGISTRY_REPO_NAME }}/${{ env.APP_NAME }}/environment/prod/deployment/prod/ - mv Makefile docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ + mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index d34c8b56..ff8efe17 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -18,10 +18,10 @@ DOCKER_EXEC_SCRIPT = docker compose --file ${DOCKER_COMPOSE_FILENAME} exec --wor CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file - @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} pull && \ - docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} pull && \ docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} up --detach && \ + @docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ ${DOCKER_EXEC_SCRIPT} post-deploy-actions.sh diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml deleted file mode 100644 index af3c8a24..00000000 --- a/environment/prod/deployment/prod/apps/eskrzypacz/docker-compose.prod.yml +++ /dev/null @@ -1,39 +0,0 @@ -networks: - traefik-proxy: - external: true - keating-prod: - driver: bridge - name: keating-prod - -services: - keating-eskrzypacz-prod-app: - image: registry.blumilk.pl/internal-public/keating:eskrzypacz - container_name: keating-eskrzypacz-app-container - pull_policy: always - logging: - driver: "json-file" - options: - max-size: "50m" - max-file: "5" - deploy: - mode: replicated - replicas: 1 - resources: - limits: - memory: 512M - labels: - - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.eskrzypacz.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.eskrzypacz.entrypoints=websecure" - - "traefik.http.routers.eskrzypacz.tls=true" - - "traefik.http.routers.eskrzypacz.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.eskrzypacz.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" - working_dir: /application - volumes: - - ./.env:/application/.env:ro - networks: - - keating-prod - - traefik-proxy - restart: unless-stopped - env_file: - - .deployment diff --git a/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml deleted file mode 100644 index 11f6aec6..00000000 --- a/environment/prod/deployment/prod/apps/kpiech/docker-compose.prod.yml +++ /dev/null @@ -1,39 +0,0 @@ -networks: - traefik-proxy: - external: true - keating-prod: - driver: bridge - name: keating-prod - -services: - keating-kpiech-prod-app: - image: registry.blumilk.pl/internal-public/keating:kpiech - container_name: keating-kpiech-app-container - pull_policy: always - logging: - driver: "json-file" - options: - max-size: "50m" - max-file: "5" - deploy: - mode: replicated - replicas: 1 - resources: - limits: - memory: 512M - labels: - - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.kpiech.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.kpiech.entrypoints=websecure" - - "traefik.http.routers.kpiech.tls=true" - - "traefik.http.routers.kpiech.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.kpiech.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" - working_dir: /application - volumes: - - ./.env:/application/.env:ro - networks: - - keating-prod - - traefik-proxy - restart: unless-stopped - env_file: - - .deployment diff --git a/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml deleted file mode 100644 index 11b77c40..00000000 --- a/environment/prod/deployment/prod/apps/krewak/docker-compose.prod.yml +++ /dev/null @@ -1,39 +0,0 @@ -networks: - traefik-proxy: - external: true - keating-prod: - driver: bridge - name: keating-prod - -services: - keating-krewak-prod-app: - image: registry.blumilk.pl/internal-public/keating:krewak - container_name: keating-krewak-app-container - pull_policy: always - logging: - driver: "json-file" - options: - max-size: "50m" - max-file: "5" - deploy: - mode: replicated - replicas: 1 - resources: - limits: - memory: 512M - labels: - - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.krewak.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.krewak.entrypoints=websecure" - - "traefik.http.routers.krewak.tls=true" - - "traefik.http.routers.krewak.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.krewak.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" - working_dir: /application - volumes: - - ./.env:/application/.env:ro - networks: - - keating-prod - - traefik-proxy - restart: unless-stopped - env_file: - - .deployment diff --git a/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml b/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml deleted file mode 100644 index 18db0b95..00000000 --- a/environment/prod/deployment/prod/apps/kzygadlo/docker-compose.prod.yml +++ /dev/null @@ -1,39 +0,0 @@ -networks: - traefik-proxy: - external: true - keating-prod: - driver: bridge - name: keating-prod - -services: - keating-kzygadlo-prod-app: - image: registry.blumilk.pl/internal-public/keating:kzygadlo - container_name: keating-kzygadlo-app-container - pull_policy: always - logging: - driver: "json-file" - options: - max-size: "50m" - max-file: "5" - deploy: - mode: replicated - replicas: 1 - resources: - limits: - memory: 512M - labels: - - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.kzygadlo.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.kzygadlo.entrypoints=websecure" - - "traefik.http.routers.kzygadlo.tls=true" - - "traefik.http.routers.kzygadlo.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.kzygadlo.