diff --git a/.github/ISSUE_TEMPLATE/developer-onboarding.md b/.github/ISSUE_TEMPLATE/developer-onboarding.md index 6383b1199..d90fd8ef9 100644 --- a/.github/ISSUE_TEMPLATE/developer-onboarding.md +++ b/.github/ISSUE_TEMPLATE/developer-onboarding.md @@ -83,4 +83,4 @@ export GPG_TTY We have two types of environments: stable, and sandbox. Stable gets deployed via tagged release every sprint, and developer sandboxes are given to get.gov developers to mess around in a production-like environment without disrupting stable. Each sandbox is namespaced and will automatically be deployed too when the appropriate branch syntax is used for that space in an open pull request. There are several things you need to setup to make the sandbox work for a developer. -TKTK: Actual steps for setting up a new developer sandbox automation. +All automation for setting up a developer sandbox is documented in the scripts for [creating a developer sandbox](../../ops/scripts/create_dev_sandbox.sh) and [removing a developer sandbox](../../ops/scripts/destroy_dev_sandbox.sh). A Cloud.gov organization administrator will have to perform the script in order to create the sandbox. diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml new file mode 100644 index 000000000..cbabebec5 --- /dev/null +++ b/.github/workflows/deploy-sandbox.yaml @@ -0,0 +1,51 @@ +# This workflow runs on pushes when a pull request is opened under certain branch conventions. + +name: Build and deploy developer sandbox +run-name: Build and deploy developer sandbox for branch ${{ github.ref_name }} + +on: + pull_request: + paths-ignore: + - 'docs/**' + + branches: + - 'ik/**' + - 'sspj/**' + - 'lmm/**' + - 'nmb/**' + - 'mr/**' + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Split branch name + env: + BRANCH: ${{ github.ref_name }} + id: split + run: echo "::set-output name=fragment::${BRANCH##*/}" + - name: Set secrets + id: secret + run: | + echo "::set-output name=cf_username::CF_${{ steps.split.outputs.fragment }}_USERNAME" + echo "::set-output name=cf_password::CF_${{ steps.split.outputs.fragment }}_PASSWORD" + - name: Compile USWDS assets + working-directory: ./src + run: | + docker compose run node npm install && + docker compose run node npx gulp copyAssets && + docker compose run node npx gulp compile + - name: Collect static assets + working-directory: ./src + run: docker compose run app python manage.py collectstatic + - name: Deploy to cloud.gov sandbox + uses: 18f/cg-deploy-action@main + env: + DEPLOY_NOW: thanks + with: + cf_username: ${{ secrets[steps.secret.outputs.cf_username] }} + cf_password: ${{ secrets[steps.secret.outputs.cf_password] }} + cf_org: cisa-getgov-prototyping + cf_space: ${{ steps.split.outputs.fragment }} + push_arguments: "-f ops/manifests/manifest-${{ steps.split.outputs.fragment }}.yaml" \ No newline at end of file diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy-stable.yaml similarity index 83% rename from .github/workflows/deploy.yaml rename to .github/workflows/deploy-stable.yaml index 005f43a91..4d59938e7 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy-stable.yaml @@ -1,8 +1,7 @@ -name: Build and deploy - # This workflow runs on pushes of tagged commits. +# "Releases" of tagged commits will deploy selected branch to stable. -# "Releases" of tagged commits will deploy `main` to Stable. +name: Build and deploy stable for tagged release on: push: @@ -14,8 +13,6 @@ on: jobs: deploy-stable: - # if this job runs on a tag, we deduce that code - # has been tagged for release and should be deployed to stable if: ${{ github.ref_type == 'tag' }} runs-on: ubuntu-latest steps: diff --git a/.github/workflows/loaddata.yaml b/.github/workflows/loaddata.yaml deleted file mode 100644 index 35a7c009d..000000000 --- a/.github/workflows/loaddata.yaml +++ /dev/null @@ -1,40 +0,0 @@ -name: Reset database - -# This workflow can be run from the CLI -# gh workflow run loaddata.yaml -f environment=stable -# OR -# cf run-task getgov-stable --wait \ -# --command 'python manage.py flush' --name flush -# cf run-task getgov-stable --wait \ -# --command 'python manage.py load' --name loaddata -on: - workflow_dispatch: - inputs: - environment: - type: choice - description: Where should we load data - options: - - stable - -jobs: - reset-db-stable: - if: ${{ github.event.inputs.environment == 'stable' }} - runs-on: ubuntu-latest - steps: - - name: Delete existing data for stable - uses: 