hephaestus 0.7.7.2 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/app/controllers/concerns/hephaestus/validates_from_yetto.rb +0 -4
- data/app/controllers/hephaestus/staff_controller.rb +1 -1
- data/config/database.yml +18 -14
- data/config/environments/development.rb +0 -4
- data/config/environments/production.rb +0 -4
- data/config/environments/staging.rb +0 -4
- data/config/initializers/application.rb +8 -0
- data/config/initializers/environment.rb +5 -28
- data/config/initializers/slack_webhook_logger.rb +1 -1
- data/lib/hephaestus/engine.rb +31 -0
- data/lib/hephaestus/test_helper.rb +1 -1
- data/lib/hephaestus/version.rb +1 -1
- metadata +17 -19
- data/config/initializers/litestream.rb +0 -36
- data/config/litestream.yml +0 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6d608f8db96e9184b69b2f95dad4ac2b32ed62c9dd40f4dcc3b2fc898c54d029
|
4
|
+
data.tar.gz: cd431bcd1720b972d23e36e98d312ad9eff3cdd49f812d2a917923e776e24598
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ff05e79f785f869d1897d343e6a8b9b82b71a9102395ab047c4e5c259c2892b90317d81b2b1218ec2b3bf4b808c6fee39217adb47ba5fbbd35284d91908f79da
|
7
|
+
data.tar.gz: 0131ff14683882ec145c89088532ee61fd6fbc760918afd305d4e6243f5c0ebaba31d7d3b33dcd62cf500a0141281201d668eb212c836638b6e1a359c74c756a
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,11 @@
|
|
1
|
+
# [v0.8.1] - 25-11-2024
|
2
|
+
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.8.0...v0.8.1
|
3
|
+
# [v0.8.0] - 25-11-2024
|
4
|
+
## What's Changed
|
5
|
+
* End the promise of litefs by @gjtorikian in https://github.com/yettoapp/hephaestus/pull/63
|
6
|
+
|
7
|
+
|
8
|
+
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.7.2...v0.8.0
|
1
9
|
# [v0.7.7.2] - 21-11-2024
|
2
10
|
**Full Changelog**: https://github.com/yettoapp/hephaestus/compare/v0.7.7...v0.7.7.2
|
3
11
|
# [v0.7.7] - 21-11-2024
|
data/config/database.yml
CHANGED
@@ -4,17 +4,17 @@
|
|
4
4
|
# Ensure the SQLite 3 gem is defined in your Gemfile
|
5
5
|
# gem "sqlite3"
|
6
6
|
#
|
7
|
-
|
7
|
+
default_local: &default_local
|
8
8
|
adapter: sqlite3
|
9
9
|
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
|
10
10
|
timeout: 5000
|
11
11
|
|
12
12
|
development:
|
13
13
|
primary:
|
14
|
-
<<: *
|
15
|
-
database: storage/development.sqlite3
|
14
|
+
<<: *default_local
|
15
|
+
database: "storage/development.sqlite3"
|
16
16
|
queue:
|
17
|
-
<<: *
|
17
|
+
<<: *default_local
|
18
18
|
database: storage/development_queue.sqlite3
|
19
19
|
migrations_paths: db/queue_migrate
|
20
20
|
|
@@ -24,14 +24,18 @@ development:
|
|
24
24
|
# Do not set this db to the same as development or production.
|
25
25
|
test:
|
26
26
|
primary:
|
27
|
-
<<: *
|
27
|
+
<<: *default_local
|
28
28
|
database: storage/test.sqlite3
|
29
29
|
queue:
|
30
|
-
<<: *
|
30
|
+
<<: *default_local
|
31
31
|
database: storage/test_queue.sqlite3
|
32
32
|
migrations_paths: db/queue_migrate
|
33
33
|
|
34
34
|
|
35
|
+
default_productionish: &default_productionish
|
36
|
+
adapter: postgresql
|
37
|
+
pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
|
38
|
+
timeout: 5000
|
35
39
|
|
36
40
|
# SQLite3 write its data on the local filesystem, as such it requires
|
37
41
|
# persistent disks. If you are deploying to a managed service, you should
|
@@ -41,18 +45,18 @@ test:
|
|
41
45
|
# ensure the database is located in a persisted volume.
|
42
46
|
staging:
|
43
47
|
primary:
|
44
|
-
<<: *
|
45
|
-
|
48
|
+
<<: *default_productionish
|
49
|
+
url: <%= ENV["DATABASE_URL"] %>
|
46
50
|
queue:
|
47
|
-
<<: *
|
48
|
-
|
51
|
+
<<: *default_productionish
|
52
|
+
url: <%= ENV["DATABASE_URL"] %>
|
49
53
|
migrations_paths: db/queue_migrate
|
50
54
|
|
51
55
|
production:
|
52
56
|
primary:
|
53
|
-
<<: *
|
54
|
-
|
57
|
+
<<: *default_productionish
|
58
|
+
url: <%= ENV["DATABASE_URL"] %>
|
55
59
|
queue:
|
56
|
-
<<: *
|
57
|
-
|
60
|
+
<<: *default_productionish
|
61
|
+
url: <%= ENV["DATABASE_URL"] %>
|
58
62
|
migrations_paths: db/queue_migrate
|
@@ -66,10 +66,6 @@ Rails.application.configure do
|
|
66
66
|
# Raise error when a before_action's only/except options reference missing actions.
|
67
67
|
config.action_controller.raise_on_missing_callback_actions = true
|
68
68
|
|
69
|
-
config.active_job.queue_adapter = :solid_queue
|
70
|
-
config.solid_queue.silence_polling = true
|
71
|
-
config.solid_queue.connects_to = { database: { writing: :queue } }
|
72
|
-
|
73
69
|
# Apply autocorrection by RuboCop to files generated by `bin/rails generate`.
|
74
70
|
# config.generators.apply_rubocop_autocorrect_after_generate!
|
75
71
|
|
@@ -59,10 +59,6 @@ Rails.application.configure do
|
|
59
59
|
# Use a different cache store in production.
|
60
60
|
# config.cache_store = :mem_cache_store
|
61
61
|
|
62
|
-
# Use a real queuing backend for Active Job (and separate queues per environment).
|
63
|
-
config.active_job.queue_adapter = :solid_queue
|
64
|
-
config.solid_queue.connects_to = { database: { writing: :queue } }
|
65
|
-
|
66
62
|
# config.active_job.queue_name_prefix = "plug_email_production"
|
67
63
|
|
68
64
|
if defined?(ActionMailer)
|
@@ -59,10 +59,6 @@ Rails.application.configure do
|
|
59
59
|
# Use a different cache store in production.
|
60
60
|
# config.cache_store = :mem_cache_store
|
61
61
|
|
62
|
-
# Use a real queuing backend for Active Job (and separate queues per environment).
|
63
|
-
config.active_job.queue_adapter = :solid_queue
|
64
|
-
config.solid_queue.connects_to = { database: { writing: :queue } }
|
65
|
-
|
66
62
|
if defined?(ActionMailer)
|
67
63
|
# Disable caching for Action Mailer templates even if Action Controller
|
68
64
|
# caching is enabled.
|
@@ -11,4 +11,12 @@ Rails.application.configure do
|
|
11
11
|
|
12
12
|
# Remove this in rails 8.1 as it will be the default
|
13
13
|
config.active_support.to_time_preserves_timezone = :zone
|
14
|
+
|
15
|
+
if Rails.env.test?
|
16
|
+
config.active_job.queue_adapter = :test
|
17
|
+
else
|
18
|
+
config.active_job.queue_adapter = :solid_queue
|
19
|
+
config.solid_queue.silence_polling = !Rails.env.local?