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" - working_dir: /application - volumes: - - ./.env:/application/.env:ro - networks: - - keating-prod - - traefik-proxy - restart: unless-stopped - env_file: - - .deployment diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml new file mode 100644 index 00000000..18ac0d79 --- /dev/null +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -0,0 +1,38 @@ +networks: + traefik-proxy: + external: true + keating-prod: + external: true + +services: + keating-prod-app: + image: registry.blumilk.pl/internal-public/keating:prod + container_name: keating-${USER_PROJECT_NAME}-app-container + pull_policy: always + logging: + driver: "json-file" + options: + max-size: "50m" + max-file: "5" + deploy: + mode: replicated + replicas: 1 + resources: + limits: + memory: 512M + labels: + - "traefik.enable=${TRAEFIK_ENABLED}" + - "traefik.http.routers.${USER_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.${USER_PROJECT_NAME}.entrypoints=websecure" + - "traefik.http.routers.${USER_PROJECT_NAME}.tls=true" + - "traefik.http.routers.${USER_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.${USER_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + working_dir: /application + volumes: + - ./.env:/application/.env:ro + networks: + - keating-prod + - traefik-proxy + restart: unless-stopped + env_file: + - .deployment From 8c9a638ff79fe66db2252d4a86532aa48a7d3e59 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 11:35:51 +0200 Subject: [PATCH 34/52] - update Makefile --- environment/prod/deployment/prod/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/Makefile b/environment/prod/deployment/prod/Makefile index ff8efe17..e2eea789 100644 --- a/environment/prod/deployment/prod/Makefile +++ b/environment/prod/deployment/prod/Makefile @@ -20,7 +20,7 @@ CURRENT_DIR = $(shell pwd) prod-deploy: decrypt-secrets create-deployment-file @docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} pull && \ docker compose --project-name ${PROJECT_NAME} --file ${DOCKER_COMPOSE_DB_FILENAME} up --detach && \ - @docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ + docker compose --file ${DOCKER_COMPOSE_FILENAME} pull && \ docker compose --file ${DOCKER_COMPOSE_FILENAME} up --detach && \ sleep 5 && \ echo "App post deploy actions" && \ From 37ceb2eb92f1f29b35ac69162c9369bc218038de Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 11:43:24 +0200 Subject: [PATCH 35/52] - update value for docker meta --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index dc98ad6e..fadeb3e5 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -67,7 +67,7 @@ jobs: with: images: ${{ env.DOCKER_IMAGE_NAME }} tags: | - type=raw,value=${{ env.APP_NAME }} + type=raw,value=prod context: workflow - name: build and push image From 09974af707875e61ac7afe5e18339686047b0031 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 12:06:44 +0200 Subject: [PATCH 36/52] - update env's --- environment/prod/deployment/prod/apps/eskrzypacz/.env.prod | 2 +- environment/prod/deployment/prod/apps/kpiech/.env.prod | 2 +- environment/prod/deployment/prod/apps/krewak/.env.prod | 2 +- environment/prod/deployment/prod/apps/kzygadlo/.env.prod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index 86fae9e2..d9f26a76 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -3,7 +3,7 @@ ENVIRONMENT=prod APP_DEBUG=false USER_PROJECT_NAME=eskrzypacz -COMPOSE_PROJECT_NAME=keating-prod +COMPOSE_PROJECT_NAME=eskrzypacz TRAEFIK_ENABLED=true KEATING_HOST_NAME=ewelinaskrzypacz.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index eb378d61..21ac6082 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -3,7 +3,7 @@ ENVIRONMENT=prod APP_DEBUG=false USER_PROJECT_NAME=kpiech -COMPOSE_PROJECT_NAME=keating-prod +COMPOSE_PROJECT_NAME=kpiech TRAEFIK_ENABLED=true KEATING_HOST_NAME=kamilpiech.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index 846f6eab..bb801dfe 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -3,7 +3,7 @@ ENVIRONMENT=prod APP_DEBUG=false USER_PROJECT_NAME=krewak -COMPOSE_PROJECT_NAME=keating-prod +COMPOSE_PROJECT_NAME=krewak TRAEFIK_ENABLED=true KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index dc438c44..49ec9d5c 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -3,7 +3,7 @@ ENVIRONMENT=prod APP_DEBUG=false USER_PROJECT_NAME=kzygadlo -COMPOSE_PROJECT_NAME=keating-prod +COMPOSE_PROJECT_NAME=kzygadlo TRAEFIK_ENABLED=true KEATING_HOST_NAME=karolzygadlo.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ From 6a559b84bf0a895e6d736a1a46948b73cfc4b6cf Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 14:10:29 +0200 Subject: [PATCH 37/52] - add --no-prune --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index fadeb3e5..f7a7bf76 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -113,4 +113,4 @@ jobs: mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} - docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi --no-prune From a607295bb420cbbbf64e5a14c10f8218fe08caad Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 14:18:26 +0200 Subject: [PATCH 38/52] - add 2>/dev/null --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index f7a7bf76..c9d261b5 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -113,4 +113,4 @@ jobs: mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} - docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi --no-prune + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>/dev/null From d0ec2ee7a45a90cdc0ee92825d3c5087cbdeb711 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 14:26:15 +0200 Subject: [PATCH 39/52] - add || true --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index c9d261b5..34fe24a3 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -113,4 +113,4 @@ jobs: mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} - docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>/dev/null + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>/dev/null || true From 1ff2c3644a7cce9ee3a80790d73b732b98b933de Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 14:42:52 +0200 Subject: [PATCH 40/52] - test 2>&1 --- .github/workflows/deploy-to-prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index 34fe24a3..78f36e0a 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -113,4 +113,4 @@ jobs: mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} - docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>/dev/null || true + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>&1 || true From 7e84a73e9ce2330ea73c82522a61f5ef2cc1c16b Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 15:03:28 +0200 Subject: [PATCH 41/52] - update files --- .github/workflows/deploy-to-prod.yml | 2 +- .../prod/deployment/prod/apps/eskrzypacz/.env.prod | 3 +-- .../prod/deployment/prod/apps/kpiech/.env.prod | 3 +-- .../prod/deployment/prod/apps/krewak/.env.prod | 3 +-- .../prod/deployment/prod/apps/kzygadlo/.env.prod | 3 +-- .../prod/deployment/prod/docker-compose.prod.yml | 12 ++++++------ 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml index 78f36e0a..34fe24a3 100644 --- a/.github/workflows/deploy-to-prod.yml +++ b/.github/workflows/deploy-to-prod.yml @@ -113,4 +113,4 @@ jobs: mv Makefile docker-compose.prod.yml docker-compose.dbprod.yml apps/${{ env.APP_NAME }}/ cd apps/${{ env.APP_NAME }} make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }} - docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>&1 || true + docker images --filter dangling=true | grep "${{ env.DOCKER_IMAGE_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi 2>/dev/null || true diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod index d9f26a76..d2cf4f81 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod @@ -2,8 +2,7 @@ APP_NAME="Ewelina Skrzypacz Keating" ENVIRONMENT=prod APP_DEBUG=false -USER_PROJECT_NAME=eskrzypacz -COMPOSE_PROJECT_NAME=eskrzypacz +COMPOSE_PROJECT_NAME=keating-prod-eskrzypacz TRAEFIK_ENABLED=true KEATING_HOST_NAME=ewelinaskrzypacz.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod b/environment/prod/deployment/prod/apps/kpiech/.env.prod index 21ac6082..c3796a50 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod @@ -2,8 +2,7 @@ APP_NAME="Kamil Piech Keating" ENVIRONMENT=prod APP_DEBUG=false -USER_PROJECT_NAME=kpiech -COMPOSE_PROJECT_NAME=kpiech +COMPOSE_PROJECT_NAME=keating-prod-kpiech TRAEFIK_ENABLED=true KEATING_HOST_NAME=kamilpiech.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index bb801dfe..fa7559de 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -2,8 +2,7 @@ APP_NAME="Krzysztof Rewak Keating" ENVIRONMENT=prod APP_DEBUG=false -USER_PROJECT_NAME=krewak -COMPOSE_PROJECT_NAME=krewak +COMPOSE_PROJECT_NAME=keating-prod-krewak TRAEFIK_ENABLED=true KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod index 49ec9d5c..d6789813 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod @@ -2,8 +2,7 @@ APP_NAME="Karol Zygadlo Keating" ENVIRONMENT=prod APP_DEBUG=false -USER_PROJECT_NAME=kzygadlo -COMPOSE_PROJECT_NAME=kzygadlo +COMPOSE_PROJECT_NAME=keating-prod-kzygadlo TRAEFIK_ENABLED=true KEATING_HOST_NAME=karolzygadlo.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 18ac0d79..81bf3f62 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -7,7 +7,7 @@ networks: services: keating-prod-app: image: registry.blumilk.pl/internal-public/keating:prod - container_name: keating-${USER_PROJECT_NAME}-app-container + container_name: keating-${COMPOSE_PROJECT_NAME}-app-container pull_policy: always logging: driver: "json-file" @@ -22,11 +22,11 @@ services: memory: 512M labels: - "traefik.enable=${TRAEFIK_ENABLED}" - - "traefik.http.routers.${USER_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" - - "traefik.http.routers.${USER_PROJECT_NAME}.entrypoints=websecure" - - "traefik.http.routers.${USER_PROJECT_NAME}.tls=true" - - "traefik.http.routers.${USER_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" - - "traefik.http.routers.${USER_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=${TRAEFIK_ROUTER_RULE}" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=websecure" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls=true" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=lets-encrypt-resolver" + - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.middlewares=response-gzip-compress@file,no-index-robots-response-header@file" working_dir: /application volumes: - ./.env:/application/.env:ro From 60e80f043146181c7623ba9a08ce2ad190905781 Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 30 Sep 2024 15:04:49 +0200 Subject: [PATCH 42/52] - update docker-compose.prod --- environment/prod/deployment/prod/docker-compose.prod.