feat: add restrict:staging script#212
Open
cdtinney wants to merge 1 commit into
Open
Conversation
Wraps the two-step "set ALLOWED_SPOTIFY_IDS in /opt/spune-staging/.env and restart staging-app" workflow as a single laptop-side command that SSHes into the droplet. Idempotent (replaces existing line) and defaults to a single Spotify ID. Pairs with PR #211 (which adds the env var the server reads).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Wraps the two-step "set
ALLOWED_SPOTIFY_IDSand restart staging-app" workflow as a single laptop-side command. SSHes into the droplet, edits/opt/spune-staging/.env(replacing the existing line if present, otherwise appending), and runsdocker compose restart staging-app.Pairs with #211 (which adds the env var the server actually reads). This PR is independent of #211 — it only writes to a file and runs a container restart, both of which work regardless of whether the running staging image understands
ALLOWED_SPOTIFY_IDSyet.Defaults:
IDS=cdtinney,HOST=root@spune.tinney.dev. Validates that input is alphanumeric +,_-only to keep the value safe to interpolate into.envandsed.Testing
bash -n scripts/restrict-staging.sh(syntax-check) cleanpnpm restrict:stagingand confirm a non-allowlisted Spotify account is rejected at staging login (callback redirects to login page, no user row created)