|
20
|
+
config.solid_queue.connects_to = { database: { writing: :queue } }
|
21
|
+
end
|
14
22
|
end
|
@@ -3,14 +3,6 @@
|
|
3
3
|
|
4
4
|
OP_VAULT_SECRETS = {}
|
5
5
|
|
6
|
-
def fetch_infra_secret(label:, default:)
|
7
|
-
if productionish?
|
8
|
-
op_read("op://Infra/Global Secrets/#{label}")
|
9
|
-
else
|
10
|
-
ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
6
|
def fetch_vault_secret(label:, default:)
|
15
7
|
if productionish?
|
16
8
|
OP_VAULT_SECRETS.delete(label) || raise("Secret `#{label}` not found in 1Password")
|
@@ -19,29 +11,14 @@ def fetch_vault_secret(label:, default:)
|
|
19
11
|
end
|
20
12
|
end
|
21
13
|
|
22
|
-
def op_read(label)
|
23
|
-
%x(#{include_sudo?}op read "#{label}").chomp.tap do
|
24
|
-
raise "Failed to fetch `#{label}` from 1Password" unless $CHILD_STATUS.success?
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
14
|
def op_load_vault_into_env(vault:, tag:)
|
29
15
|
%x(#{include_sudo?}op item list --vault #{vault} --tags #{tag} --format json | #{include_sudo?}op item get - --reveal --format=json).tap do
|
30
16
|
raise "Failed to fetch value `#{vault}` for `#{tag}` from 1Password" unless $CHILD_STATUS.success?
|
31
17
|
end
|
32
18
|
end
|
33
19
|
|
34
|
-
def
|
35
|
-
|
36
|
-
end
|
37
|
-
|
38
|
-
def cli_installed?
|
39
|
-
%x(#{include_sudo?}op --version 2> /dev/null)
|
40
|
-
$CHILD_STATUS.success?
|
41
|
-
end
|
42
|
-
|
43
|
-
def include_sudo?
|
44
|
-
productionish? ? "sudo -E " : ""
|
20
|
+
def load_vault_secret(field)
|
21
|
+
OP_VAULT_SECRETS[field["label"]] = field["value"].gsub("\\n", "\n")
|
45
22
|
end
|
46
23
|
|
47
24
|
def productionish?
|
@@ -101,13 +78,12 @@ module Hephaestus
|
|
101
78
|
# Every plug has secrets; to reduce the amount of API calls to 1Password,
|
102
79
|
# we can grab one document that contains all the secrets we need
|
103
80
|
if productionish?
|
104
|
-
check_dependencies!
|
105
81
|
res = JSON.parse(op_load_vault_into_env(vault: "Plug-#{plug_name}", tag: ENV["RAILS_ENV"]))
|
106
82
|
["Common", "Unique", "Yetto"].each do |section_label|
|
107
83
|
res["fields"].select { |f| f["section"] && f["section"]["label"] }.each do |field|
|
108
84
|
next unless field["section"]["label"] == section_label
|
109
85
|
|
110
|
-
|
86
|
+
load_vault_secret(field)
|
111
87
|
end
|
112
88
|
end
|
113
89
|
end
|
@@ -122,7 +98,8 @@ module Hephaestus
|
|
122
98
|
|
123
99
|
YETTO_SIGNING_SECRET = fetch_vault_secret(
|
124
100
|
label: "YETTO_SIGNING_SECRET",
|
125
|
-
|
101
|
+
# this is a fake 32-bit secret
|
102
|
+
default: "caae20f6dcb2b745003abe043f2d9b56",
|
126
103
|
)
