zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-05-16 17:47:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Create dev sandboxes scripts and first sandbox (#370)

Browse source 
* Add templates, scripts, and process documentation for creating and destroying developer sandboxes

* Create developer sandbox 'lmm' infrastructure

* fix up newlines

* fix action syntax pull_request

* add a line about the public.crt to developer docs

* add docs about branch conventions

* add new developer sandbox 'ik' infrastructure

* Add new developer sandbox 'nmb' infrastructure

* Add new developer sandbox 'sspj' infrastructure

* Add new developer sandbox 'mr' infrastructure

* make github actions dynamic by environment

* trying something out with dynamic github action for dev sandbox

* consolidate github actions to dynamic action

* try out run name

* combo run name and name

* respond to comments
This commit is contained in:
Logan McDonald 2023-01-20 09:50:36 -08:00 committed by GitHub
parent 6a54bf1ff4
commit 508e5384cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 524 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/developer-onboarding.md vendored
View file

@ -83,4 +83,4 @@ export GPG_TTY
We have two types of environments: stable, and sandbox. Stable gets deployed via tagged release every sprint, and developer sandboxes are given to get.gov developers to mess around in a production-like environment without disrupting stable. Each sandbox is namespaced and will automatically be deployed too when the appropriate branch syntax is used for that space in an open pull request. There are several things you need to setup to make the sandbox work for a developer.
TKTK: Actual steps for setting up a new developer sandbox automation.
All automation for setting up a developer sandbox is documented in the scripts for [creating a developer sandbox](../../ops/scripts/create_dev_sandbox.sh) and [removing a developer sandbox](../../ops/scripts/destroy_dev_sandbox.sh). A Cloud.gov organization administrator will have to perform the script in order to create the sandbox.

51
.github/workflows/deploy-sandbox.yaml vendored Normal file
View file

@ -0,0 +1,51 @@
# This workflow runs on pushes when a pull request is opened under certain branch conventions.
name: Build and deploy developer sandbox
run-name: Build and deploy developer sandbox for branch ${{ github.ref_name }}
on:
pull_request:
paths-ignore:
- 'docs/**'
branches:
- 'ik/**'
- 'sspj/**'
- 'lmm/**'
- 'nmb/**'
- 'mr/**'
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Split branch name
env:
BRANCH: ${{ github.ref_name }}
id: split
run: echo "::set-output name=fragment::${BRANCH##*/}"
- name: Set secrets
id: secret
run: |
echo "::set-output name=cf_username::CF_${{ steps.split.outputs.fragment }}_USERNAME"
echo "::set-output name=cf_password::CF_${{ steps.split.outputs.fragment }}_PASSWORD"
- name: Compile USWDS assets
working-directory: ./src
run: |
docker compose run node npm install &&
docker compose run node npx gulp copyAssets &&
docker compose run node npx gulp compile
- name: Collect static assets
working-directory: ./src
run: docker compose run app python manage.py collectstatic
- name: Deploy to cloud.gov sandbox
uses: 18f/cg-deploy-action@main
env:
DEPLOY_NOW: thanks
with:
cf_username: ${{ secrets[steps.secret.outputs.cf_username] }}
cf_password: ${{ secrets[steps.secret.outputs.cf_password] }}
cf_org: cisa-getgov-prototyping
cf_space: ${{ steps.split.outputs.fragment }}
push_arguments: "-f ops/manifests/manifest-${{ steps.split.outputs.fragment }}.yaml"

7
.github/workflows/deploy.yaml → .github/workflows/deploy-stable.yaml vendored
View file

@ -1,8 +1,7 @@
name: Build and deploy
# This workflow runs on pushes of tagged commits.
# "Releases" of tagged commits will deploy selected branch to stable.
# "Releases" of tagged commits will deploy `main` to Stable.
name: Build and deploy stable for tagged release
on:
push:
@ -14,8 +13,6 @@ on:
jobs:
deploy-stable:
# if this job runs on a tag, we deduce that code
# has been tagged for release and should be deployed to stable
if: ${{ github.ref_type == 'tag' }}
runs-on: ubuntu-latest
steps:

