hephaestus 0.7.5.3 → 0.7.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/config/initializers/environment.rb +16 -27
- data/config/initializers/opentelemetry.rb +1 -1
- data/config/initializers/slack_webhook_logger.rb +14 -15
- data/lib/hephaestus/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '06919e0eb77dd697814949c6277748199dad368b99aced6a743011977dda7ce2'
|
4
|
+
data.tar.gz: 42119352711937a4498fe284838c71ade955fa8dc4352a8ffd8ca753a9af0116
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a652f7316f064d9348d7edd9a77f70dfb909b0933afcaa2f754962766f9afdf76ec46e790d1ae2e78e449b8667ecfc93883caf2e4af11afad49fc1c448cfd77c
|
7
|
+
data.tar.gz: 67f9a6c742247a646eda858416ae232c8244c304f572cbe91fd676a817b68f71e0d9fd46e322e194e7a75e44c5a5bb902ab0e0b96296ae1f4fc95ce989ac728c
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,15 @@
|
|
1
|
+
# [v0.7.6.1] - 21-11-2024
|
2
|
+
## What's Changed
|
3
|
+
* replace newlines by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/56
|
4
|
+
|
5
|
+
|
6
|
+
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.6...v0.7.6.1
|
7
|
+
# [v0.7.6] - 21-11-2024
|
8
|
+
## What's Changed
|
9
|
+
* Load secrets more efficiently by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/54
|
10
|
+
|
11
|
+
|
12
|
+
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.3...v0.7.6
|
1
13
|
# [v0.7.5.3] - 20-11-2024
|
2
14
|
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.5.2...v0.7.5.3
|
3
15
|
# [v0.7.5.2] - 20-11-2024
|
@@ -1,13 +1,7 @@
|
|
1
1
|
# typed: false
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
|
5
|
-
if productionish?
|
6
|
-
op_read("op://Plug-#{plug_name}/#{ENV["RAILS_ENV"].capitalize}/#{label}")
|
7
|
-
else
|
8
|
-
ENV.fetch(label.to_s, default.is_a?(Pathname) ? default.read : default)
|
9
|
-
end
|
10
|
-
end
|
4
|
+
OP_VAULT_SECRETS = {}
|
11
5
|
|
12
6
|
def fetch_infra_secret(label:, default:)
|
13
7
|
if productionish?
|
@@ -17,9 +11,9 @@ def fetch_infra_secret(label:, default:)
|
|
17
11
|
end
|
18
12
|
end
|
19
13
|
|
20
|
-
def
|
14
|
+
def fetch_vault_secret(label:, default:)
|
21
15
|
if productionish?
|
22
|
-
|
16
|
+
OP_VAULT_SECRETS.delete(label) || raise("Secret `#{label}` not found in 1Password")
|
23
17
|
else
|
24
18
|
ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
|
25
19
|
end
|
@@ -31,10 +25,7 @@ def op_read(label)
|
|
31
25
|
end
|
32
26
|
end
|
33
27
|
|
34
|
-
|
35
|
-
# to the platform, but we're not using those yet. feels "better"
|
36
|
-
# to have the plugs manage those on their own
|
37
|
-
def op_get_secrets(vault:, tag:)
|
28
|
+
def op_load_vault_into_env(vault:, tag:)
|
38
29
|
%x(#{include_sudo?}op item list --vault #{vault} --tags #{tag} --format json | #{include_sudo?}op item get - --reveal --format=json).tap do
|
39
30
|
raise "Failed to fetch value `#{vault}` for `#{tag}` from 1Password" unless $CHILD_STATUS.success?
|
40
31
|
end
|
@@ -107,36 +98,34 @@ module Hephaestus
|
|
107
98
|
"web.yetto.test"
|
108
99
|
end
|
109
100
|
|
110
|
-
# Every plug has
|
101
|
+
# Every plug has secrets; to reduce the amount of API calls to 1Password,
|
111
102
|
# we can grab one document that contains all the secrets we need
|
112
103
|
if productionish?
|
113
104
|
check_dependencies!
