zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-24 19:48:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Move to cloud.gov prototyping org with two spaces (#114)

Browse source 
move to prototyping org with two spaces
This commit is contained in:
Logan McDonald 2022-09-09 14:53:17 -04:00 committed by GitHub
parent d2da8d1d8f
commit edc0593859
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 69 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/ISSUE_TEMPLATE/developer-onboarding.md vendored
View file

@ -35,10 +35,10 @@ cf login -a api.fr.cloud.gov --sso
- [ ] Setup [commit signing in Github](#setting-up-commit-signing) and with git locally. - [ ] Setup [commit signing in Github](#setting-up-commit-signing) and with git locally.
### Steps for the onboarder ### Steps for the onboarder
- [ ] Add the onboardee to cloud.gov org and relevant spaces as a SpaceDeveloper - [ ] Add the onboardee to cloud.gov org (cisa-getgov-prototyping) and relevant spaces (unstable) as a SpaceDeveloper
```bash ```bash
cf set-space-role <cloud.account@email.gov> sandbox-gsa dotgov-poc SpaceDeveloper cf set-space-role <cloud.account@email.gov> cisa-getgov-prototyping unstable SpaceDeveloper
``` ```
- [ ] Add the onboardee to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/) - [ ] Add the onboardee to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/)

22
.github/workflows/deploy.yaml vendored
View file

@ -3,8 +3,7 @@ name: Build and deploy
# This workflow runs on pushes to main (typically, # This workflow runs on pushes to main (typically,
# a merged pull request) and on pushes of tagged commits. # a merged pull request) and on pushes of tagged commits.
# Pushes to main will deploy to Unstable; tagged commits # Pushes to main will deploy to Staging
# will deploy to Staging
on: on:
push: push:
@ -17,9 +16,9 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
deploy-unstable: deploy-staging:
# if this job runs on a branch, we deduce that code # if this job runs on a branch, we deduce that code
# has been pushed to main and should be deployed to unstable # has been pushed to main and should be deployed to staging
if: ${{ github.ref_type == 'branch' }} if: ${{ github.ref_type == 'branch' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@ -30,13 +29,8 @@ jobs:
env: env:
DEPLOY_NOW: thanks DEPLOY_NOW: thanks
with: with:
cf_username: ${{ secrets.CF_USERNAME }} cf_username: ${{ secrets.CF_STAGING_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }} cf_password: ${{ secrets.CF_STAGING_PASSWORD }}
cf_org: sandbox-gsa cf_org: cisa-getgov-prototyping
cf_space: dotgov-poc cf_space: staging
push_arguments: "-f ops/manifests/manifest-unstable.yaml" push_arguments: "-f ops/manifests/manifest-staging.yaml"
# deploy-staging:
# # if this job runs on a tag, we deduce that code
# # has been tagged for release and should be deployed to staging
# if: ${{ github.ref_type == 'tag' }}

17
.github/workflows/migrate.yaml vendored
View file

@ -3,7 +3,7 @@ name: Run Migrations
# This workflow can be run from the CLI # This workflow can be run from the CLI
# gh workflow run migrate.yaml -f environment=sandbox # gh workflow run migrate.yaml -f environment=sandbox
# OR # OR
# cf run-task getgov-unstable --wait \ # cf run-task getgov-staging --wait \
# --command 'python manage.py migrate' --name migrate # --command 'python manage.py migrate' --name migrate
on: on:
@ -13,22 +13,19 @@ on:
type: choice type: choice
description: Where should we run migrations description: Where should we run migrations
options: options:
- unstable
- staging - staging
jobs: jobs:
migrate-unstable: migrate-staging:
if: ${{ github.event.inputs.environment == 'unstable' }} if: ${{ github.event.inputs.environment == 'staging' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Run Django migrations for unstable - name: Run Django migrations for staging
uses: 18f/cg-deploy-action@main uses: 18f/cg-deploy-action@main
with: with:
cf_username: ${{ secrets.CF_USERNAME }} cf_username: ${{ secrets.CF_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }} cf_password: ${{ secrets.CF_PASSWORD }}
cf_org: sandbox-gsa cf_org: cisa-getgov-prototyping
cf_space: dotgov-poc cf_space: staging
full_command: "cf run-task getgov-unstable --wait --command 'python manage.py migrate' --name migrate" full_command: "cf run-task getgov-staging --wait --command 'python manage.py migrate' --name migrate"
# migrate:
# if: ${{ github.event.inputs.environment == 'staging' }}