40
.github/workflows/loaddata.yaml vendored
View file

@ -1,40 +0,0 @@
name: Reset database
# This workflow can be run from the CLI
# gh workflow run loaddata.yaml -f environment=stable
# OR
# cf run-task getgov-stable --wait \
# --command 'python manage.py flush' --name flush
# cf run-task getgov-stable --wait \
# --command 'python manage.py load' --name loaddata
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Where should we load data
options:
- stable
jobs:
reset-db-stable:
if: ${{ github.event.inputs.environment == 'stable' }}
runs-on: ubuntu-latest
steps:
- name: Delete existing data for stable
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets.CF_STABLE_USERNAME }}
cf_password: ${{ secrets.CF_STABLE_PASSWORD }}
cf_org: cisa-getgov-prototyping
cf_space: stable
full_command: "cf run-task getgov-stable --wait --command 'python manage.py flush --no-input' --name flush"
- name: Load fake data for stable
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets.CF_STABLE_USERNAME }}
cf_password: ${{ secrets.CF_STABLE_PASSWORD }}
cf_org: cisa-getgov-prototyping
cf_space: stable
full_command: "cf run-task getgov-stable --wait --command 'python manage.py load' --name loaddata"

36
.github/workflows/migrate.yaml vendored
View file

@ -1,31 +1,37 @@
name: Run migrations
# This workflow can be run from the CLI
# gh workflow run migrate.yaml -f environment=sandbox
# This workflow can be run from the CLI for any environment
# gh workflow run migrate.yaml -f environment=ENVIRONMENT
# OR
# cf run-task getgov-stable --wait \
# --command 'python manage.py migrate' --name migrate
# cf run-task getgov-ENVIRONMENT --command 'python manage.py migrate' --name migrate
name: Migrate data
run-name: Run migrations for ${{ github.event.inputs.environment }}
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Where should we run migrations
description: Which environment should we run migrations for?
options:
- stable
- lmm
- ik
- sspj
- nmb
- mr
jobs:
migrate-stable:
if: ${{ github.event.inputs.environment == 'stable' }}
migrate:
runs-on: ubuntu-latest
env:
CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
steps:
- name: Run Django migrations for stable
- name: Run Django migrations for ${{ github.event.inputs.environment }}
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets.CF_STABLE_USERNAME }}
cf_password: ${{ secrets.CF_STABLE_PASSWORD }}
cf_username: ${{ secrets[env.CF_USERNAME] }}
cf_password: ${{ secrets[env.CF_PASSWORD] }}
cf_org: cisa-getgov-prototyping
cf_space: stable
full_command: "cf run-task getgov-stable --wait --command 'python manage.py migrate' --name migrate"
cf_space: ${{ github.event.inputs.environment }}
full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py migrate' --name migrate"

47
.github/workflows/reset-db.yaml vendored Normal file
View file

@ -0,0 +1,47 @@
# This workflow can be run from the CLI
# gh workflow run reset-db.yaml -f environment=ENVIRONMENT
# OR
# cf run-task getgov-ENVIRONMENT --command 'python manage.py flush' --name flush
# cf run-task getgov-ENVIRONMENT --command 'python manage.py load' --name loaddata
name: Reset database
run-name: Reset database for ${{ github.event.inputs.environment }}
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: Which environment should we flush and re-load data for?
options:
- stable
- lmm
- ik
- sspj
- nmb
- mr
jobs:
reset-db:
runs-on: ubuntu-latest
env:
CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
steps:
- name: Delete existing data for ${{ github.event.inputs.environment }}
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets[CF_USERNAME] }}
cf_password: ${{ secrets[CF_PASSWORD] }}
cf_org: cisa-getgov-prototyping
cf_space: ${{ github.event.inputs.environment }}
full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py flush --no-input' --name flush"
- name: Load fake data for ${{ github.event.inputs.environment }}
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets[env.CF_USERNAME] }}
cf_password: ${{ secrets[env.CF_PASSWORD] }}
cf_org: cisa-getgov-prototyping
cf_space: ${{ github.event.inputs.environment }}
full_command: "cf run-task getgov-${{ github.event.inputs.environment }} --wait --command 'python manage.py load' --name loaddata"