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/docker-compose.prod.yml b/environment/prod/deployment/prod/docker-compose.prod.yml index 81bf3f62..acd0f7a7 100644 --- a/environment/prod/deployment/prod/docker-compose.prod.yml +++ b/environment/prod/deployment/prod/docker-compose.prod.yml @@ -7,7 +7,7 @@ networks: services: keating-prod-app: image: registry.blumilk.pl/internal-public/keating:prod - container_name: keating-${COMPOSE_PROJECT_NAME}-app-container + container_name: ${COMPOSE_PROJECT_NAME}-app-container pull_policy: always logging: driver: "json-file" From f3b21e9d9ab7f3f75f53e358eae03841a448b4b7 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 1 Oct 2024 10:15:31 +0200 Subject: [PATCH 43/52] - update db environment in docker compose dbprod --- environment/prod/deployment/prod/docker-compose.dbprod.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/environment/prod/deployment/prod/docker-compose.dbprod.yml b/environment/prod/deployment/prod/docker-compose.dbprod.yml index 28e2d0e0..49497c3d 100644 --- a/environment/prod/deployment/prod/docker-compose.dbprod.yml +++ b/environment/prod/deployment/prod/docker-compose.dbprod.yml @@ -16,9 +16,7 @@ services: image: postgres:15.5-alpine3.17@sha256:1961f9d61a86948fb3c02ef87a6616f74f3530d10a1cd299b84abba7ed6db791 container_name: keating-prod-database environment: - - POSTGRES_USER=${DB_USERNAME} - - POSTGRES_PASSWORD=${DB_PASSWORD} - - POSTGRES_DB=${DB_DATABASE} + - POSTGRES_PASSWORD=${DB_ROOT_PASSWORD} - PGDATA=/var/lib/postgresql/data healthcheck: test: [ "CMD-SHELL", "pg_isready --dbname ${DB_DATABASE} --username ${DB_USERNAME}" ] From 12eee0cfec6b098599b976b68ff2664509d0c868 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 1 Oct 2024 16:49:25 +0200 Subject: [PATCH 44/52] - add readme.prod.md --- readme.prod.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 readme.prod.md diff --git a/readme.prod.md b/readme.prod.md new file mode 100644 index 00000000..e9c03e3a --- /dev/null +++ b/readme.prod.md @@ -0,0 +1,21 @@ +## Keating +### Production deployment + +Implementing a new Keating app into production + +To add a new Keating app, several steps must be completed: + +1. First you need to create a new database for the new application instance in the existing production container `keating-prod-database`; + 1. `CREATE DATABASE database_name;` + 2. `CREATE USER user_name WITH ENCRYPTED PASSWORD 'password';` + 3. `GRANT ALL PRIVILEGES ON DATABASE database_name TO user_name;` + 4. `\c database_name` + 5. `GRANT CREATE ON SCHEMA public TO user_name;` +2. Then follow a few steps to prepare the files for application deployment + * add a new option in your workflow to be able to trigger a workflow for a specific Keating app user deployment - (example: pnowak); + * create a new directory in the specified path - `environment/prod/deployment/prod/apps` - the directory must be named like AppName option from workflow (example: pnowak); + * please remember that `env.prod` and `.env.prod.secrets` must be created in the indicated folder (btw. the SOPS_AGE encryption and decryption key is located on Infisical); + * then, to implement a new keating app, trigger the workflow by selecting the app name option that is to be implemented - (example: keating-prod-pnowak-app-container). +3. After a successful first deployment,you can execute the command in the application container: + * ProductionSeeder to run for application installation: `php artisan db:seed --class=ProductionSeeder` + * command `php artisan cache:flush` to flush cached page title and external schedule link From d70df93f86ad834616ad4c4620fa0f772b11ec87 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 1 Oct 2024 16:51:59 +0200 Subject: [PATCH 45/52] - update readme.md --- readme.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/readme.md b/readme.md index 164bb5fc..8e7d53f3 100644 --- a/readme.md +++ b/readme.md @@ -60,3 +60,6 @@ npm run lintf | app | keating-app-dev | [53851](http://localhost:53851) | | database | keating-db-dev | 53853 | | redis | keating-redis-dev | 53852 | + +### Further reading +* [Production deployment](./readme.prod.md) From f7679b88ee11cb5deac38620c4c99cdf6150c93b Mon Sep 17 00:00:00 2001 From: Blusia Date: Wed, 2 Oct 2024 09:25:07 +0200 Subject: [PATCH 46/52] - update post-deploy-actions --- environment/prod/deployment/scripts/post-deploy-actions.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/environment/prod/deployment/scripts/post-deploy-actions.sh b/environment/prod/deployment/scripts/post-deploy-actions.sh index 9a05a04b..683c5a2e 100644 --- a/environment/prod/deployment/scripts/post-deploy-actions.sh +++ b/environment/prod/deployment/scripts/post-deploy-actions.sh @@ -6,5 +6,6 @@ set -e ARTISAN_PATH="/application/artisan" php ${ARTISAN_PATH} migrate --force && \ +php ${ARTISAN_PATH} storage:link && \ php ${ARTISAN_PATH} optimize && \ php ${ARTISAN_PATH} cache:flush From 6f17c2e24e6f04af4eeed2acee8291ea07bc3f9b Mon Sep 17 00:00:00 2001 From: Blusia Date: Wed, 2 Oct 2024 09:29:44 +0200 Subject: [PATCH 47/52] - update name and readme.md --- readme.prod.md => production_deployment.md | 0 readme.