capistrano-secrets-yml 0.0.1 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +8 -0
  3. data/README.md +79 -1
  4. data/lib/capistrano/secrets_yml/helpers.rb +36 -5
  5. data/lib/capistrano/secrets_yml/paths.rb +2 -0
  6. data/lib/capistrano/secrets_yml/version.rb +1 -1
  7. data/lib/capistrano/tasks/secrets_yml.rake +27 -4
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 92c88d7979d7b310daac29ae043c02b728a8c085
4
- data.tar.gz: de32134712eadaf043ec6333dd540d354c8366a8
3
+ metadata.gz: f46c44749e9fcebe92a01299f3efb8f8d0ab06e6
4
+ data.tar.gz: 00676a1660ab65452ecf72599997a448b700abcb
5
5
  SHA512:
6
- metadata.gz: 6f79f1eb349ed50b9997e3cfa4b01956175cdf874e0aa68b635fe9da88e526cb5eab764a933a8b9208c64d37d4cd8580462a4fa1f08afe9e2f03b5a1d8cc1702
7
- data.tar.gz: 98d72f548463a9f78e1c3adfff6cefa904856667043470f0007754ce9212840ef96f46a9c54e84400b1f2c505506cbad4284484efdb22034f05f0a30b0fbff5b
6
+ metadata.gz: b6d082628416e66f917c3a4dfda4a12ce31b89de606b737c48abce2a21f757d795f3a8dc203dad9b762ffebb186eba29b6ae49327fa0fea78f3f7734c1921f0a
7
+ data.tar.gz: 4eabb79353d80269863b4dae6b824cddc528573349f4a7b8b654cf26fb3ceda0402a5b63f02660b65a81febbeedffea06c1a20583f0433aa992cfb20c324497b
data/CHANGELOG.md CHANGED
@@ -1,4 +1,12 @@
1
1
  # Changelog
2
2
 
3
3
  ### master
4
+
5
+ ### v1.0.0, 2014-10-07
6
+ - added a check if `secrets.yml` is removed from git
7
+ - add content to the README
8
+ - improve checks for `secrets.yml`
9
+
10
+ ### v0.0.1, 2014-10-07
4
11
  - started the project
12
+ - first working version
data/README.md CHANGED
@@ -1,3 +1,81 @@
1
1
  # Capistrano::SecretsYml
2
2
 
3
- Capistrano tasks for handling `secrets.yml` file in Rails 4+.
3
+ Capistrano tasks for handling `secrets.yml` when deploying Rails 4+ apps.
4
+
5
+ ### Install
6
+
7
+ Add this to `Gemfile`:
8
+
9
+ group :development do
10
+ gem 'capistrano', '~> 3.2.1'
11
+ gem 'capistrano-secrets-yml', '~> 1.0.0'
12
+ end
13
+
14
+ And then:
15
+
16
+ $ bundle install
17
+
18
+ ### Setup and usage
19
+
20
+ - make sure your local `config/secrets.yml` is not git tracked. It **should be on
21
+ the disk**, but gitignored.
22
+
23
+ - populate production secrets in local `config/secrets.yml`:
24
+
25
+ production:
26
+ secret_key_base: d6ced...
27
+
28
+ - add to `Capfile`:
29
+
30
+ require 'capistrano/secrets_yml'
31
+
32
+ - create `secrets.yml` file on the remote server by executing this task:
33
+
34
+ $ bundle exec cap production setup
35
+
36
+ You can now proceed with other deployment tasks.
37
+
38
+ #### What if a new config is added to secrets file?
39
+
40
+ - add it in local `config/secrets.yml`:
41
+
42
+ production:
43
+ secret_key_base: d6ced...
44
+ foobar: some_other_secret
45
+
46
+ - and copy to the server:
47
+
48
+ $ bundle exec cap production setup
49
+
50
+ ### How it works
51
+
52
+ When you execute `$ bundle exec production setup`:
53
+
54
+ - secrets from your local `secrets.yml` are copied to the server.<br/>
55
+ - only "stage" secrets are copied: if you are deploying to `production`,
56
+ only production secrets are copied there
57
+ - on the server secrets file is located in `#{shared_path}/config/secrets.yml`
58
+
59
+ On deployment:
60
+
61
+ - secrets file is automatically symlinked to `#{current_path}/config/secrets.yml`
62
+
63
+ ### Configuration
64
+
65
+ None.
66
+
67
+ ### FAQ
68
+
69
+ - shouldn't we be keeping configuration in environment variables as per
70
+ [12 factor app rules](http://12factor.net/config)?
71
+
72
+ On Heroku, yes.<br/>
73
+ With Capistrano, those env vars still have to be written somewhere on the disk
74
+ and used with a tool like [dotenv](https://github.com/bkeepers/dotenv).
75
+
76
+ Since we have to keep configuration on the disk anyway, it probably makes
77
+ sense to use Rails 4 built-in `secrets.yml` mechanism.
78
+
79
+ ### License
80
+
81
+ [MIT](LICENSE.md)
data/lib/capistrano/secrets_yml/helpers.rb CHANGED
@@ -1,16 +1,47 @@
1
+ require "yaml"
2
+
1
3
  module Capistrano
2
4
  module SecretsYml
3
5
  module Helpers
4
6
 