|
114
|
-
|
105
|
+
res = JSON.parse(op_load_vault_into_env(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"]))
|
106
|
+
["Common", "Unique", "Yetto"].each do |section_label|
|
107
|
+
res["fields"].select { |f| f["section"] && f["section"]["label"] }.each do |field|
|
108
|
+
next unless field["section"]["label"] == section_label
|
109
|
+
|
110
|
+
OP_VAULT_SECRETS[field["label"]] = field["value"].gsub("\\n", "\n")
|
111
|
+
end
|
112
|
+
end
|
115
113
|
end
|
116
114
|
|
117
|
-
SLACK_LOG_URL = fetch_document_secret(
|
118
|
-
fetched_secrets,
|
119
|
-
label: "SLACK_LOG_URL",
|
120
|
-
default: "https://slack.com/the_log_room",
|
121
|
-
)
|
122
|
-
|
123
115
|
YETTO_API_URL = "#{YETTO_URL}/api"
|
124
116
|
YETTO_REDIRECT_URL = productionish? ? "#{PROTOCOL}#{YETTO_URL}" : "#{PROTOCOL}127.0.0.1:3000"
|
125
117
|
|
126
|
-
YETTO_PLUG_PEM =
|
127
|
-
fetched_secrets,
|
118
|
+
YETTO_PLUG_PEM = fetch_vault_secret(
|
128
119
|
label: "YETTO_PLUG_PEM",
|
129
120
|
default: Rails.root.join("test/fixtures/files/fake_pem_file/fake.pem"),
|
130
121
|
)
|
131
122
|
|
132
|
-
YETTO_SIGNING_SECRET =
|
133
|
-
fetched_secrets,
|
123
|
+
YETTO_SIGNING_SECRET = fetch_vault_secret(
|
134
124
|
label: "YETTO_SIGNING_SECRET",
|
135
125
|
default: "super-secret",
|
136
126
|
)
|
137
127
|
|
138
|
-
YETTO_PLUG_ID =
|
139
|
-
fetched_secrets,
|
128
|
+
YETTO_PLUG_ID = fetch_vault_secret(
|
140
129
|
label: "YETTO_PLUG_ID",
|
141
130
|
default: "plug-id",
|
142
131
|
)
|
@@ -5,7 +5,7 @@ unless Rails.env.development?
|
|
5
5
|
# establish the environment for OTEL
|
6
6
|
ENV["OTEL_EXPORTER_OTLP_ENDPOINT"] = "https://api.honeycomb.io"
|
7
7
|
|
8
|
-
ENV["OTEL_EXPORTER_OTLP_HEADERS"] =
|
8
|
+
ENV["OTEL_EXPORTER_OTLP_HEADERS"] = fetch_vault_secret(
|
9
9
|
label: "OTEL_EXPORTER_OTLP_HEADERS",
|
10
10
|
default: "x-honeycomb-team=your-api-key",
|
11
11
|
)
|
@@ -3,21 +3,20 @@
|
|
3
3
|
|
4
4
|
require "slack_webhook_logger"
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
6
|
+
SlackWebhookLogger.setup do |config|
|
7
|
+
# Webhook URL
|
8
|
+
#
|
9
|
+
# The URL where messages will be sent.
|
10
|
+
config.webhook_url = fetch_infra_secret(
|
11
|
+
label: "SLACK_LOG_URL",
|
12
|
+
default: "https://slack.com/the_log_room",
|
13
|
+
)
|
13
14
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
15
|
+
# The minimum error level to see in Slack.
|
16
|
+
#
|
17
|
+
# All log levels are supported, but don't do anything less then :warn since Slack only allows one message
|
18
|
+
# per minute.
|
19
|
+
config.level = :WARN
|
19
20
|
|
20
|
-
|
21
|
-
end
|
22
|
-
end
|
21
|
+
config.ignore_patterns = [/Can't verify CSRF token authenticity/, /is not a valid MIME type/]
|
23
22
|
end
|
data/lib/hephaestus/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hephaestus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Garen Torikian
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-11-
|
11
|
+
date: 2024-11-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bootsnap
|