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename readme.prod.md => production_deployment.md (100%) diff --git a/readme.prod.md b/production_deployment.md similarity index 100% rename from readme.prod.md rename to production_deployment.md diff --git a/readme.md b/readme.md index 8e7d53f3..6e3d18b9 100644 --- a/readme.md +++ b/readme.md @@ -62,4 +62,4 @@ npm run lintf | redis | keating-redis-dev | 53852 | ### Further reading -* [Production deployment](./readme.prod.md) +* [Production deployment](./production_deployment.md) From f4a381a777634cc862a81af478e2977c27287af9 Mon Sep 17 00:00:00 2001 From: Blusia Date: Wed, 2 Oct 2024 09:58:15 +0200 Subject: [PATCH 48/52] - add info --- production_deployment.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/production_deployment.md b/production_deployment.md index e9c03e3a..66625cb2 100644 --- a/production_deployment.md +++ b/production_deployment.md @@ -19,3 +19,5 @@ To add a new Keating app, several steps must be completed: 3. After a successful first deployment,you can execute the command in the application container: * ProductionSeeder to run for application installation: `php artisan db:seed --class=ProductionSeeder` * command `php artisan cache:flush` to flush cached page title and external schedule link + +`btw. if the first deployment has not yet taken place on the target server and there is no container, especially a database one, the first implementation will give a negative result in GHA - after the first start of the deployment, a database container will be created, then we can proceed to the steps contained in the instructions.` From 8ae14d8aca70c403ccce42187359c8a82b6c5d3c Mon Sep 17 00:00:00 2001 From: Blusia Date: Mon, 7 Oct 2024 15:21:22 +0200 Subject: [PATCH 49/52] - update production_deployment.md --- production_deployment.md | 1 + 1 file changed, 1 insertion(+) diff --git a/production_deployment.md b/production_deployment.md index 66625cb2..8aba7837 100644 --- a/production_deployment.md +++ b/production_deployment.md @@ -11,6 +11,7 @@ To add a new Keating app, several steps must be completed: 3. `GRANT ALL PRIVILEGES ON DATABASE database_name TO user_name;` 4. `\c database_name` 5. `GRANT CREATE ON SCHEMA public TO user_name;` + 6. `CREATE EXTENSION IF NOT EXISTS unaccent;` 2. Then follow a few steps to prepare the files for application deployment * add a new option in your workflow to be able to trigger a workflow for a specific Keating app user deployment - (example: pnowak); * create a new directory in the specified path - `environment/prod/deployment/prod/apps` - the directory must be named like AppName option from workflow (example: pnowak); From eaa3182b7f79fd1d415e35529428416972e1b161 Mon Sep 17 00:00:00 2001 From: Blusia Date: Thu, 10 Oct 2024 11:56:14 +0200 Subject: [PATCH 50/52] - added Hosts for krewak app --- environment/prod/deployment/prod/apps/krewak/.env.prod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index fa7559de..3995e986 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -6,7 +6,8 @@ COMPOSE_PROJECT_NAME=keating-prod-krewak TRAEFIK_ENABLED=true KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE="Host(`krzysztofrewak.collegiumwitelona.pl`)" +TRAEFIK_ROUTER_RULE="Host(`krzysztofrewak.collegiumwitelona.pl`) || Host(`pwsz.rewak.pl`) || Host(`cwup.rewak.pl`)" + DB_CONNECTION=pgsql DB_DATABASE=krewak From 3dcc9ace5023c517e1d64b9721bd8b5efe0abf34 Mon Sep 17 00:00:00 2001 From: Blusia Date: Fri, 11 Oct 2024 09:51:53 +0200 Subject: [PATCH 51/52] - deleted inactive host --- environment/prod/deployment/prod/apps/krewak/.env.prod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod b/environment/prod/deployment/prod/apps/krewak/.env.prod index 3995e986..57d927e7 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod @@ -6,7 +6,7 @@ COMPOSE_PROJECT_NAME=keating-prod-krewak TRAEFIK_ENABLED=true KEATING_HOST_NAME=krzysztofrewak.collegiumwitelona.pl APP_URL=https://${KEATING_HOST_NAME}/ -TRAEFIK_ROUTER_RULE="Host(`krzysztofrewak.collegiumwitelona.pl`) || Host(`pwsz.rewak.pl`) || Host(`cwup.rewak.pl`)" +TRAEFIK_ROUTER_RULE="Host(`pwsz.rewak.pl`) || Host(`cwup.rewak.pl`)" DB_CONNECTION=pgsql From d8adeaf54451ea850a355f977bb2aa7108920d97 Mon Sep 17 00:00:00 2001 From: Blusia Date: Tue, 22 Oct 2024 07:40:28 +0200 Subject: [PATCH 52/52] - add sentry to .env.prod --- .../prod/apps/eskrzypacz/.env.prod.secrets | 23 ++++++++++--------- .../prod/apps/kpiech/.env.prod.secrets | 23 ++++++++++--------- .../prod/apps/krewak/.env.prod.secrets | 23 ++++++++++--------- .../prod/apps/kzygadlo/.env.prod.secrets | 23 ++++++++++--------- 4 files changed, 48 insertions(+), 44 deletions(-) diff --git a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets index beb16a97..355b7578 100644 --- a/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/eskrzypacz/.env.prod.secrets @@ -1,14 +1,15 @@ -APP_KEY=ENC[AES256_GCM,data:4lUXTgPfXLBQl0Yf80ItZvtBgaXsFR8/dDyZ1uaOQu8iJeXOFkNK1VDmthRgZZQOO4cL,iv:KttmOBe/Zjk1GpNIrp1KRB7Fjo+0KGJeh9n9hIcFfhw=,tag:UF9+TLnwqsDPnFOzswbeKQ==,type:str] -DB_HOST=ENC[AES256_GCM,data:FZa4l1d0cjNfc8at2M22LWGR40lK,iv:/Fg9yWh8H0BZ37c9x8M75mgWT8kDR9OGVpvItzakzTU=,tag:FGOjOPCgnAOw9yhN6qyDOg==,type:str] -DB_PORT=ENC[AES256_GCM,data:2WsXsA==,iv:KcI6/vjnVAkHLEvQ+ktsDmtpIcwpKg42tNKzjcpWFlQ=,tag:1R6H8FaXj73SmV1zd64iyw==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:vkv0YxwLqcrhnSoK4X+nbFeJGNA=,iv:PgKp6n1UMFGzeufJyj35qJJ/S0odipvMBcqBnWaTuTM=,tag:aUYa6rMHYb0lcxAA7H1KVA==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:QMIzIsZhi6MhYQ==,iv:tFa73Kzv1f9qtPdDMo52eDMZ/Vyi7XafJj0+CvesBkQ=,tag:bxPkUi0+zzeTxOplj9hjtQ==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:a76eFQYUZdbU+WA5iT4vHeuIJIQ=,iv:Xj4hf502AvkyIeboprxCM4n45TkuYgBJZkNF7tCz/mA=,tag:oM0CYqUksWVhS5hopEg57g==,type:str] -REDIS_HOST=ENC[AES256_GCM,data:+2Wx0Epi46tjKhMtFPIBhLR8,iv:QJfic4fPgmmrM8Da5OeOfvJggRIc1BzB1Q6fMWWLccs=,tag:sVacLOoJ9xbc3Qa5WdgDYg==,type:str] -REDIS_PORT=ENC[AES256_GCM,data:IVxOng==,iv:5csznKbCfSfVz5te8fXjaLQ8pwDK3l1iJnX7UFPHxHs=,tag:6exUv7to7a4ta87+KZofRA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBld2ZybGVKMWdxSDJ0dFlj\nc2RDNnZhQTY2aHdBQXk5clZJUy9aZmtKdkJvCnJzUWpHdmdEc1drOG9NdmMyazVJ\nRFhsTWpya2JZaHE4dGt4N0FoSEdSQXMKLS0tIFdZN0U2VEN3U2VNRHlob0hOWVlo\nZWEwN09NY0haWjNKZ1RiUEsxbmJVY00KaL3dSz3uFzdS3+S9r0RT0lCPuLDl7rFS\nAAuOltzwZNFLym7pgOQfG3yGPutsn/U2HCLBvbb34TW9FVG8N+e67w==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:hb/ZfDIh+SN6eTqc+yNqw0SzrMVpghThfI+AYa0Sf0jSmux9WAOX7otEVzArO9s9pj+T,iv:cpJPkFCkwU0ZBQQ4OR+nznltASHTOZEzeN+NQvh/8rM=,tag:GrwQCdzWYvwLXYRpKPHVHw==,type:str] +DB_HOST=ENC[AES256_GCM,data:e24Z8QCKjc+gGChv+u3/iBY/+XLi,iv:CfExgC6gBjUQ9WYRBmmC+lM6scLB1ng0eogv547FHok=,tag:2vDGcuv+emxtbt4KIUWbzA==,type:str] +DB_PORT=ENC[AES256_GCM,data:wM4cEg==,iv:+B6x/3Vsw4ndsYQwbSSHHPYb3p0eZdwIWV63NNYQsto=,tag:obann9mKYrPqyWWKAu0gGQ==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:q5b/s7d7v2/UmQlGETiuXKgFO8U=,iv:OyvSw6zLId1deJaUdfWA43NpdklDI1aW9tUvYcChqHw=,tag:WUIrBIVXFZH4s07T01cnjQ==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:ZA7Z64IUW5gktw==,iv:VjOvYN/JzIe9a/We96SmXBT6LZ8hSoJuA4m79acb8i8=,tag:O94j0q1H4gAWFtZtn5po5Q==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:dGuekXE64EyL76b4U+e3235xIug=,iv:Cr7rPVpyQUFzQ781zrIKzVcHTwT5CuHVb/dZazokBII=,tag:MPwh2Og5M68yqP4UG4XPpA==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:DiatVVsTzjDK7EsFN92XGvxH,iv:/UzAK8WsIzixtr40pmj4mD9SQfV/PyyYr9GWzE9UDkg=,tag:fNuWxdQbZef8pG3zZWMcSQ==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:1tTosQ==,iv:hiBfC3BLC8R7CDkb90UHSc0X2NgG/H5hUVOfGAp2lTA=,tag:kaLAeCozYXDubGac34g7rg==,type:str] +SENTRY_LARAVEL_DSN=ENC[AES256_GCM,data:05sFU0f6qgxLMr2RZ8fGkqQf6ofN2I6mq0xcmBKLvd/sL4PaYXEnldXfpViJkyl7XD8RU5sMCEgJLrRZGhauXqkaq2deWPHXP2o2li7RMpYbhCs/gt5gPIp+pVIeZGc=,iv:wvMFYhWVFWb7zZ8Uw5Otj5K13ESYcymA+CPDZRPNnVY=,tag:5j9PdcVe5WtvoWiEHnHDhQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4L3Z3YjgzcTJYcDRUblE4\nSGxVQjNNVkdGdmdpT0pCY1lVNVZuSm9OaHlNCnQ2bVhDTURxdWUxY1F3TG1jK1du\nb0JVMWZQZHM5S3paV2M5M1B2QUZVdHMKLS0tIENsRHRTalU2dThzUXFtOTNFdkRh\nNFlnMmFheVVlazZ0L0I5SnJTbkJ2RmcKuqqcpH6cDsnwcfVCSm1LQdkdu2wHqHg9\ny/oLLgtrn3nQVrmPkIxR1kaF/FKtCAnz+nsMSjwaQBktuOFjp5S4Pw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-26T14:07:13Z -sops_mac=ENC[AES256_GCM,data:nS5aL+RqKEzb2jEVWfB8GGMuIz/M9HlYE61WtyOoC58VGf9LJER2Ehu9aMaOc4W8DAn36hVzbsN5/C7ZK3BzpLmTYIUYwQdPr5fH0N5VbbCMtz/DLAV7cIWPMag5KxIp6yvv3U8jekLIX8lV433Wc4AHcd95ZTU5sl67LaDDMzA=,iv:brXSJnnlWvi1WApVAQxv86QzmlNwIniWSH45JhJiDfs=,tag:mBoyUHNkerZQBUMkK2dd3A==,type:str] +sops_lastmodified=2024-10-22T05:39:09Z +sops_mac=ENC[AES256_GCM,data:hJcyYVHA0LeHUYbsyAkCNo9Gc9ytMzWGpZD7xSqYQLHah5rKBvPLLGCqjaDt076ovqGfPgMUf7jlO9+gFJu0HzVWuzxFstlmBT4f7hOuzjwYQc4FuLkxUxfQFD+1PKR4JaVpvhIrCwGdaBGolCuWpRBauBp1tJs2iwnlgoBEsWA=,iv:+kmXtcQEDsX6jsnzH925vC/aN6Bd0dm4L9R72+l4Ghw=,tag:4Fdo5EHuGxqyCe3YswWnmQ==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets index 94e6693d..b73d3963 100644 --- a/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kpiech/.env.prod.secrets @@ -1,14 +1,15 @@ -APP_KEY=ENC[AES256_GCM,data:5mMbVbTnxOMGCaTeaeYspowAvxgQ6muCOyG9LmMmoWWiGDBgmzT/tpqrdBJn8tup4CZJ,iv:8SSnepAKz3dKfnZNhs4FF9Jc0fyXNf8AGUvi/nyfyAU=,tag:ku9PxEDU3rvsy973zrN5gg==,type:str] -DB_HOST=ENC[AES256_GCM,data:X2gjelvSz5H1HdN8grFtn58nUN1v,iv:VrvOikIOy/G6B+KfDrsGcz0WB12+0JUdWEyZ0st6yU8=,tag:cqOYoV9l9HZzgERlgSGmtw==,type:str] -DB_PORT=ENC[AES256_GCM,data:kM4RVw==,iv:n2F+LKNSUP0fDVp1y9o8MTuthwap7kwgWVMXf1FVBG0=,tag:1PO0F0YbBe11JdAQ35Ycvg==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:7fQ9ZU8ZSQUWFii8lsBtYbs0Opk=,iv:5cB1RboUBLJqwoJhUq+ML/dZ/0rGLM+YoeSOP7hWOek=,tag:Yt0OrSzEcO8s47DWHdhBfQ==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:wbKJmZ/s,iv:xnlmcnWPqCJ6bLSTBHe2oKbr7cYm3XN0r8SC/fy0wS8=,tag:JTIVuDCRNd8SMlzQiU67mw==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data://cfR7YBKNZebcFgiKFDm25vCgg=,iv:h3hPH2/OwC1C3CNZdDeNswJmt49enPzW0Y8k0goW0v0=,tag:HJzHZXz6mQZXYgjggl8YtA==,type:str] -REDIS_HOST=ENC[AES256_GCM,data:Z9cIp+zIpJBfRDLMDxIKAUrL,iv:6a6HGThH79JDNf9CYHeKDtMfxUs0dtW3MTVl5W+C0GI=,tag:uuHwBpa0x/8K5m9zu2MtXA==,type:str] -REDIS_PORT=ENC[AES256_GCM,data:gDQLqA==,iv:45Lxn9gE3a5QnX4I0LcGlVqjoKpv1oeCE+Bdv4oQEjs=,tag:q3mgEtoswMQff4Dl4iJtzA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYdld0Uk9xYVBKR0ZQdlF3\nME5Zb3hwWkpjWFFVdEJYRnFnTkxXMXd4TUdvCnBFRllpSGY5aGY3QzU3UUJMQUtH\nSlZPRDBtOXBmMnJuTXdZaUV0S3FVRGMKLS0tIEx5V1dzZmFaVXgycFRDTXg5dDM3\nNFBCQlBPWHZ3NWdJQkd1YW9hUUpOak0Kyoq3+nwhJIBFzI2lthulz7Fuv0sv9XP+\nXA4/EavCygUZJ7abWGAdJY3f40IU4QpxqL6VyVc5/IeO0sEjYFRp/g==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:4kU6ha7/Rgg0V1gs9EFDPRoyae6xE4NKeFzd//3EZcepci5FLsuU5QRuYMp+b65pCoho,iv:dvFrvtfoKhy9aZnOSRauPDWjiojRiRJTppu2l33LKpk=,tag:PFh01v59pNhxOWVRx4bknQ==,type:str] +DB_HOST=ENC[AES256_GCM,data:0ENXGH5WKzSrnY68RLep6KHU+Yhu,iv:BI5DXCG4TK1IAvI0q0MkoLDKggoLrT9sBg4I+BoABLk=,tag:/JvNsI5T0Qq2xYshVWkL7g==,type:str] +DB_PORT