18f/cg-deploy-action@main - with: - cf_username: ${{ secrets.CF_STABLE_USERNAME }} - cf_password: ${{ secrets.CF_STABLE_PASSWORD }} - cf_org: cisa-getgov-prototyping - cf_space: stable - full_command: "cf run-task getgov-stable --wait --command 'python manage.py flush --no-input' --name flush" - - - name: Load fake data for stable - uses: 18f/cg-deploy-action@main - with: - cf_username: ${{ secrets.CF_STABLE_USERNAME }} - cf_password: ${{ secrets.CF_STABLE_PASSWORD }} - cf_org: cisa-getgov-prototyping - cf_space: stable - full_command: "cf run-task getgov-stable --wait --command 'python manage.py load' --name loaddata" diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml index 85bf5019e..142f23a52 100644 --- a/.github/workflows/migrate.yaml +++ b/.github/workflows/migrate.yaml @@ -1,31 +1,37 @@ -name: Run migrations - -# This workflow can be run from the CLI -# gh workflow run migrate.yaml -f environment=sandbox +# This workflow can be run from the CLI for any environment +# gh workflow run migrate.yaml -f environment=ENVIRONMENT # OR -# cf run-task getgov-stable --wait \ -# --command 'python manage.py migrate' --name migrate +# cf run-task getgov-ENVIRONMENT --command 'python manage.py migrate' --name migrate + +name: Migrate data +run-name: Run migrations for ${{ github.event.inputs.environment }} on: workflow_dispatch: inputs: environment: type: choice - description: Where should we run migrations + description: Which environment should we run migrations for? options: - - stable + - stable + - lmm + - ik + - sspj + - nmb + - mr jobs: - migrate-stable: - if: ${{ github.event.inputs.environment == 'stable' }} + migrate: runs-on: ubuntu-latest + env: + CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME + CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD steps: - - name: Run Django migrations for stable + - name: Run Django migrations for ${{ github.event.inputs.environment }} uses: 18f/cg-deploy-action@main with: - cf_username: ${{ secrets.CF_STABLE_USERNAME }} - cf_password: ${{ secrets.CF_STABLE_PASSWORD }} + cf_username: ${{ secrets[env.CF_USERNAME] }} + cf_password: ${{ secrets[env.CF_PASSWORD] }} cf_org: cisa-getgov-prototyping - cf_space: stable - full_command: "cf run-task getgov-stable --wait --command 'python manage.py migrate' --name migrate" - + cf_space: ${{ github.event.inputs.environment }} + full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py migrate' --name migrate" diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml new file mode 100644 index 000000000..178f53dbf --- /dev/null +++ b/.github/workflows/reset-db.yaml @@ -0,0 +1,47 @@ +# This workflow can be run from the CLI +# gh workflow run reset-db.yaml -f environment=ENVIRONMENT +# OR +# cf run-task getgov-ENVIRONMENT --command 'python manage.py flush' --name flush +# cf run-task getgov-ENVIRONMENT --command 'python manage.py load' --name loaddata + +name: Reset database +run-name: Reset database for ${{ github.event.inputs.environment }} + +on: + workflow_dispatch: + inputs: + environment: + type: choice + description: Which environment should we flush and re-load data for? + options: + - stable + - lmm + - ik + - sspj + - nmb + - mr + +jobs: + reset-db: + runs-on: ubuntu-latest + env: + CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME + CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD + steps: + - name: Delete existing data for ${{ github.event.inputs.environment }} + uses: 18f/cg-deploy-action@main + with: + cf_username: ${{ secrets[CF_USERNAME] }} + cf_password: ${{ secrets[CF_PASSWORD] }} + cf_org: cisa-getgov-prototyping + cf_space: ${{ github.event.inputs.environment }} + full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py flush --no-input' --name flush" + + - name: Load fake data for ${{ github.event.inputs.environment }} + uses: 18f/cg-deploy-action@main + with: + cf_username: ${{ secrets[env.CF_USERNAME] }} + cf_password: ${{ secrets[env.CF_PASSWORD] }} + cf_org: cisa-getgov-prototyping + cf_space: ${{ github.event.inputs.environment }} + full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py load' --name loaddata" diff --git a/docs/developer/README.md b/docs/developer/README.md index dc2fd6a4c..59b28018b 100644 --- a/docs/developer/README.md +++ b/docs/developer/README.md @@ -18,6 +18,10 @@ If you're new to Django, see [Getting Started with Django](https://www.djangopro Visit the running application at [http://localhost:8080](http://localhost:8080). +## Branch Conventions + +We use the branch convention of `initials/branch-topic` (ex: `lmm/fix-footer`). This allows for automated deployment to a developer sandbox namespaced to the initials. + ## Setting Vars Non-secret environment variables for local development are set in [src/docker-compose.yml](../../src/docker-compose.yml). diff --git a/docs/developer/database-access.md b/docs/developer/database-access.md index 2be33c435..ff4da55e1 100644 --- a/docs/developer/database-access.md +++ b/docs/developer/database-access.md @@ -5,7 +5,7 @@ You can connect to a Cloud.gov database using the After installing it, use the command ```shell -cf connect-to-service getgov-SANDBOXNAME getgov-SANDBOXNAME-databse +cf connect-to-service getgov-ENVIRONMENT getgov-ENVIRONMENT-databse ``` to get a `psql` shell on the sandbox environment's database. @@ -18,13 +18,13 @@ command in the correct environment. For any developer environment, developers can manually run the task with ```shell -cf run-task getgov-SANDBOXNAME --command 'python manage.py migrate' --name migrate +cf run-task getgov-ENVIRONMENT --command 'python manage.py migrate' --name migrate ``` Optionally, load data from fixtures as well ```shell -cf run-task getgov-SANDBOXNAME --wait --command 'python manage.py load' --name loaddata +cf run-task getgov-ENVIRONMENT --wait --command 'python manage.py load' --name loaddata ``` For the `stable` environment, developers don't have credentials so we need to @@ -37,7 +37,7 @@ the "Run workflow" button, making sure that `stable` is selected. To run the `dumpdata` command, you'll need to ssh to a running container. `cf run-task` is useless for this, as you will not be able to see the output. ```shell -cf ssh getgov-SANDBOXNAME +cf ssh getgov-ENVIRONMENT /tmp/lifecycle/shell # this configures your environment ./manage.py dumpdata ``` diff --git a/docs/operations/runbooks/rotate_application_secrets.md b/docs/operations/runbooks/rotate_application_secrets.md index 149d99c22..942d1e51c 100644 --- a/docs/operations/runbooks/rotate_application_secrets.md +++ b/docs/operations/runbooks/rotate_application_secrets.md @@ -55,3 +55,5 @@ Encode it using: ```bash base64 private.pem ``` + +You also need to upload the `public.crt` key if recently created to the login.gov identity sandbox: https://dashboard.int.identitysandbox.gov/ diff --git a/ops/manifests/manifest-ik.yaml b/ops/manifests/manifest-ik.yaml new file mode 100644 index 000000000..6de3d3905 --- /dev/null +++ b/ops/manifests/manifest-ik.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-ik + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-ik.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-ik.app.cloud.gov + services: + - getgov-credentials + - getgov-ik-database diff --git a/ops/manifests/manifest-lmm.yaml b/ops/manifests/manifest-lmm.yaml new file mode 100644 index 000000000..96c503f44 --- /dev/null +++ b/ops/manifests/manifest-lmm.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-lmm + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-lmm.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-lmm.app.cloud.gov + services: + - getgov-credentials + - getgov-lmm-database diff --git a/ops/manifests/manifest-mr.yaml b/ops/manifests/manifest-mr.yaml new file mode 100644 index 000000000..3150d092d --- /dev/null +++ b/ops/manifests/manifest-mr.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-mr + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-mr.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-mr.app.cloud.gov + services: + - getgov-credentials + - getgov-mr-database diff --git a/ops/manifests/manifest-nmb.yaml b/ops/manifests/manifest-nmb.yaml new file mode 100644 index 000000000..6d8b806e4 --- /dev/null +++ b/ops/manifests/manifest-nmb.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-nmb + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-nmb.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-nmb.app.cloud.gov + services: + - getgov-credentials + - getgov-nmb-database diff --git a/ops/manifests/manifest-sspj.yaml b/ops/manifests/manifest-sspj.yaml new file mode 100644 index 000000000..2bbdcef59 --- /dev/null +++ b/ops/manifests/manifest-sspj.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-sspj + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-sspj.