4
docs/developer/README.md
View file

@ -18,6 +18,10 @@ If you're new to Django, see [Getting Started with Django](https://www.djangopro
Visit the running application at [http://localhost:8080](http://localhost:8080).
## Branch Conventions
We use the branch convention of `initials/branch-topic` (ex: `lmm/fix-footer`). This allows for automated deployment to a developer sandbox namespaced to the initials.
## Setting Vars
Non-secret environment variables for local development are set in [src/docker-compose.yml](../../src/docker-compose.yml).

8
docs/developer/database-access.md
View file

@ -5,7 +5,7 @@ You can connect to a Cloud.gov database using the
After installing it, use the command
```shell
cf connect-to-service getgov-SANDBOXNAME getgov-SANDBOXNAME-databse
cf connect-to-service getgov-ENVIRONMENT getgov-ENVIRONMENT-databse
```
to get a `psql` shell on the sandbox environment's database.
@ -18,13 +18,13 @@ command in the correct environment. For any developer environment, developers
can manually run the task with
```shell
cf run-task getgov-SANDBOXNAME --command 'python manage.py migrate' --name migrate
cf run-task getgov-ENVIRONMENT --command 'python manage.py migrate' --name migrate
```
Optionally, load data from fixtures as well
```shell
cf run-task getgov-SANDBOXNAME --wait --command 'python manage.py load' --name loaddata
cf run-task getgov-ENVIRONMENT --wait --command 'python manage.py load' --name loaddata
```
For the `stable` environment, developers don't have credentials so we need to
@ -37,7 +37,7 @@ the "Run workflow" button, making sure that `stable` is selected.
To run the `dumpdata` command, you'll need to ssh to a running container. `cf run-task` is useless for this, as you will not be able to see the output.
```shell
cf ssh getgov-SANDBOXNAME
cf ssh getgov-ENVIRONMENT
/tmp/lifecycle/shell # this configures your environment
./manage.py dumpdata
```

2
docs/operations/runbooks/rotate_application_secrets.md
View file

@ -55,3 +55,5 @@ Encode it using:
```bash
base64 private.pem
```
You also need to upload the `public.crt` key if recently created to the login.gov identity sandbox: https://dashboard.int.identitysandbox.gov/

27
ops/manifests/manifest-ik.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-ik
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-ik.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-ik.app.cloud.gov
services:
- getgov-credentials
- getgov-ik-database

27
ops/manifests/manifest-lmm.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-lmm
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-lmm.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-lmm.app.cloud.gov
services:
- getgov-credentials
- getgov-lmm-database

27
ops/manifests/manifest-mr.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-mr
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-mr.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-mr.app.cloud.gov
services:
- getgov-credentials
- getgov-mr-database

27
ops/manifests/manifest-nmb.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-nmb
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-nmb.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-nmb.app.cloud.gov
services:
- getgov-credentials
- getgov-nmb-database

27
ops/manifests/manifest-sspj.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-sspj
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-sspj.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-sspj.app.cloud.gov
services:
- getgov-credentials
- getgov-sspj-database