=ENC[AES256_GCM,data:nVLZtA==,iv:EYK+LcaEvljpVa/XnO7yoxeu07NCMU1PILNU/qn6z/g=,tag:donSOud5/HvCT7xfcv3PDw==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:vo0dCHsx40IbTSvlkktIS2Fp7fY=,iv:47A6WR/GpwyP48fu/4h7xLVAN86y9ZVzm7YC/osDWEY=,tag:Xmn5g1lpbdnRtyGO6nDeWA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:SYodtlR4,iv:IYbI1CJPZQnK0i3QG+HvYST8hHwJKXwGbsNIwtjuP/0=,tag:iQSGjoqd+EwGxujwWmK4ew==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:uFxMGVEfYbQ/Q9cB5Va/XEFmJhQ=,iv:uXMy/X6Ji9Cp3QdtqANFAHKdXQZMmGkCr16Zi90wwE8=,tag:Bn+6WwRgWu2IkSmQj6nLWQ==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:kCcdqEWAhr+H8XcunEIriP3s,iv:mC0y9gIlJvt37O9AbSs4iUkt97hGXmGbMd9R+qZ4zbo=,tag:+OmrlYVzYMBnWHgKDYIzPw==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:v/6hSg==,iv:KY1Duemhe+7FUzrVW/+qtscUTSmyRPGS5ja82jP7m4w=,tag:ma3YLU7/uKXuG6tiu3kpVQ==,type:str] +SENTRY_LARAVEL_DSN=ENC[AES256_GCM,data:3tnvpFtDFWMIzdeZ+UvqYfI+88YR+hZq6Nq3EYaKgaCRDNIiV0TXo34VQg5xj8pYvRqqqArGJJtNn0NP/yhYjJ5oMEpf0LLSFvtIH2pvMfCjWa6FxH4J+DSP3hb8mik=,iv:Yl/yV298ElPeXwO5gDcMs3ZqeG7GM5FcAOm31MjotEU=,tag:6J6KM8RFabkBkyDReuJMhQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLa0FPTHBIeEFtajc5Q0dw\nYzFONU1DaElRYVdVK29VbGU3ZEx1QTJZUzNBCm9pVnpyVno4T3JXM1lpR1RQYUNC\nYmhGTHJONTUzT0s5Uk9HekI1cE1rR2sKLS0tIGhTUzFRUUhMRlFNQWdRVWI2eWJn\nQWtZSGlSQm83c044NHhkNHRiL0N5Z3cK9fKHFNAyNohxwx9xCRcO65mWwZgadzIT\nJUdOJdrvkxgIP64tdNwlMjIIt/xxmU1Sl/xsbH27VUajmevta4SE9Q==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-26T14:09:31Z -sops_mac=ENC[AES256_GCM,data:PpSnxDqRYqhBwjAOYNEBtMqnRKEB1HHSCK4QqDrItnmWDQ5V8VZAJEyyYVP7DSWV1SV8c7xHFJjDmu73LB36+tzA9en8pIKQGorNUt3R+FiFW4erVhGlD2tP+hYeNA1rrJ9JmSeluPLGYNnmnZvgIPbKMbpnebFCvsFQ4Ct/i7w=,iv:XtUCdYpO85qA6Gfpo9cO4ZvWxVh0HPsN+tAweqgWOr8=,tag:m8BdfKRthxRAeZFHM/2zZw==,type:str] +sops_lastmodified=2024-10-22T05:38:55Z +sops_mac=ENC[AES256_GCM,data:mHmMzYQg4FUvjcD+FBOuxib6mTCnvqK0XG1sD7WszPB6/sO7qKKGC4+Dh1N949TkcbwCunwJgAVrapOrOQMJD4AMIu55nEcRQrH4OWDcEAZjCHYX/A5TBmdx1kN2ftIFy0lgjpuMJxb7Uzub2ZcYlnjPp1V/9hHg5ERSDkn2Ul0=,iv:tZ2XT7sLDbs0tV5rSUpMoPY3u8rqegtmo1D6ZwFoJZQ=,tag:KdRPI8gQYOwZTyEVHn31rw==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets index a729d991..e7472b86 100644 --- a/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/krewak/.env.prod.secrets @@ -1,14 +1,15 @@ -APP_KEY=ENC[AES256_GCM,data:m+HAMlXUrA1+zI+Hi+O96cGTGN71M42yfJ3r6Ifn4y9gls4SzOr/+tpW1LfX+zCJxnpo,iv:jhJ/skQBBHXaboLV1OpQhnY1kBcAYanuhrOGnfDzX4U=,tag:bu0DGVzv7ShpCNwQA9fH5w==,type:str] -DB_HOST=ENC[AES256_GCM,data:8X0rkaVe7Pz+Q6hRaNHxnip4Ub45,iv:07qBaR/2vw5TCXocIUW9tWpXv+NUgr5vpINz1niA7PE=,tag:o4WTS4K2zdb25XOOg18slQ==,type:str] -DB_PORT=ENC[AES256_GCM,data:jiF3lA==,iv:2g89kkZOf7JiHtofKO1rdpGKx/Ei7MZc0zKRInKEdxI=,tag:TULJv65Gb7n48y2oob7L5g==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:GOcv6D8IA8aZGENEGiUwUCVCk8o=,iv:m6Gq/d+fnciYFVgy1FzpzjKxXAl9iAph5dpwEie/tDc=,tag:9UBBpshlX3mHBV9yKj5CrA==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:3LAIHlvw,iv:hav5ZtdMq/OSbpXoGuwJ1E7q+J9IjsUBXWKeqwFLqrI=,tag:r8dQiZ0PNRdQuGcLXiBXpg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:z5nROADHFah2z7VvoBXy4b1D2Dc=,iv:9cG5k5k0Rys+2yxMS1cJsnrq2rImzrjL8g+EEICjOxE=,tag:uJaWFHTvaDql218x9mI5pg==,type:str] -REDIS_HOST=ENC[AES256_GCM,data:ZOG1ZY0ufsuoW6GrDiCcUYzC,iv:GJDUs40Lj8R6r2OIKlhCbJXXubSvHZbfyV3cKBB0wTY=,tag:m6lrGvLVqcf9eTAtdzFA5w==,type:str] -REDIS_PORT=ENC[AES256_GCM,data:xZ8knw==,iv:MGAxb+fCy+nN9tjAbsCedSedUNArlKfXSRMacNUNLYQ=,tag:DpZbOJC3GEhi/fL0UZrzkg==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eEdQcDdaWGJZcHZZeldV\nY0dBUXEwZE1nU0hqUUZhQ0hyd0xTVVlGRjJrClRYV2h5bXNYcW1pUkFuY2lQSU1u\nOGgrMVVQTmNKU1A3cGNjQm04WDFXWTgKLS0tIFVTWlJRZUhtUklqUVNYNnUyR3Yx\nekFZdTgxUHVCSnY5Zkc4UkRWT0lLMGcKVhKjLkUic/WSuHCBf7VCeNafkHKW6hLt\n62kIhXUzIHbUEZMmPMrTq8iv72pWz4LbOc701KVCLNpXlekCsHzkHQ==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:DFxaueDkLFZv3slgirmngLfk/68KfCHDlLFnoVWQrNHyBcae5m2Dt9x+zpKI1Ov6Izj2,iv:fMd3ryiPZvIyj6JU/teNl2u7jLvPKj2YzzcoPDutTKE=,tag:ZL1OPgCYBU6x4nf3SR3Xjg==,type:str] +DB_HOST=ENC[AES256_GCM,data:yQPRLse3h3yGfoaFkVbZQXGc83n8,iv:z9VmTXK5zdeuBvVE/U6PzjrkG0iGZzkP/Jl8WYZcu6w=,tag:wmyhx2plEa7vN/e51P1lRQ==,type:str] +DB_PORT=ENC[AES256_GCM,data:RM/hHA==,iv:sgNUKrA45gsBgsGjICjfE8Y/q4LG2ZXxijMBxqJbN24=,tag:gti36hW1If1fxvqpDDoa1g==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:LctIyCoRaI42nBFhPP7f9Nmk48c=,iv:wUKBWYWkRQqJTQ1cStvZMwPoR+86XflOo9EJAOpqpVc=,tag:JvWCyei3fQQu7hdAeGJtmg==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:LlF/lhGJ,iv:nr63/YZpNwIg0Wi6ie6lMzlo52f+yxZjO9f4Ju4HJlE=,tag:qv9s+xZ4Fue60GFQu7Ka5A==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:ixsdcCesCKwIpgvRiJkTpoRgnrk=,iv:7o7SCXl7iLia4M4EIqWAL6w3Y6yZAekVpUtITcKmfVs=,tag:WA85UPBzE+Bn+AEgOk/OKQ==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:Lxddh0B2WthCwNq7l2M6Fdh7,iv:YpCSnT+ChemHBv8IcqBPn3+I+qNvodwdMhYxR/i7DHk=,tag:P4tjgUgLsmWAEx27j8BNjw==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:JkRyxw==,iv:dliVaKQhAAZMci6EZ6/dgIt0fuEzauf7Kz27pAXCqrM=,tag:8WYigRnykJBnKJECVKsGQw==,type:str] +SENTRY_LARAVEL_DSN=ENC[AES256_GCM,data:gGH8TQAxCnOgrjoU0ze6+N45WpPWPInHSorauZAHVPFDD+xd5VxIpSw1wywXQOO8uW7h5RIZLGcAVLwEWXThamVHdBRTasnsuBj91hvm+/bMjm7QoVL09zflYCRD/1Y=,iv:E2S1IRSQQGxfvgjFBwCl0YLvo/WBlY79TPuhocCUo4A=,tag:iB8E38/ebvOYRzb1+H848g==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTXB6QWU4SWhkTVlEYmh2\nSGgwQ0drSkJYeGxvc3ZBYXV6QlE4a1liTmlZCmFrK3hLdjVrNkNIVWljMWZzZWkx\nK0hIM3VrYTlIeWdMZDE1bHVVK1N5a2MKLS0tIHp0MXR0SStSQVZEQU9ObElSWHF6\nbW1MWW5LYmMvSXhxV0NNY0hsNmRCVDgKtpWX6heJmPvapZm93wRuDzc9FHFgdi8C\nI8bO5eJDA0+DWCz2TahXHjv1L3lqvcMrq673SNwQ3WcE9kzWcI6paw==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-26T07:33:59Z -sops_mac=ENC[AES256_GCM,data:tBVWLKfF1TNAgNgFabmeZ4hps0j9fUX34pofHvjhpuqtJMsVx3V+8x/A1s1B9FWxaDDCnJ2pslNI6AMRnfhlMDd1vf5zUXrg0SIzzBykofaNPpvD7OyBugmqq061g9GRnUbptEkJGH2JeOV77HKM7FQSEFpT0L4Our2WOPBes3g=,iv:M9iYujw03mK9rnijlOkk9W29ZxwOXuH01QnXrDIUWCY=,tag:2d85q81cEg3OQt7c+DFm3w==,type:str] +sops_lastmodified=2024-10-22T05:38:51Z +sops_mac=ENC[AES256_GCM,data:XoKFFW90PVP8qMT5J28+ramFnmYavUcSL3jq+2gJwGHH2q7PImhBOUbF3FvETXEAniu7lr6361xNIfvmoU9++hhbodaAuDlXdeOnuJZN35ueTZdZgyz1GMDhDg5ql8KGDYPzibsvlftLxpCJC0rIip4FAsooydv3uX4rMwTXFl0=,iv:Tj66LEA56ut8raiQJiW1wUMtG21tm8Es8xx4R7QQm+8=,tag:UJjNVwSeb3B8Of4++OCXcg==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1 diff --git a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets index 82e7ddb1..a7ecd22b 100644 --- a/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets +++ b/environment/prod/deployment/prod/apps/kzygadlo/.env.prod.secrets @@ -1,14 +1,15 @@ -APP_KEY=ENC[AES256_GCM,data:oc+49yAZ+flv8H/8T6tZv73Vv9Z6JW8pUXfejecCH2mqB+235PjIipIOdyIm+Y9tezzd,iv:hMRb/V3gEZo8yIhsYTIGZEXmupkLdpjlt3KqDefbywQ=,tag:nJj8zyB0z6Gb0Ns2VuWgVQ==,type:str] -DB_HOST=ENC[AES256_GCM,data:oel4lE3e6EWQMBfbCWGfPC9Ou49N,iv:3KvLSK40t6POkpEzRLhsUNIbbn5ZE26WNNec/bf3NHg=,tag:3x0SCGcebSfntP8ayxKo0Q==,type:str] -DB_PORT=ENC[AES256_GCM,data:LUNJBg==,iv:xcX52AYWO+SJmyW4u+NoxOptI0iSG1IoZbRWvfRWasQ=,tag:e0+ezNVIKuOGD9vyYdok6Q==,type:str] -DB_ROOT_PASSWORD=ENC[AES256_GCM,data:JletDNyoAN025pJZsFXGC8tkO2A=,iv:jb54xoxEIWH050rqEEajFeFRgU1YJKeTPWLgw7qxolk=,tag:6pzehxbYd00F0hzwWccPlQ==,type:str] -DB_USERNAME=ENC[AES256_GCM,data:RnvSVQ8SeEg=,iv:+FsSqUZzE7xkTMZYWxpkoeiVBajjcQx0Mplq/EEw5e4=,tag:Ufo829aLP8ePqJlTqZIxPg==,type:str] -DB_PASSWORD=ENC[AES256_GCM,data:6XpNsGBfFfx73yxwwzFYANtKaY8=,iv:wZeX8LNpVuBUhwtQ5BAb+o8TsPAHhwz/r5HRphEdnUM=,tag:KocsY1v2RJkHl6276UtJcA==,type:str] -REDIS_HOST=ENC[AES256_GCM,data:qhaWxkZrkrcQUAq3GEDFQTGV,iv:SDRw24diS4qwS7mH2tHU01WUgV5TfJCRpZDPlnaOVFQ=,tag:uQe8UTHNwYRNU62aBBHUbg==,type:str] -REDIS_PORT=ENC[AES256_GCM,data:Q76cFw==,iv:+2To7aQGUqtjzBcs4mloyiH2CctB0n056adG+OBIoV4=,tag:sZG8R14d3CAZ3SNTDkAQtQ==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVNG1LUHVaY3hoOGxYSHR6\nMkFJd1gvN3pxN0NUTXMyTHB2QzR5VUFscUI4Clc5MzdYMER4ejlIVElmNWNObTRM\nVS9IbWExaDZUaHp0Z2lIQzk3R3BhU1kKLS0tIFY1TXJoUDZ4VTAxTi9QNkFjQzNh\naW0vUU9NamcxWkdqbmtuVEt6RnpSNk0KWru0/EhOyBrg7u3o+CEkFvbEN3jLTPRt\nmCt3ufvu6KdtN8G0q5OqoF873cNBJsNnGdNk1+bQlGEZ0TqnX5+pew==\n-----END AGE ENCRYPTED FILE-----\n +APP_KEY=ENC[AES256_GCM,data:v/vJIPh7cr/17NmVwF2pmWwsA7ebEYdTxmfMIy50QKdT2FmPO+RJpA1Pxv5/zemnSorE,iv:l218RqcaoM2lf43w91Zun0Bdcs4MEJmCyuegkj3Jgdk=,tag:95/ERa+G7dl06r/FDjAUEA==,type:str] +DB_HOST=ENC[AES256_GCM,data:v6hjAaVH/sItSn2qtWuq+4ZmkN6S,iv:JsmpcLzh+Mz+84yiwMSJaFPpb9Og6jHqua7/rAwFjKw=,tag:YpO4GYkniddiwn/3uPOz/w==,type:str] +DB_PORT=ENC[AES256_GCM,data:G2oW0Q==,iv:pbItCJGZMKkl8dUFYGBq9FUL69STAjp8Gjt43UJrWRg=,tag:foyA58uFbgRF+n9/rDIukg==,type:str] +DB_ROOT_PASSWORD=ENC[AES256_GCM,data:iTFPEz5xz4xoO9t/MPatQhzw1LU=,iv:2cJnPsJVyrfVISqZcN1kcrXG/d5WsgBFD6oFfeoyv4k=,tag:VbsjkdRUsmNjJiywGLohgA==,type:str] +DB_USERNAME=ENC[AES256_GCM,data:6UveT80la/I=,iv:b4Mi80Tc53h43rUShPXU46uJ4a7f+85ViDRddCSXOtg=,tag:GLDInMDTD6PChoWxaCE05g==,type:str] +DB_PASSWORD=ENC[AES256_GCM,data:ZpJSdBKC+cfx0Dertdtfw4zU1qo=,iv:CAz383XJSjB564E0yg/zFLFnwWeEfrXFFsyrvD1Kc8o=,tag:ld4Y1xzQvvw8MlQLn9JnBg==,type:str] +REDIS_HOST=ENC[AES256_GCM,data:pGVvv1E1ru2HRh4ZCa2Lhsn5,iv:7/09+DHsXUa4oSFLoHAU//ZXTho7ubsBtmn6vGfjoX0=,tag:GWywLDwA3y4Y9ZLVjnfFhw==,type:str] +REDIS_PORT=ENC[AES256_GCM,data:52EnXQ==,iv:Mu+6E4+Zkooq0X3Rg2n3Sf3ouWqmlDg5gE+PbzftKIs=,tag:IfS8p+OG3eFusf+uQX9Pyw==,type:str] +SENTRY_LARAVEL_DSN=ENC[AES256_GCM,data:2a8loOHvgxSGhf40nmJ7fN6wqLCFcSJ80J+Q/SXmSePOL23pfrtNIzxIyXNB7N7e79MxramfAQjGk7baK24zs8TKlVaPTnxsgKuWZQsRaEK+sD/YZX+3TsGKIOMruns=,iv:Se3hRsj/Ah+iexgRZNgMmPnfqDQ1YGo8PtnvFeGEL94=,tag:JH6HQad3I1ivdyIUZxDfFQ==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmOVI2Y2pTOTMrUnZGc2th\ncjUvdHJQR3FmTWRReTZsUXJkSENjWFc1RkZrCm5FVi8yd0ZoNHFleHl0STMzS1NR\ncUpUMklFV05uRjN0SzFYMlZBYktDVlkKLS0tIENQaWl3dGNqVGk1SDRmcGdKMnda\nZWROOUFSUU1uTHRQV1VRQWpGQ1FiSHcKaKj3mx5HSbrOub4UKVCcRttf/FfUcizO\nHhLvj+WLRXQC8oR/Quib/9QIo8NXcHK3JTFCi1lQ7AhniS7KGqeRDQ==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1h8wnpa5lx2vgn2h64lgpeanuct8q2tvzxvn5xmvms7exmwvmu9zq5str5w -sops_lastmodified=2024-09-26T14:10:12Z -sops_mac=ENC[AES256_GCM,data:sPh0/w77nAKQpe0jWi+y2M1acAprxj0lJL0Z5EFMV09uTS9FPWECisVc3+IhChOVC+pgW6Reqzo+M7SY9Ccycexx2vlz4vxnSU8k9k1MdbdB6T6LDBWJdokV4c4+dblEnHCEWln/hrnTIzLy8zoCzKeYMB7z7of6P0TvO1mZfFA=,iv:BAv+LDZ/B5EXmJMOOVi7SAzF5bwe6RWyZhXS6t9VKe4=,tag:aRR4Ng0QgWXwhAfymafwng==,type:str] +sops_lastmodified=2024-10-22T05:39:05Z +sops_mac=ENC[AES256_GCM,data:fzE10nL429L8hQHO9axP6bsFLlKLDs3XgvZuCrmwidEejdwhYDYJHJZrVAWcIgBxkWeHw638T9ehOywktfiJRjwRmqfjp6ltk9gvsZwNErrmYozXhCNiNhNtoPULO9Uk5yjL5enfBckX1N3Wl5Gnqq+S9Zu8ArZHfg92YWnbU1Y=,iv:8V7uhZWqC5S0isly9PYySF7t0/oEEjHD4Tr8RyKor64=,tag:7Y5VS2Flk8z/0W3W4Rk9UA==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.8.1