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-sspj.app.cloud.gov + services: + - getgov-credentials + - getgov-sspj-database diff --git a/ops/scripts/create_dev_sandbox.sh b/ops/scripts/create_dev_sandbox.sh new file mode 100755 index 000000000..c64e793fe --- /dev/null +++ b/ops/scripts/create_dev_sandbox.sh @@ -0,0 +1,144 @@ +# This script sets up a completely new Cloud.gov CF Space with all the corresponding +# infrastructure needed to run get.gov. It can serve for documentation for running +# NOTE: This script was written for MacOS and to be run at the root directory. + +if [ -z "$1" ]; then + echo 'Please specify a new space to create (i.e. lmm)' >&2 + exit 1 +fi + +if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then + echo "jq, cf, and gh packages must be installed. Please install via your preferred manager." + exit 1 +fi + +upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]') + +read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + git checkout -b new-dev-sandbox-$1 +fi + +cf target -o cisa-getgov-prototyping + +read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + cf login -a https://api.fr.cloud.gov --sso +fi + +gh auth status +read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + gh auth login +fi + +echo "Creating manifest for $1..." +cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml +sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml" + +echo "Adding new environment to settings.py..." +sed -i '' '/getgov-stable.app.cloud.gov/ {a\ + '\"getgov-$1.app.cloud.gov\"', +}' src/registrar/config/settings.py + +echo "Creating new cloud.gov space for $1..." +cf create-space $1 +cf target -o "cisa-getgov-prototyping" -s $1 +cf bind-security-group public_networks_egress cisa-getgov-prototyping --space $1 +cf bind-security-group trusted_local_networks_egress cisa-getgov-prototyping --space $1 + +echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..." +cf create-service aws-rds micro-psql getgov-$1-database + +until cf service getgov-$1-database | grep -q 'The service instance status is succeeded' +do + echo "Database not up yet, waiting..." + sleep 30 +done + +echo "Creating new cloud.gov credentials for $1..." +django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())') +openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt +login_key=$(base64 private-$1.pem) +jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json +cf cups getgov-credentials -p credentials-$1.json + +echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/." +echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?" +echo "There are two things to update." +echo "1. You need to upload the public-$1.crt file generated as part of the previous command." +echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and +https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs." +read -p "Please confirm when this is done (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + exit 1 +fi + +echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..." +echo "Building assets..." +open -a Docker +cd src/ +./build.sh +cd .. +cf push getgov-$1 -f ops/manifests/manifest-$1.yaml + +read -p "Please provide the email of the space developer: " -r +cf set-space-role $REPLY cisa-getgov-prototyping $1 SpaceDeveloper + +read -p "Should we run migrations? (y/n) " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]] +then + cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate +fi + +echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!" +echo +echo "Moving on to setup Github automation..." + +echo "Adding new environment to Github Actions..." +sed -i '' '/ - stable/ {a\ + - '"$1"' +}' .github/workflows/reset-db.yaml + +sed -i '' '/ - stable/ {a\ + - '"$1"' +}' .github/workflows/migrate.yaml + +sed -i '' '/ branches:/ {a\ + - '"'$1/**'"' +}' .github/workflows/deploy-sandbox.yaml + +echo "Creating space deployer for Github deploys..." +cf create-service cloud-gov-service-account space-deployer github-cd-account +cf create-service-key github-cd-account github-cd-key +cf service-key github-cd-account github-cd-key +read -p "Please confirm we should set the above username and key to Github secrets. (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + exit 1 +fi + +cf service-key github-cd-account github-cd-key | sed 1,2d | jq -r '[.username, .password]|@tsv' | +while read -r username password; do + gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username + gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password +done + +read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]] +then + git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py + git commit -m "Add new developer sandbox '"$1"' infrastructure" + gh pr create +fi diff --git a/ops/scripts/destroy_dev_sandbox.sh b/ops/scripts/destroy_dev_sandbox.sh new file mode 100755 index 000000000..733476c2c --- /dev/null +++ b/ops/scripts/destroy_dev_sandbox.sh @@ -0,0 +1,80 @@ +# This script tears down a Cloud.gov CF Space with all corresponding infrastructure. +# NOTE: This script was written for MacOS and to be run at the root directory. + +if [ -z "$1" ]; then + echo 'Please specify a new space to remove (i.e. lmm)' >&2 + exit 1 +fi + +if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then + echo "jq, cf, and gh packages must be installed. Please install via your preferred manager." + exit 1 +fi + +upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]') + +read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + git checkout -b remove-dev-sandbox-$1 +fi + +cf target -o cisa-getgov-prototyping -s $1 + +read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + cf login -a https://api.fr.cloud.gov --sso +fi + +gh auth status +read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + gh auth login +fi + +echo "Removing Github keys and service account..." +cf delete-service-key github-cd-account github-cd-key +cf delete-service github-cd-account +gh secret --repo cisagov/getgov remove CF_${upcase_name}_USERNAME +gh secret --repo cisagov/getgov remove CF_${upcase_name}_PASSWORD + +echo "Removing files used for $1..." +rm .github/workflows/deploy-$1.yaml +rm ops/manifests/manifest-$1.yaml +sed -i '' "/getgov-$1.app.cloud.gov/d" src/registrar/config/settings.py +sed -i '' "/- $1/d" .github/workflows/reset-db.yaml +sed -i '' "/- $1/d" .github/workflows/migrate.yaml +sed -i '' "/- $1/d" .github/workflows/deploy-sandbox.yaml + +echo "Cleaning up services, applications, and the Cloud.gov space for $1..." +cf delete getgov-$1 +cf delete-service getgov-$1-database +cf delete-service getgov-credentials +cf delete-space $1 + +echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/." +echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?" +echo "There are two things to update." +echo "1. You need to remove the public-$1.crt file." +echo "2. You need to remove two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and +https://getgov-$1.app.cloud.gov/openid/callback/logout/ from the list of URIs." +read -p "Please confirm when this is done (y/n) " -n 1 -r +echo +if [[ ! $REPLY =~ ^[Yy]$ ]] +then + exit 1 +fi + +read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r +echo +if [[ $REPLY =~ ^[Yy]$ ]] +then + git add ops/manifests/manifest-$1.yaml .github/workflows/deploy-$1.yaml src/registrar/config/settings.py + git commit -m "Remove developer sandbox '"$1"' infrastructure" + gh pr create +fi diff --git a/ops/scripts/manifest-sandbox-template.yaml b/ops/scripts/manifest-sandbox-template.yaml new file mode 100644 index 000000000..aafc8e481 --- /dev/null +++ b/ops/scripts/manifest-sandbox-template.yaml @@ -0,0 +1,27 @@ +--- +applications: +- name: getgov-ENVIRONMENT + buildpacks: + - python_buildpack + path: ../../src + instances: 1 + memory: 512M + stack: cflinuxfs3 + timeout: 180 + command: ./run.sh + health-check-type: http + health-check-http-endpoint: /health + env: + # Send stdout and stderr straight to the terminal without buffering + PYTHONUNBUFFERED: yup + # Tell Django where to find its configuration + DJANGO_SETTINGS_MODULE: registrar.config.settings + # Tell Django where it is being hosted + DJANGO_BASE_URL: https://getgov-ENVIRONMENT.app.cloud.gov + # Tell Django how much stuff to log + DJANGO_LOG_LEVEL: INFO + routes: + - route: getgov-ENVIRONMENT.app.cloud.gov + services: + - getgov-credentials + - getgov-ENVIRONMENT-database diff --git a/src/registrar/config/settings.py b/src/registrar/config/settings.py index ade2f3bed..81b9f27b8 100644 --- a/src/registrar/config/settings.py +++ b/src/registrar/config/settings.py @@ -512,10 +512,14 @@ SECURE_SSL_REDIRECT = True # web server configurations. ALLOWED_HOSTS = [ "getgov-stable.app.cloud.gov", + "getgov-mr.app.cloud.gov", + "getgov-sspj.app.cloud.gov", + "getgov-nmb.app.cloud.gov", + "getgov-ik.app.cloud.gov", + "getgov-lmm.app.cloud.gov", "get.gov", ] - # Extend ALLOWED_HOSTS. # IP addresses can also be hosts, which are used by internal # load balancers for health checks, etc.