zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-07-24 19:48:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Move to cloud.gov prototyping org with two spaces (#114)

Browse source 
move to prototyping org with two spaces
This commit is contained in:
Logan McDonald 2022-09-09 14:53:17 -04:00 committed by GitHub
parent d2da8d1d8f
commit edc0593859
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 69 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/ISSUE_TEMPLATE/developer-onboarding.md vendored
View file

@ -35,10 +35,10 @@ cf login -a api.fr.cloud.gov --sso
- [ ] Setup [commit signing in Github](#setting-up-commit-signing) and with git locally.
### Steps for the onboarder
- [ ] Add the onboardee to cloud.gov org and relevant spaces as a SpaceDeveloper
- [ ] Add the onboardee to cloud.gov org (cisa-getgov-prototyping) and relevant spaces (unstable) as a SpaceDeveloper
```bash
cf set-space-role <cloud.account@email.gov> sandbox-gsa dotgov-poc SpaceDeveloper
cf set-space-role <cloud.account@email.gov> cisa-getgov-prototyping unstable SpaceDeveloper
```
- [ ] Add the onboardee to our login.gov sandbox team (`.gov registrar poc`) via the [dashboard](https://dashboard.int.identitysandbox.gov/)

22
.github/workflows/deploy.yaml vendored
View file

@ -3,8 +3,7 @@ name: Build and deploy
# This workflow runs on pushes to main (typically,
# a merged pull request) and on pushes of tagged commits.
# Pushes to main will deploy to Unstable; tagged commits
# will deploy to Staging
# Pushes to main will deploy to Staging
on:
push:
@ -17,9 +16,9 @@ on:
workflow_dispatch:
jobs:
deploy-unstable:
deploy-staging:
# if this job runs on a branch, we deduce that code
# has been pushed to main and should be deployed to unstable
# has been pushed to main and should be deployed to staging
if: ${{ github.ref_type == 'branch' }}
runs-on: ubuntu-latest
steps:
@ -30,13 +29,8 @@ jobs:
env:
DEPLOY_NOW: thanks
with:
cf_username: ${{ secrets.CF_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }}
cf_org: sandbox-gsa
cf_space: dotgov-poc
push_arguments: "-f ops/manifests/manifest-unstable.yaml"
# deploy-staging:
# # if this job runs on a tag, we deduce that code
# # has been tagged for release and should be deployed to staging
# if: ${{ github.ref_type == 'tag' }}
cf_username: ${{ secrets.CF_STAGING_USERNAME }}
cf_password: ${{ secrets.CF_STAGING_PASSWORD }}
cf_org: cisa-getgov-prototyping
cf_space: staging
push_arguments: "-f ops/manifests/manifest-staging.yaml"

17
.github/workflows/migrate.yaml vendored
View file

@ -3,7 +3,7 @@ name: Run Migrations
# This workflow can be run from the CLI
# gh workflow run migrate.yaml -f environment=sandbox
# OR
# cf run-task getgov-unstable --wait \
# cf run-task getgov-staging --wait \
# --command 'python manage.py migrate' --name migrate
on:
@ -13,22 +13,19 @@ on:
type: choice
description: Where should we run migrations
options:
- unstable
- staging
jobs:
migrate-unstable:
if: ${{ github.event.inputs.environment == 'unstable' }}
migrate-staging:
if: ${{ github.event.inputs.environment == 'staging' }}
runs-on: ubuntu-latest
steps:
- name: Run Django migrations for unstable
- name: Run Django migrations for staging
uses: 18f/cg-deploy-action@main
with:
cf_username: ${{ secrets.CF_USERNAME }}
cf_password: ${{ secrets.CF_PASSWORD }}
cf_org: sandbox-gsa
cf_space: dotgov-poc
full_command: "cf run-task getgov-unstable --wait --command 'python manage.py migrate' --name migrate"
cf_org: cisa-getgov-prototyping
cf_space: staging
full_command: "cf run-task getgov-staging --wait --command 'python manage.py migrate' --name migrate"
# migrate:
# if: ${{ github.event.inputs.environment == 'staging' }}