|
127
104
|
|
128
105
|
YETTO_PLUG_ID = fetch_vault_secret(
|
@@ -7,7 +7,7 @@ SlackWebhookLogger.setup do |config|
|
|
7
7
|
# Webhook URL
|
8
8
|
#
|
9
9
|
# The URL where messages will be sent.
|
10
|
-
config.webhook_url = fetch_infra_secret(
|
10
|
+
config.webhook_url = Hephaestus::Engine.fetch_infra_secret(
|
11
11
|
label: "SLACK_#{Rails.env.upcase}_LOG_URL",
|
12
12
|
default: "https://slack.com/the_log_room",
|
13
13
|
)
|
data/lib/hephaestus/engine.rb
CHANGED
@@ -60,6 +60,37 @@ module Hephaestus
|
|
60
60
|
match("/*unmatched_route", to: "application#not_found", via: :all)
|
61
61
|
end
|
62
62
|
end
|
63
|
+
|
64
|
+
# we need to check if the 1Password CLI is installed and load it ASAP,
|
65
|
+
# because it contains all the secrets
|
66
|
+
def fetch_infra_secret(label:, default:)
|
67
|
+
if productionish?
|
68
|
+
op_read("op://Infra/Global Secrets/#{label}")
|
69
|
+
else
|
70
|
+
ENV.fetch(label, default.is_a?(Pathname) ? default.read : default)
|
71
|
+
end
|
72
|
+
end
|
63
73
|
end
|
74
|
+
|
75
|
+
def op_read(label)
|
76
|
+
%x(#{include_sudo?}op read "#{label}").chomp.tap do
|
77
|
+
raise "Failed to fetch `#{label}` from 1Password" unless $CHILD_STATUS.success?
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def check_dependencies!
|
82
|
+
raise "1Password CLI is not installed" unless cli_installed?
|
83
|
+
end
|
84
|
+
|
85
|
+
def cli_installed?
|
86
|
+
%x(#{include_sudo?}op --version 2> /dev/null)
|
87
|
+
$CHILD_STATUS.success?
|
88
|
+
end
|
89
|
+
|
90
|
+
def include_sudo?
|
91
|
+
!Rails.env.local? ? "sudo -E " : ""
|
92
|
+
end
|
93
|
+
|
94
|
+
check_dependencies! unless Rails.env.local?
|
64
95
|
end
|
65
96
|
end
|
data/lib/hephaestus/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hephaestus
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Garen Torikian
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-11-
|
11
|
+
date: 2024-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bootsnap
|
@@ -114,21 +114,6 @@ dependencies:
|
|
114
114
|
- !ruby/object:Gem::Version
|
115
115
|
version: '2.8'
|
116
116
|
force_ruby_platform: false
|
117
|
-
- !ruby/object:Gem::Dependency
|
118
|
-
name: litestream
|
119
|
-
requirement: !ruby/object:Gem::Requirement
|
120
|
-
requirements:
|
121
|
-
- - "~>"
|
122
|
-
- !ruby/object:Gem::Version
|
123
|
-
version: '0.12'
|
124
|
-
type: :runtime
|
125
|
-
prerelease: false
|
126
|
-
version_requirements: !ruby/object:Gem::Requirement
|
127
|
-
requirements:
|
128
|
-
- - "~>"
|
129
|
-
- !ruby/object:Gem::Version
|
130
|
-
version: '0.12'
|
131
|
-
force_ruby_platform: false
|
132
117
|
- !ruby/object:Gem::Dependency
|
133
118
|
name: lograge
|
134
119
|
requirement: !ruby/object:Gem::Requirement
|
@@ -189,6 +174,21 @@ dependencies:
|
|
189
174
|
- !ruby/object:Gem::Version
|
190
175
|
version: '3.0'
|
191
176
|
force_ruby_platform: false
|
177
|
+
- !ruby/object:Gem::Dependency
|
178
|
+
name: pg
|
179
|
+
requirement: !ruby/object:Gem::Requirement
|
180
|
+
requirements:
|
181
|
+
- - "~>"
|
182
|
+
- !ruby/object:Gem::Version
|
183
|
+
version: '1.5'
|
184
|
+
type: :runtime
|
185
|
+
prerelease: false
|
186
|
+
version_requirements: !ruby/object:Gem::Requirement
|
187
|
+
requirements:
|
188
|
+
- - "~>"
|
189
|
+
- !ruby/object:Gem::Version
|
190
|
+
version: '1.5'
|
191
|
+
force_ruby_platform: false
|
192
192
|
- !ruby/object:Gem::Dependency
|
193
193
|
name: puma
|
194
194
|
requirement: !ruby/object:Gem::Requirement
|
@@ -438,11 +438,9 @@ files:
