diff --git a/.gitignore b/.gitignore index aec881a..0679451 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,9 @@ -/config/application.yml /coverage/* !/coverage/.last_run.json /log /node_modules /public/assets /spec/examples.txt + +*.key +*.local diff --git a/Gemfile b/Gemfile index c8cfb15..a0641d3 100644 --- a/Gemfile +++ b/Gemfile @@ -3,8 +3,8 @@ source 'https://rubygems.org' ruby file: '.ruby-version' +gem 'activesupport', require: 'active_support/all' gem 'faraday-retry' -gem 'figaro' gem 'haml' gem 'octokit' gem 'omniauth-github' @@ -33,6 +33,7 @@ group :development do gem 'ed25519', require: false gem 'haml_lint', require: false gem 'irb' + gem 'railties', require: false gem 'rdoc', require: false gem 'rubocop', require: false gem 'rubocop-rake', require: false @@ -41,4 +42,5 @@ end group :development, :test do gem 'debug' + gem 'dotenv' end diff --git a/Gemfile.lock b/Gemfile.lock index 3e32099..5819152 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,6 +1,35 @@ GEM remote: https://rubygems.org/ specs: + actionpack (8.1.3) + actionview (= 8.1.3) + activesupport (= 8.1.3) + nokogiri (>= 1.8.5) + rack (>= 2.2.4) + rack-session (>= 1.0.1) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + useragent (~> 0.16) + actionview (8.1.3) + activesupport (= 8.1.3) + builder (~> 3.1) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activesupport (8.1.3) + base64 + bigdecimal + concurrent-ruby (~> 1.0, >= 1.3.1) + connection_pool (>= 2.2.5) + drb + i18n (>= 1.6, < 2) + json + logger (>= 1.4.2) + minitest (>= 5.1) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.9.0) public_suffix (>= 2.0.2, < 8.0) airbrussh (1.6.0) @@ -11,6 +40,7 @@ GEM bcrypt_pbkdf (1.1.2-arm64-darwin) bcrypt_pbkdf (1.1.2-x86_64-darwin) bigdecimal (4.0.1) + builder (3.3.0) capistrano (3.20.0) airbrussh (>= 1.0.0) i18n @@ -26,14 +56,19 @@ GEM capistrano (~> 3.1) capistrano-bundler (>= 1.1, < 3) concurrent-ruby (1.3.6) + connection_pool (3.0.2) + crass (1.0.6) date (3.5.1) debug (1.11.1) irb (~> 1.10) reline (>= 0.3.8) diff-lcs (1.6.2) docile (1.4.0) + dotenv (3.2.0) + drb (2.2.3) ed25519 (1.4.0) erb (6.0.1) + erubi (1.13.1) faker (3.8.0) i18n (>= 1.8.11, < 2) faraday (2.14.1) @@ -44,8 +79,6 @@ GEM net-http (~> 0.5) faraday-retry (2.4.0) faraday (~> 2.0) - figaro (1.3.0) - thor (>= 0.14.0, < 2) google-protobuf (4.34.1-arm64-darwin) bigdecimal rake (~> 13.3) @@ -82,7 +115,13 @@ GEM language_server-protocol (3.17.0.5) lint_roller (1.1.0) logger (1.7.0) + loofah (2.25.1) + crass (~> 1.0.2) + nokogiri (>= 1.12.0) mini_portile2 (2.8.9) + minitest (6.0.5) + drb (~> 2.0) + prism (~> 1.5) multi_xml (0.8.1) bigdecimal (>= 3.1, < 5) mustermann (3.0.4) @@ -150,6 +189,24 @@ GEM rack (>= 3.0.0) rack-test (2.2.0) rack (>= 1.3) + rackup (2.3.1) + rack (>= 3) + rails-dom-testing (2.3.0) + activesupport (>= 5.0.0) + minitest + nokogiri (>= 1.6) + rails-html-sanitizer (1.7.0) + loofah (~> 2.25) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) + railties (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) + irb (~> 1.13) + rackup (>= 1.0.0) + rake (>= 12.2) + thor (~> 1.0, >= 1.2.2) + tsort (>= 0.