Merge pull request #20 from scientist-softserv/i5-deploy-oauth-config

i5 Directly commit and deploy oauth config file
notch8 · Jul 27, 2024 · 1322f05 · 1322f05
2 parents 394e1d8 + 66aa922
commit 1322f05
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 63 deletions.
diff --git a/.env.development b/.env.development
@@ -28,6 +28,3 @@ RAILS_DB_HOST=postgres
 RAILS_DB_PORT=5432
 RAILS_DB_NAME=manifold_production
 RAILS_REDIS_URL=redis://redis:6379
-
-CAS_CLIENT_ID=AAABBBCCCDDDEEEFFF
-CAS_CLIENT_SECRET=AAABBBCCCDDDEEEFFF
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,7 +1,4 @@
-# This file is modeled after:
-# - github.com/scientist-softserv/actions/blob/v0.0.22/.github/workflows/deploy.yaml
-# This is so that we can inject the step "Load secrets into OAuth config" into the deployment
-name: Deploy
+name: "Deploy"
 run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }}
 on:
   workflow_dispatch:
@@ -19,49 +16,7 @@ on:
         required: false
         default: false
 
-env:
-  REGISTRY: ghcr.io
-
 jobs:
-  deployment:
-    runs-on: ubuntu-latest
-    container: dtzar/helm-kubectl:3.9.4
-    environment: ${{ inputs.environment }}
-    env:
-      CAS_CLIENT_ID: ${{ secrets.CAS_CLIENT_ID }}
-      CAS_CLIENT_SECRET: ${{ secrets.CAS_CLIENT_SECRET }}
-      DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
-      HELM_EXPERIMENTAL_OCI: 1
-      HELM_EXTRA_ARGS: >
-        --values ops/${{ inputs.environment }}-deploy.yaml
-      HELM_RELEASE_NAME: ${{ github.event.repository.name }}-${{ inputs.environment }}
-      KUBECONFIG: ./kubeconfig.yml
-      KUBECONFIG_FILE: ${{ secrets.KUBECONFIG_FILE }}
-      KUBE_NAMESPACE: ${{ github.event.repository.name }}-${{ inputs.environment }}
-      REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
-      SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }}
-
-    steps:
-      - id: setup
-        name: Setup
-        uses: scientist-softserv/actions/[email protected]
-        with:
-          token: ${{ secrets.CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
-
-      - name: Setup tmate session
-        uses: mxschmitt/action-tmate@v3
-        if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
-        with:
-          limit-access-to-actor: true
-
-      - name: Load secrets into OAuth config
-        run: envsubst < api/config/oauth.tmpl.yml > api/config/oauth.yml;
-
-      - name: Do deploy
-        run: |
-          echo $KUBECONFIG_FILE | base64 -d > $KUBECONFIG;
-          DOLLAR=$ envsubst < ops/${{ inputs.environment }}-deploy.tmpl.yaml > ops/${{ inputs.environment }}-deploy.yaml;
-          export DEPLOY_TAG=${TAG};
-          export DEPLOY_IMAGE=ghcr.io/${REPO_LOWER};
-          export WORKER_IMAGE=ghcr.io/${REPO_LOWER}/worker;
-          ./bin/helm_deploy ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }} ${{ format('{0}-{1}', github.event.repository.name, inputs.environment) }}
+  deploy:
+    uses: scientist-softserv/actions/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@
 FROM ruby:2.7.8 as manifold-api
 RUN apt-get -o Acquire::Check-Valid-Until=false update
 RUN apt-get install -y libicu-dev postgresql-client nano curl software-properties-common ghostscript \
-    vim less gettext
+    vim less
 
 # We need Node and Mammoth for Word text ingestion
 RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
@@ -21,7 +21,6 @@ RUN sed -i '/<policy domain="coder" rights="none" pattern="PDF" \/>/d' \
 COPY api /opt/manifold/api
 WORKDIR /opt/manifold/api
 ENV RAILS_LOG_TO_STDOUT=1
-RUN envsubst < config/oauth.tmpl.yml > config/oauth.yml
 RUN gem install bundler:2.2.19
 RUN bundle install
 COPY bin/start-and-run /opt/manifold/api/start-and-run

diff --git a/api/.gitignore b/api/.gitignore
@@ -28,7 +28,6 @@ doc
 .generators
 /.rspec-local
 
-config/oauth.yml
 data/*
 !data/.gitkeep
 examples.txt

diff --git a/api/config/oauth.tmpl.yml → api/config/oauth.yml b/api/config/oauth.tmpl.yml → api/config/oauth.yml
@@ -1,18 +1,18 @@
 oauth:
   cas:
-    client_id: $CAS_CLIENT_ID
-    client_secret: $CAS_CLIENT_SECRET
     descriptive_name: Princeton CAS
     host: fed.princeton.edu
     protocol: https
-    email_key: 'mail'
-    name_key: 'displayname'
-    nickname_key: 'givenname'
-    uid_key: 'campusid'
-    # WARN: The values below are placeholders
+    # WARN: The values below are unused placeholders
+    client_id: AAABBBCCCDDDEEEFFF
+    client_secret: AAABBBCCCDDDEEEFFF
+    email_key: 'email'
+    name_key: 'name'
+    nickname_key: 'nickname'
+    uid_key: 'id'
     endpoints:
       authorize:
-        uri: '/cas/login'
+        uri: '/oauth/authorize'
         method: 'GET'
         query:
           another: 'param'