|
|
438
438
|
- config/initializers/environment.rb
|
439
439
|
- config/initializers/filter_parameter_logging.rb
|
440
440
|
- config/initializers/inflections.rb
|
441
|
-
- config/initializers/litestream.rb
|
442
441
|
- config/initializers/lograge.rb
|
443
442
|
- config/initializers/opentelemetry.rb
|
444
443
|
- config/initializers/slack_webhook_logger.rb
|
445
|
-
- config/litestream.yml
|
446
444
|
- config/puma.rb
|
447
445
|
- config/queue.yml
|
448
446
|
- config/recurring.yml
|
@@ -1,36 +0,0 @@
|
|
1
|
-
# typed: false
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
# Use this hook to configure the litestream-ruby gem.
|
5
|
-
# All configuration options will be available as environment variables, e.g.
|
6
|
-
# config.replica_bucket becomes LITESTREAM_REPLICA_BUCKET
|
7
|
-
# This allows you to configure Litestream using Rails encrypted credentials,
|
8
|
-
# or some other mechanism where the values are only avaialble at runtime.
|
9
|
-
|
10
|
-
Rails.application.configure do
|
11
|
-
# An example of using Rails encrypted credentials to configure Litestream.
|
12
|
-
# litestream_credentials = Rails.application.credentials.litestream
|
13
|
-
|
14
|
-
# Replica-specific bucket location.
|
15
|
-
# This will be your bucket's URL without the `https://` prefix.
|
16
|
-
# For example, if you used DigitalOcean Spaces, your bucket URL could look like:
|
17
|
-
# https://myapp.fra1.digitaloceanspaces.com
|
18
|
-
# And so you should set your `replica_bucket` to:
|
19
|
-
# myapp.fra1.digitaloceanspaces.com
|
20
|
-
# Litestream supports Azure Blog Storage, Backblaze B2, DigitalOcean Spaces,
|
21
|
-
# Scaleway Object Storage, Google Cloud Storage, Linode Object Storage, and
|
22
|
-
# any SFTP server.
|
23
|
-
# In this example, we are using Rails encrypted credentials to store the URL to
|
24
|
-
# our storage provider bucket.
|
25
|
-
# config.litestream.replica_bucket = litestream_credentials&.replica_bucket
|
26
|
-
|
27
|
-
# Replica-specific authentication key.
|
28
|
-
# Litestream needs authentication credentials to access your storage provider bucket.
|
29
|
-
# In this example, we are using Rails encrypted credentials to store the access key ID.
|
30
|
-
# config.litestream.replica_key_id = litestream_credentials&.replica_key_id
|
31
|
-
|
32
|
-
# Replica-specific secret key.
|
33
|
-
# Litestream needs authentication credentials to access your storage provider bucket.
|
34
|
-
# In this example, we are using Rails encrypted credentials to store the secret access key.
|
35
|
-
# config.litestream.replica_access_key = litestream_credentials&.replica_access_key
|
36
|
-
end
|
data/config/litestream.yml
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
# This is the actual configuration file for litestream.
|
2
|
-
#
|
3
|
-
# You can either use the generated `config/initializers/litestream.rb`
|
4
|
-
# file to configure the litestream-ruby gem, which will populate these
|
5
|
-
# ENV variables when using the `rails litestream:replicate` command.
|
6
|
-
#
|
7
|
-
# Or, if you prefer, manually manage ENV variables and this configuration file.
|
8
|
-
# In that case, simply ensure that the ENV variables are set before running the
|
9
|
-
# `replicate` command.
|
10
|
-
#
|
11
|
-
# For more details, see: https://litestream.io/reference/config/
|
12
|
-
dbs:
|