zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-06-29 07:43:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

Respond to PR review

Browse source
This commit is contained in:
Seamus Johnston 2022-08-18 14:51:14 -05:00
parent 7754923278
commit e45da58a4a
No known key found for this signature in database
GPG key ID: 2F21225985069105
4 changed files with 68 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/deploy.yaml vendored
View file

@ -1,5 +1,11 @@
name: Build and deploy name: Build and deploy
# This workflow runs on pushes to main (typically,
# a merged pull request) and on pushes of tagged commits.
# Pushes to main will deploy to Unstable; tagged commits
# will deploy to Staging
on: on:
push: push:
branches: branches:

2
docs/architecture/decisions/0007-python-buildpack.md
View file

@ -12,6 +12,8 @@ We had previously drafted ADRs to use Docker to build images for containerized d
Cloud.gov uses Cloud Foundry which provides several “buildpacks”. These are automated environments which will take a code repository of a certain language and do the usual setup steps to prepare a deployment of that code. In the case of Python, this means automated detection of Pipfile and installation of packages. Cloud.gov uses Cloud Foundry which provides several “buildpacks”. These are automated environments which will take a code repository of a certain language and do the usual setup steps to prepare a deployment of that code. In the case of Python, this means automated detection of Pipfile and installation of packages.
We do not anticipate needing a custom buildpack, because our current use case falls completely within the Python buildpack's purview.
## Decision ## Decision
To use Cloud Foundrys Python buildpack. To use Cloud Foundrys Python buildpack.

59
docs/ops/README.md Normal file
View file

@ -0,0 +1,59 @@
# Operations
========================
## Authenticating
You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/).
We use the V7 Cloud Foundry CLI.
```shell
cf login -a api.fr.cloud.gov --sso
```
After authenticating, make sure you are targeting the correct org and space!
```bash
cf spaces
cf target -o <ORG> -s <SPACE>
```
## Rotating Environment Secrets
Secrets were originally created with:
```sh
cf cups getgov-credentials -p credentials-<ENVIRONMENT>.json
```
Where `credentials-<ENVIRONMENT>.json` looks like:
```json
{
"DJANGO_SECRET_KEY": "EXAMPLE",
...
}
```
You can see the current environment with `cf env <APP>`, for example `cf env getgov-dev`.
The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-<ENVIRONMENT>.json`.
To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it, then restage the app.
Example:
```bash
cf uups getgov-credentials -p credentials-unstable.json
cf restage getgov-dev --strategy rolling
```
Non-secret environment variables can be declared in `manifest-<ENVIRONMENT>.json` directly.
## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).

57
ops/README.md
View file

@ -3,59 +3,4 @@
This directory contains files related to deploying or running the application(s). This directory contains files related to deploying or running the application(s).
## Authenticating Documentation is in [docs/ops](../docs/ops).
You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/).
We use the V7 Cloud Foundry CLI.
```shell
cf login -a api.fr.cloud.gov --sso
```
After authenticating, make sure you are targeting the correct org and space!
```bash
cf spaces
cf target -o <ORG> -s <SPACE>
```
## Rotating Secrets
Secrets were originally created with:
```sh
cf cups getgov-credentials -p credentials-<ENVIRONMENT>.json
```
Where `credentials-<ENVIRONMENT>.json` looks like:
```json
{
"DJANGO_SECRET_KEY": "EXAMPLE",
...
}
```
You can see the current environment with `cf env <APP>`, for example `cf env getgov-dev`.
The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-<ENVIRONMENT>.json`.
To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it, then restage the app.
Example:
```bash
cf uups getgov-credentials -p credentials-dev.json
cf restage getgov-dev --strategy rolling
```
Non-secret environment variables can be declared in `manifest-<ENVIRONMENT>.json` directly.
## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).