12
docs/operations/README.md
View file

@ -28,8 +28,18 @@ cf target -o <ORG> -s <SPACE>
## Database
In sandbox, created with `cf create-service aws-rds micro-psql getgov-database`.
In sandbox, created with `cf create-service aws-rds micro-psql getgov-ENV-database`.
Binding the database in `manifest-<ENVIRONMENT>.json` automatically inserts the connection string into the environment as `DATABASE_URL`.
[Cloud.gov RDS documentation](https://cloud.gov/docs/services/relational-database/).
# Deploy
We have two environments: `unstable` and `staging`. Developers can deploy locally to unstable whenever they want. However, only our CD service can deploy to `staging`, and it does so on every commit to `main`. This is to ensure that we have a "golden" environment to point to, and can still test things out in an unstable space. To deploy locally to `unstable`:
```bash
cf target -o cisa-getgov-prototyping -s unstable
cf push getgov-unstable -f ops/manifests/manifest-unstable.yaml
cf run-task getgov-unstable --command 'python manage.py migrate' --name migrate
```

2
docs/operations/runbooks/rotate_application_secrets.md
View file

@ -27,7 +27,7 @@ To rotate secrets, create a new `credentials-<ENVIRONMENT>.json` file, upload it
Example:
```bash
cf uups getgov-credentials -p credentials-unstable.json
cf cups getgov-credentials -p credentials-unstable.json
cf restage getgov-unstable --strategy rolling
```

23
ops/manifests/manifest-staging.yaml Normal file
View file

@ -0,0 +1,23 @@
---
applications:
- name: getgov-staging
buildpacks:
- python_buildpack
path: ../../src
instances: 1
memory: 512M
stack: cflinuxfs3
timeout: 180
command: gunicorn registrar.config.wsgi -t 60
health-check-type: http
health-check-http-endpoint: /health
env:
# Send stdout and stderr straight to the terminal without buffering
PYTHONUNBUFFERED: yup
# Tell Django where to find its configuration
DJANGO_SETTINGS_MODULE: registrar.config.settings
routes:
- route: getgov-staging.app.cloud.gov
services:
- getgov-credentials
- getgov-staging-database

2
ops/manifests/manifest-unstable.yaml
View file

@ -20,4 +20,4 @@ applications:
- route: getgov-unstable.app.cloud.gov
services:
- getgov-credentials
- getgov-database
- getgov-unstable-database

21
ops/scripts/rotate_cloud_secrets.sh
View file

@ -1,11 +1,16 @@
# NOTE: This script does not work with cf v8. We recommend using cf v7 for all cloud.gov commands.
if [ ! $(command -v gh) ] || [ ! $(command -v jq) ] || [ ! $(command -v cf) ]; then
echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
exit 1
echo "jq, cf, and gh packages must be installed. Please install via your preferred manager."
exit 1
fi
cf spaces
read -p "Are you logged in to the dotgov-poc CF space above? (y/n) " -n 1 -r
if [ -z "$1" ]; then
echo 'Please specify a space to target (i.e. unstable, staging)' >&2
exit 1
fi
cf target -o cisa-getgov-prototyping -s $1
read -p "Are you logged in to the cisa-getgov-prototyping CF org above and targeting the correct space? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
@ -13,7 +18,7 @@ then
fi
gh auth status
read -p "Are you logged into a Github account with access to cisagov/dotgov? (y/n) " -n 1 -r
read -p "Are you logged into a Github account with access to cisagov/getgov? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
@ -21,6 +26,7 @@ then
fi
echo "Great, removing and replacing Github CD account..."
cf target -s $1
cf delete-service-key github-cd-account github-cd-key
cf create-service-key github-cd-account github-cd-key
cf service-key github-cd-account github-cd-key
@ -31,8 +37,9 @@ then
exit 1
fi
upcase_space=$(printf "%s" "$1" | tr '[:lower:]' '[:upper:]')
cf service-key github-cd-account github-cd-key | sed 1,2d | jq -r '[.username, .password]|@tsv' |
while read -r username password; do
gh secret --repo cisagov/dotgov set CF_USERNAME --body $username
gh secret --repo cisagov/dotgov set CF_PASSWORD --body $password
gh secret --repo cisagov/getgov set CF_${upcase_space}_USERNAME --body $username
gh secret --repo cisagov/getgov set CF_${upcase_space}_PASSWORD --body $password
done

1
src/registrar/config/settings.py
View file

@ -388,6 +388,7 @@ SECURE_SSL_REDIRECT = True
# web server configurations.
ALLOWED_HOSTS = [
"getgov-unstable.app.cloud.gov",
"getgov-staging.app.cloud.gov",
"get.gov",
]