5
- def read_local_secrets_yml
7
+ def local_secrets_yml(env)
6
8
  @local_secrets_yml ||= YAML.load_file(secrets_yml_local_path)
9
+ @local_secrets_yml[env]
10
+ end
11
+
12
+ def secrets_yml_env
13
+ fetch(:secrets_yml_env).to_s
7
14
  end
8
15
 
9
16
  def secrets_yml_content
10
- @content ||= begin
11
- env = fetch(:secrets_yml_env).to_s
12
- Hash[env => read_local_secrets_yml.fetch(env)].to_yaml
13
- end
17
+ { secrets_yml_env => local_secrets_yml(secrets_yml_env) }.to_yaml
18
+ end
19
+
20
+ # error helpers
21
+
22
+ def check_git_tracking_error
23
+ puts
24
+ puts "Error - please remove '#{fetch(:secrets_yml_local_path)}' from git:"
25
+ puts
26
+ puts " $ git rm --cached #{fetch(:secrets_yml_local_path)}"
27
+ puts
28
+ puts "and gitignore it:"
29
+ puts
30
+ puts " $ echo '#{fetch(:secrets_yml_local_path)}' >> .gitignore"
31
+ puts
32
+ end
33
+
34
+ def check_config_present_error
35
+ puts
36
+ puts "Error - '#{secrets_yml_env}' config not present in '#{fetch(:secrets_yml_local_path)}'."
37
+ puts "Please populate it."
38
+ puts
39
+ end
40
+
41
+ def check_secrets_file_exists_error
42
+ puts
43
+ puts "Error - '#{fetch(:secrets_yml_local_path)}' file does not exists, and it's required."
44
+ puts
14
45
  end
15
46
 
16
47
  end
data/lib/capistrano/secrets_yml/paths.rb CHANGED
@@ -1,3 +1,5 @@
1
+ require "pathname"
2
+
1
3
  module Capistrano
2
4
  module SecretsYml
3
5
  module Paths
data/lib/capistrano/secrets_yml/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module SecretsYml
3
- VERSION = "0.0.1"
3
+ VERSION = "1.0.0"
4
4
  end
5
5
  end
data/lib/capistrano/tasks/secrets_yml.rake CHANGED
@@ -1,8 +1,6 @@
1
1
  include Capistrano::SecretsYml::Paths
2
2
  include Capistrano::SecretsYml::Helpers
3
-
4
- namespace :load do
5
- task :defaults do
3
+ namespace :load do task :defaults do
6
4
  set :secrets_yml_local_path, "config/secrets.yml"
7
5
  set :secrets_yml_remote_path, "config/secrets.yml"
8
6
  set :secrets_yml_env, -> { fetch(:rails_env) || fetch(:stage) }
@@ -11,8 +9,33 @@ end
11
9
 
12
10
  namespace :secrets_yml do
13
11
 
12
+ task :check_secrets_file_exists do
13
+ next if File.exists?(secrets_yml_local_path)
14
+ check_secrets_file_exists_error
15
+ exit 1
16
+ end
17
+
18
+ task :check_git_tracking do
19
+ next unless system("git ls-files #{fetch(:secrets_yml_local_path)} --error-unmatch >/dev/null 2>&1")
20
+ check_git_tracking_error
21
+ exit 1
22
+ end
23
+
24
+ task :check_config_present do
25
+ next unless local_secrets_yml(secrets_yml_env).nil?
26
+ check_config_present_error
27
+ exit 1
28
+ end
29
+
30
+ desc "secrets.yml file checks"
31
+ task :check do
32
+ invoke "secrets_yml:check_secrets_file_exists"
33
+ invoke "secrets_yml:check_git_tracking"
34
+ invoke "secrets_yml:check_config_present"
35
+ end
36
+
14
37
  desc "Setup `secrets.yml` file on the server(s)"
15
- task :setup do
38
+ task setup: [:check] do
16
39
  content = secrets_yml_content
17
40
  on release_roles :all do
18
41
  execute :mkdir, "-pv", File.dirname(secrets_yml_remote_path)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-secrets-yml
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bruno Sutic