144
ops/scripts/create_dev_sandbox.sh Executable file
View file

@ -0,0 +1,144 @@
# This script sets up a completely new Cloud.gov CF Space with all the corresponding
# infrastructure needed to run get.gov. It can serve for documentation for running
# NOTE: This script was written for MacOS and to be run at the root directory.
if [ -z "$1" ]; then
echo 'Please specify a new space to create (i.e. lmm)' >&2
exit 1
fi
if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
exit 1
fi
upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
git checkout -b new-dev-sandbox-$1
fi
cf target -o cisa-getgov-prototyping
read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
cf login -a https://api.fr.cloud.gov --sso
fi
gh auth status
read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
gh auth login
fi
echo "Creating manifest for $1..."
cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
echo "Adding new environment to settings.py..."
sed -i '' '/getgov-stable.app.cloud.gov/ {a\
'\"getgov-$1.app.cloud.gov\"',
}' src/registrar/config/settings.py
echo "Creating new cloud.gov space for $1..."
cf create-space $1
cf target -o "cisa-getgov-prototyping" -s $1
cf bind-security-group public_networks_egress cisa-getgov-prototyping --space $1
cf bind-security-group trusted_local_networks_egress cisa-getgov-prototyping --space $1
echo "Creating new cloud.gov DB for $1. This usually takes about 5 minutes..."
cf create-service aws-rds micro-psql getgov-$1-database
until cf service getgov-$1-database | grep -q 'The service instance status is succeeded'
do
echo "Database not up yet, waiting..."
sleep 30
done
echo "Creating new cloud.gov credentials for $1..."
django_key=$(python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
openssl req -nodes -x509 -days 365 -newkey rsa:2048 -keyout private-$1.pem -out public-$1.crt
login_key=$(base64 private-$1.pem)
jq -n --arg django_key "$django_key" --arg login_key "$login_key" '{"DJANGO_SECRET_KEY":$django_key,"DJANGO_SECRET_LOGIN_KEY":$login_key}' > credentials-$1.json
cf cups getgov-credentials -p credentials-$1.json
echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
echo "There are two things to update."
echo "1. You need to upload the public-$1.crt file generated as part of the previous command."
echo "2. You need to add two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
https://getgov-$1.app.cloud.gov/openid/callback/logout/ to the list of URIs."
read -p "Please confirm when this is done (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
echo "Database create succeeded and credentials created. Deploying the get.gov application to the new space $1..."
echo "Building assets..."
open -a Docker
cd src/
./build.sh
cd ..
cf push getgov-$1 -f ops/manifests/manifest-$1.yaml
read -p "Please provide the email of the space developer: " -r
cf set-space-role $REPLY cisa-getgov-prototyping $1 SpaceDeveloper
read -p "Should we run migrations? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
cf run-task getgov-$1 --command 'python manage.py migrate' --name migrate
fi
echo "Alright, your app is up and running at https://getgov-$1.app.cloud.gov!"
echo
echo "Moving on to setup Github automation..."
echo "Adding new environment to Github Actions..."
sed -i '' '/ - stable/ {a\
- '"$1"'
}' .github/workflows/reset-db.yaml
sed -i '' '/ - stable/ {a\
- '"$1"'
}' .github/workflows/migrate.yaml
sed -i '' '/ branches:/ {a\
- '"'$1/**'"'
}' .github/workflows/deploy-sandbox.yaml
echo "Creating space deployer for Github deploys..."
cf create-service cloud-gov-service-account space-deployer github-cd-account
cf create-service-key github-cd-account github-cd-key
cf service-key github-cd-account github-cd-key
read -p "Please confirm we should set the above username and key to Github secrets. (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
cf service-key github-cd-account github-cd-key | sed 1,2d | jq -r '[.username, .password]|@tsv' |
while read -r username password; do
gh secret --repo cisagov/getgov set CF_${upcase_name}_USERNAME --body $username
gh secret --repo cisagov/getgov set CF_${upcase_name}_PASSWORD --body $password
done
read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
git add ops/manifests/manifest-$1.yaml .github/workflows/ src/registrar/config/settings.py
git commit -m "Add new developer sandbox '"$1"' infrastructure"
gh pr create
fi