14
docs/operations/README.md
View file

@ -28,8 +28,18 @@ cf target -o <ORG> -s <SPACE>
## Database ## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`. In sandbox, created with `cf create-service aws-rds micro-psql getgov-ENV-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`. Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/). [Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).
# Deploy
We have two environments: `unstable` and `staging`. Developers can deploy locally to unstable whenever they want. However, only our CD service can deploy to `staging`, and it does so on every commit to `main`. This is to ensure that we have a "golden" environment to point to, and can still test things out in an unstable space. To deploy locally to `unstable`:
```bash
cf target -o cisa-getgov-prototyping -s unstable
cf push getgov-unstable -f ops/manifests/manifest-unstable.yaml
cf run-task getgov-unstable --command 'python manage.py migrate' --name migrate
```

2
docs/operations/runbooks/rotate_application_secrets.md
View file

@ -27,7 +27,7 @@ To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it
Example: Example:
```bash ```bash
cf uups getgov-credentials -p credentials-unstable.json cf cups getgov-credentials -p credentials-unstable.json
cf restage getgov-unstable --strategy rolling cf restage getgov-unstable --strategy rolling
``` ```

23
ops/manifests/manifest-staging.yaml Normal file
View file

@ -0,0 +1,23 @@
---
applications:
- name: getgov-staging
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: gunicorn registrar.config.wsgi -t 60
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
routes:
- route: getgov-staging.app.cloud.gov
services:
- getgov-credentials
- getgov-staging-database

2
ops/manifests/manifest-unstable.yaml
View file

@ -20,4 +20,4 @@ applications:
- route: getgov-unstable.app.cloud.gov - route: getgov-unstable.app.cloud.gov
services: services:
- getgov-credentials - getgov-credentials
- getgov-database - getgov-unstable-database

21
ops/scripts/rotate_cloud_secrets.sh
View file

@ -1,11 +1,16 @@
# NOTE: This script does not work with cf v8. We recommend using cf v7 for all cloud.gov commands. # NOTE: This script does not work with cf v8. We recommend using cf v7 for all cloud.gov commands.
if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
echo "jq, cf, and gh packages must be installed. Please install via your preferred manager." echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
exit 1 exit 1
fi fi
cf spaces if [ -z "$1" ]; then
read -p "Are you logged in to the dotgov-poc CF space above? (y/n) " -n 1 -r echo 'Please specify a space to target (i.e. unstable, staging)' >&2
exit 1
fi
cf target -o cisa-getgov-prototyping -s $1
read -p "Are you logged in to the cisa-getgov-prototyping CF org above and targeting the correct space? (y/n) " -n 1 -r
echo echo
if [[ ! $REPLY =~ ^[Yy]$ ]] if [[ ! $REPLY =~ ^[Yy]$ ]]
then then
@ -13,7 +18,7 @@ then
fi fi
gh auth status gh auth status
read -p "Are you logged into a Github account with access to cisagov/dotgov? (y/n) " -n 1 -r read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
echo echo
if [[ ! $REPLY =~ ^[Yy]$ ]] if [[ ! $REPLY =~ ^[Yy]$ ]]
then then
@ -21,6 +26,7 @@ then
fi fi
echo "Great, removing and replacing Github CD account..." echo "Great, removing and replacing Github CD account..."
cf target -s $1
cf delete-service-key github-cd-account github-cd-key cf delete-service-key github-cd-account github-cd-key
cf create-service-key github-cd-account github-cd-key cf create-service-key github-cd-account github-cd-key
cf service-key github-cd-account github-cd-key cf service-key github-cd-account github-cd-key
@ -31,8 +37,9 @@ then
exit 1 exit 1
fi fi
upcase_space=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
cf service-key github-cd-account github-cd-key | sed 1,2d | jq -r '[.username, .password]|@tsv' | cf service-key github-cd-account github-cd-key | sed 1,2d | jq -r '[.username, .password]|@tsv' |
while read -r username password; do while read -r username password; do
gh secret --repo cisagov/dotgov set CF_USERNAME --body $username gh secret --repo cisagov/getgov set CF_${upcase_space}_USERNAME --body $username
gh secret --repo cisagov/dotgov set CF_PASSWORD --body $password gh secret --repo cisagov/getgov set CF_${upcase_space}_PASSWORD --body $password
done done

1
src/registrar/config/settings.py
View file

@ -388,6 +388,7 @@ SECURE_SSL_REDIRECT = True
# web server configurations. # web server configurations.
ALLOWED_HOSTS = [ ALLOWED_HOSTS = [
"getgov-unstable.app.cloud.gov", "getgov-unstable.app.cloud.gov",
"getgov-staging.app.cloud.gov",
"get.gov", "get.gov",
] ]