zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-06-29 07:43:32 +02:00
Code Issues Projects Releases Packages Wiki Activity

Respond to PR review

Browse source
This commit is contained in:
Seamus Johnston 2022-08-18 14:51:14 -05:00
parent 7754923278
commit e45da58a4a
No known key found for this signature in database
GPG key ID: 2F21225985069105
4 changed files with 68 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.github/workflows/deploy.yaml vendored
View file

@ -1,5 +1,11 @@
name: Build and deploy
# This workflow runs on pushes to main (typically,
# a merged pull request) and on pushes of tagged commits.
# Pushes to main will deploy to Unstable; tagged commits
# will deploy to Staging
on:
push:
branches:

2
docs/architecture/decisions/0007-python-buildpack.md
View file

@ -12,6 +12,8 @@ We had previously drafted ADRs to use Docker to build images for containerized d
Cloud.gov uses Cloud Foundry which provides several “buildpacks”. These are automated environments which will take a code repository of a certain language and do the usual setup steps to prepare a deployment of that code. In the case of Python, this means automated detection of Pipfile and installation of packages.
We do not anticipate needing a custom buildpack, because our current use case falls completely within the Python buildpack's purview.
## Decision
To use Cloud Foundrys Python buildpack.

59
docs/ops/README.md Normal file
View file

@ -0,0 +1,59 @@
# Operations
========================
## Authenticating
You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/).
We use the V7 Cloud Foundry CLI.
```shell
cf login -a api.fr.cloud.gov --sso
```
After authenticating, make sure you are targeting the correct org and space!
```bash
cf spaces
cf target -o <ORG> -s <SPACE>
```
## Rotating Environment Secrets
Secrets were originally created with:
```sh
cf cups getgov-credentials -p credentials-<ENVIRONMENT>.json
```
Where `credentials-<ENVIRONMENT>.json` looks like:
```json
{
"DJANGO_SECRET_KEY": "EXAMPLE",
...
}
```
You can see the current environment with `cf env <APP>`, for example `cf env getgov-dev`.
The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-<ENVIRONMENT>.json`.
To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it, then restage the app.
Example:
```bash
cf uups getgov-credentials -p credentials-unstable.json
cf restage getgov-dev --strategy rolling
```
Non-secret environment variables can be declared in `manifest-<ENVIRONMENT>.json` directly.
## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).

57
ops/README.md
View file

@ -3,59 +3,4 @@
This directory contains files related to deploying or running the application(s).
## Authenticating
You'll need the [Cloud Foundry CLI](https://docs.cloud.gov/getting-started/setup/).
We use the V7 Cloud Foundry CLI.
```shell
cf login -a api.fr.cloud.gov --sso
```
After authenticating, make sure you are targeting the correct org and space!
```bash
cf spaces
cf target -o <ORG> -s <SPACE>
```
## Rotating Secrets
Secrets were originally created with:
```sh
cf cups getgov-credentials -p credentials-<ENVIRONMENT>.json
```
Where `credentials-<ENVIRONMENT>.json` looks like:
```json
{
"DJANGO_SECRET_KEY": "EXAMPLE",
...
}
```
You can see the current environment with `cf env <APP>`, for example `cf env getgov-dev`.
The command `cups` stands for [create user provided service](https://docs.cloudfoundry.org/devguide/services/user-provided.html). User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in `manifest-<ENVIRONMENT>.json`.
To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it, then restage the app.
Example:
```bash
cf uups getgov-credentials -p credentials-dev.json
cf restage getgov-dev --strategy rolling
```
Non-secret environment variables can be declared in `manifest-<ENVIRONMENT>.json` directly.
## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).
Documentation is in [docs/ops](../docs/ops).