Merge branch 'main' into ik/setup-uswds

2025-07-24 19:48:36 +02:00 · 2022-09-12 18:22:14 -04:00 · 2022-09-12 18:22:14 -04:00 · 0561d1f0ae
commit 0561d1f0ae
parent f27b38902c edc0593859
23 changed files with 552 additions and 101 deletions
--- a/ops/manifests/manifest-staging.yaml
+++ b/ops/manifests/manifest-staging.yaml
@ -0,0 +1,23 @@
+---
+applications:
+- name: getgov-staging
+  buildpacks:
+    - python_buildpack
+  path: ../../src
+  instances: 1
+  memory: 512M
+  stack: cflinuxfs3
+  timeout: 180
+  command: gunicorn registrar.config.wsgi -t 60
+  health-check-type: http
+  health-check-http-endpoint: /health
+  env:
+    # Send stdout and stderr straight to the terminal without buffering
+    PYTHONUNBUFFERED: yup
+    # Tell Django where to find its configuration
+    DJANGO_SETTINGS_MODULE: registrar.config.settings
+  routes:
+    - route: getgov-staging.app.cloud.gov
+  services:
+  - getgov-credentials
+  - getgov-staging-database
--- a/ops/scripts/rotate_cloud_secrets.sh
+++ b/ops/scripts/rotate_cloud_secrets.sh
@ -0,0 +1,45 @@
+# NOTE: This script does not work with cf v8. We recommend using cf v7 for all cloud.gov commands.
+if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
+    echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
+    exit 1
+fi
+
+if [ -z "$1" ]; then
+    echo 'Please specify a space to target (i.e. unstable, staging)' >&2
+    exit 1
+fi
+
+cf target -o cisa-getgov-prototyping -s $1
+read -p "Are you logged in to the cisa-getgov-prototyping CF org above and targeting the correct space? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    cf login -a https://api.fr.cloud.gov --sso
+fi
+
+gh auth status
+read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    gh auth login
+fi
+
+echo "Great, removing and replacing Github CD account..."
+cf target -s $1
+cf delete-service-key github-cd-account github-cd-key
+cf create-service-key github-cd-account github-cd-key
+cf service-key github-cd-account github-cd-key
+read -p "Please confirm we should set the above username and key to Github secrets. (y/n) " -n 1 -r
+echo
+if [[ ! $REPLY =~ ^[Yy]$ ]]
+then
+    exit 1
+fi
+
+upcase_space=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
+cf service-key github-cd-account github-cd-key | sed 1,2d  | jq -r '[.username, .password]|@tsv' | 
+while read -r username password; do
+    gh secret --repo cisagov/getgov set CF_${upcase_space}_USERNAME --body $username
+    gh secret --repo cisagov/getgov set CF_${upcase_space}_PASSWORD --body $password
+done