80
ops/scripts/destroy_dev_sandbox.sh Executable file
View file

@ -0,0 +1,80 @@
# This script tears down a Cloud.gov CF Space with all corresponding infrastructure.
# NOTE: This script was written for MacOS and to be run at the root directory.
if [ -z "$1" ]; then
echo 'Please specify a new space to remove (i.e. lmm)' >&2
exit 1
fi
if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
exit 1
fi
upcase_name=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
read -p "Are you on a new branch? We will have to commit this work. (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
git checkout -b remove-dev-sandbox-$1
fi
cf target -o cisa-getgov-prototyping -s $1
read -p "Are you logged in to the cisa-getgov-prototyping CF org above? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
cf login -a https://api.fr.cloud.gov --sso
fi
gh auth status
read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
gh auth login
fi
echo "Removing Github keys and service account..."
cf delete-service-key github-cd-account github-cd-key
cf delete-service github-cd-account
gh secret --repo cisagov/getgov remove CF_${upcase_name}_USERNAME
gh secret --repo cisagov/getgov remove CF_${upcase_name}_PASSWORD
echo "Removing files used for $1..."
rm .github/workflows/deploy-$1.yaml
rm ops/manifests/manifest-$1.yaml
sed -i '' "/getgov-$1.app.cloud.gov/d" src/registrar/config/settings.py
sed -i '' "/- $1/d" .github/workflows/reset-db.yaml
sed -i '' "/- $1/d" .github/workflows/migrate.yaml
sed -i '' "/- $1/d" .github/workflows/deploy-sandbox.yaml
echo "Cleaning up services, applications, and the Cloud.gov space for $1..."
cf delete getgov-$1
cf delete-service getgov-$1-database
cf delete-service getgov-credentials
cf delete-space $1
echo "Now you will need to update some things for Login. Please sign-in to https://dashboard.int.identitysandbox.gov/."
echo "Navigate to our application config: https://dashboard.int.identitysandbox.gov/service_providers/2640/edit?"
echo "There are two things to update."
echo "1. You need to remove the public-$1.crt file."
echo "2. You need to remove two redirect URIs: https://getgov-$1.app.cloud.gov/openid/callback/login/ and
https://getgov-$1.app.cloud.gov/openid/callback/logout/ from the list of URIs."
read -p "Please confirm when this is done (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
exit 1
fi
read -p "All done! Should we open a PR with these changes? (y/n) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
git add ops/manifests/manifest-$1.yaml .github/workflows/deploy-$1.yaml src/registrar/config/settings.py
git commit -m "Remove developer sandbox '"$1"' infrastructure"
gh pr create
fi

27
ops/scripts/manifest-sandbox-template.yaml Normal file
View file

@ -0,0 +1,27 @@
---
applications:
- name: getgov-ENVIRONMENT
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: ./run.sh
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
# Tell Django where it is being hosted
DJANGO_BASE_URL: https://getgov-ENVIRONMENT.app.cloud.gov
# Tell Django how much stuff to log
DJANGO_LOG_LEVEL: INFO
routes:
- route: getgov-ENVIRONMENT.app.cloud.gov
services:
- getgov-credentials
- getgov-ENVIRONMENT-database

6
src/registrar/config/settings.py
View file

@ -512,10 +512,14 @@ SECURE_SSL_REDIRECT = True
# web server configurations.
ALLOWED_HOSTS = [
"getgov-stable.app.cloud.gov",
"getgov-mr.app.cloud.gov",
"getgov-sspj.app.cloud.gov",
"getgov-nmb.app.cloud.gov",
"getgov-ik.app.cloud.gov",
"getgov-lmm.app.cloud.gov",
"get.gov",
]
# Extend ALLOWED_HOSTS.
# IP addresses can also be hosts, which are used by internal
# load balancers for health checks, etc.