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.4.2) rdoc (7.2.0) @@ -209,6 +266,7 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) + securerandom (0.4.1) simplecov (0.22.0) docile (~> 1.1) simplecov-html (~> 0.11) @@ -245,11 +303,15 @@ GEM thor (1.5.0) tilt (2.7.0) tsort (0.2.0) + tzinfo (2.0.6) + concurrent-ruby (~> 1.0) unicode-display_width (3.2.0) unicode-emoji (~> 4.1) unicode-emoji (4.2.0) uri (1.1.1) + useragent (0.16.11) version_gem (1.1.3) + zeitwerk (2.7.5) PLATFORMS arm64-darwin @@ -259,6 +321,7 @@ PLATFORMS x86_64-linux DEPENDENCIES + activesupport bcrypt_pbkdf capistrano (~> 3.20) capistrano-bundler @@ -266,10 +329,10 @@ DEPENDENCIES capistrano-pending capistrano-rails debug + dotenv ed25519 faker faraday-retry - figaro haml haml_lint irb @@ -277,6 +340,7 @@ DEPENDENCIES omniauth-github puma rack-test + railties rake rdoc rspec @@ -291,6 +355,9 @@ DEPENDENCIES tilt CHECKSUMS + actionpack (8.1.3) sha256=af998cae4d47c5d581a2cc363b5c77eb718b7c4b45748d81b1887b25621c29a3 + actionview (8.1.3) sha256=1347c88c7f3edb38100c5ce0e9fb5e62d7755f3edc1b61cce2eb0b2c6ea2fd5d + activesupport (8.1.3) sha256=21a5e0dfbd4c3ddd9e1317ec6a4d782fa226e7867dc70b0743acda81a1dca20e addressable (2.9.0) sha256=7fdf6ac3660f7f4e867a0838be3f6cf722ace541dd97767fa42bc6cfa980c7af airbrussh (1.6.0) sha256=7e2cf581f2319d2c2b2b672c9fc486efb4dfcfed4bd2dadbef5f10b8b2a000d0 ast (2.4.3) sha256=954615157c1d6a382bc27d690d973195e79db7f55e9765ac7c481c60bdb4d383 @@ -299,23 +366,28 @@ CHECKSUMS bcrypt_pbkdf (1.1.2-arm64-darwin) sha256=afdd6feb6ed5a97b8e44caacb3f2d641b98af78e6a516d4a3520b69af5cf9fea bcrypt_pbkdf (1.1.2-x86_64-darwin) sha256=35f5639d0058e6c2cc2f856f9c0b14080543268d3047abe6bc81c513093caa0e bigdecimal (4.0.1) sha256=8b07d3d065a9f921c80ceaea7c9d4ae596697295b584c296fe599dd0ad01c4a7 + builder (3.3.0) sha256=497918d2f9dca528fdca4b88d84e4ef4387256d984b8154e9d5d3fe5a9c8835f capistrano (3.20.0) sha256=0113e58dda99add0342e56a244f664734c59f442c5ed734f5303b0b559b479c9 capistrano-bundler (2.2.0) sha256=47b4cf2ea17ea132bb0a5cabc5663443f5190a54f4da5b322d04e1558ff1468c capistrano-passenger (0.2.1) sha256=07a1d25edd5c1d909c19d4fe45fe2ea5f11200569f6967f6bff1d605ade98e13 capistrano-pending (0.2.0) sha256=f9e8c1e6b6a2ce760ed49ccb470c474f802c1d453704fb62d67ca4c1ee547066 capistrano-rails (1.7.0) sha256=aca57455e8c5435785e0f938e16aa5b79c263694a755e1dca1c5d1743b40aae7 concurrent-ruby (1.3.6) sha256=6b56837e1e7e5292f9864f34b69c5a2cbc75c0cf5338f1ce9903d10fa762d5ab + connection_pool (3.0.2) sha256=33fff5ba71a12d2aa26cb72b1db8bba2a1a01823559fb01d29eb74c286e62e0a + crass (1.0.6) sha256=dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d date (3.5.1) sha256=750d06384d7b9c15d562c76291407d89e368dda4d4fff957eb94962d325a0dc0 debug (1.11.1) sha256=2e0b0ac6119f2207a6f8ac7d4a73ca8eb4e440f64da0a3136c30343146e952b6 diff-lcs (1.6.2) sha256=9ae0d2cba7d4df3075fe8cd8602a8604993efc0dfa934cff568969efb1909962 docile (1.4.0) sha256=5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3 + dotenv (3.2.0) sha256=e375b83121ea7ca4ce20f214740076129ab8514cd81378161f11c03853fe619d + drb (2.2.3) sha256=0b00d6fdb50995fe4a45dea13663493c841112e4068656854646f418fda13373 ed25519 (1.4.0) sha256=16e97f5198689a154247169f3453ef4cfd3f7a47481fde0ae33206cdfdcac506 erb (6.0.1) sha256=28ecdd99c5472aebd5674d6061e3c6b0a45c049578b071e5a52c2a7f13c197e5 + erubi (1.13.1) sha256=a082103b0885dbc5ecf1172fede897f9ebdb745a4b97a5e8dc63953db1ee4ad9 faker (3.8.0) sha256=c147b308df73a90f27a4fc84f18d4c22ef0ad9c2a64b2b61c86fd0ca71753efc faraday (2.14.1) sha256=a43cceedc1e39d188f4d2cdd360a8aaa6a11da0c407052e426ba8d3fb42ef61c faraday-net_http (3.4.2) sha256=f147758260d3526939bf57ecf911682f94926a3666502e24c69992765875906c faraday-retry (2.4.0) sha256=7b79c48fb7e56526faf247b12d94a680071ff40c9fda7cf1ec1549439ad11ebe - figaro (1.3.0) sha256=3d44396f080255663f183572d7aefa419fd8936b6fb5cc30f962345a02781396 google-protobuf (4.34.1-arm64-darwin) sha256=2745061f973119e6e7f3c81a0c77025d291a3caa6585a2cd24a25bbc7bedb267 google-protobuf (4.34.1-x86-linux-gnu) sha256=b6da7891fe96b13038e5435d8ac8b8a84d78a468147a48a377fe8da40aba1c88 google-protobuf (4.34.1-x86_64-darwin) sha256=4dc498376e218871613589c4d872400d42ad9ae0c700bdb2606fe1c77a593075 @@ -331,7 +403,9 @@ CHECKSUMS language_server-protocol (3.17.0.5) sha256=fd1e39a51a28bf3eec959379985a72e296e9f9acfce46f6a79d31ca8760803cc lint_roller (1.1.0) sha256=2c0c845b632a7d172cb849cc90c1bce937a28c5c8ccccb50dfd46a485003cc87 logger (1.7.0) sha256=196edec7cc44b66cfb40f9755ce11b392f21f7967696af15d274dde7edff0203 + loofah (2.25.1) sha256=d436c73dbd0c1147b16c4a41db097942d217303e1f7728704b37e4df9f6d2e04 mini_portile2 (2.8.9) sha256=0cd7c7f824e010c072e33f68bc02d85a00aeb6fce05bb4819c03dfd3c140c289 + minitest (6.0.5) sha256=f007d7246bf4feea549502842cd7c6aba8851cdc9c90ba06de9c476c0d01155c multi_xml (0.8.1) sha256=addba0290bac34e9088bfe73dc4878530297a82a7bbd66cb44dcd0a4b86edf5a mustermann (3.0.4) sha256=85fadcb6b3c6493a8b511b42426f904b7f27b282835502233dd154daab13aa22 net-http (0.9.1) sha256=25ba0b67c63e89df626ed8fac771d0ad24ad151a858af2cc8e6a716ca4336996 @@ -362,6 +436,10 @@ CHECKSUMS rack-protection (4.2.1) sha256=cf6e2842df8c55f5e4d1a4be015e603e19e9bc3a7178bae58949ccbb58558bac rack-session (2.1.2) sha256=595434f8c0c3473ae7d7ac56ecda6cc6dfd9d37c0b2b5255330aa1576967ffe8 rack-test (2.2.0) sha256=005a36692c306ac0b4a9350355ee080fd09ddef1148a5f8b2ac636c720f5c463 + rackup (2.3.1) sha256=6c79c26753778e90983761d677a48937ee3192b3ffef6bc963c0950f94688868 + rails-dom-testing (2.3.0) sha256=8acc7953a7b911ca44588bf08737bc16719f431a1cc3091a292bca7317925c1d + rails-html-sanitizer (1.7.0) sha256=28b145cceaf9cc214a9874feaa183c3acba036c9592b19886e0e45efc62b1e89 + railties (8.1.3) sha256=913eb0e0cb520aac687ffd74916bd726d48fa21f47833c6292576ef6a286de22 rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a rake (13.4.2) sha256=cb825b2bd5f1f8e91ca37bddb4b9aaf345551b4731da62949be002fa89283701 rdoc (7.2.0) sha256=8650f76cd4009c3b54955eb5d7e3a075c60a57276766ebf36f9085e8c9f23192 @@ -384,6 +462,7 @@ CHECKSUMS sass-embedded (1.98.0-x86_64-darwin) sha256=a0b5b64f0157e2f1d713ac5ea75474c8507c464f0923090094471c33d4244484 sass-embedded (1.98.0-x86_64-linux-gnu) sha256=36b72021e00cfdd91ccb9eb490cff6addc376424cf9c2786f01392c8d0f0d4a0 sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca + securerandom (0.4.1) sha256=cc5193d414a4341b6e225f0cb4446aceca8e50d5e1888743fac16987638ea0b1 simplecov (0.22.0) sha256=fe2622c7834ff23b98066bb0a854284b2729a569ac659f82621fc22ef36213a5 simplecov-html (0.12.3) sha256=4b1aad33259ffba8b29c6876c12db70e5750cb9df829486e4c6e5da4fa0aa07b simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428 @@ -398,13 +477,16 @@ CHECKSUMS thor (1.5.0) sha256=e3a9e55fe857e44859ce104a84675ab6e8cd59c650a49106a05f55f136425e73 tilt (2.7.0) sha256=0d5b9ba69f6a36490c64b0eee9f6e9aad517e20dcc848800a06eb116f08c6ab3 tsort (0.2.0) sha256=9650a793f6859a43b6641671278f79cfead60ac714148aabe4e3f0060480089f + tzinfo (2.0.6) sha256=8daf828cc77bcf7d63b0e3bdb6caa47e2272dcfaf4fbfe46f8c3a9df087a829b unicode-display_width (3.2.0) sha256=0cdd96b5681a5949cdbc2c55e7b420facae74c4aaf9a9815eee1087cb1853c42 unicode-emoji (4.2.0) sha256=519e69150f75652e40bf736106cfbc8f0f73aa3fb6a65afe62fefa7f80b0f80f uri (1.1.1) sha256=379fa58d27ffb1387eaada68c749d1426738bd0f654d812fcc07e7568f5c57c6 + useragent (0.16.11) sha256=700e6413ad4bb954bb63547fa098dddf7b0ebe75b40cc6f93b8d54255b173844 version_gem (1.1.3) sha256=07ba4b679abc44198950d191a994d5a504f8f6aad470178e491467f638d0df60 + zeitwerk (2.7.5) sha256=d8da92128c09ea6ec62c949011b00ed4a20242b255293dd66bf41545398f73dd RUBY VERSION - ruby 3.4.8p72 + ruby 3.4.8p72 BUNDLED WITH - 4.0.3 + 4.0.3 diff --git a/README.md b/README.md index 21b8f98..b738927 100644 --- a/README.md +++ b/README.md @@ -20,19 +20,6 @@ script/setup Configuration ============= -`application.yml` ------------------ - -You'll need an OAuth app on GitHub in order to interact with the GitHub -API. See "[Creating an OAuth App][oaa]" for more information. For local -development, create an app with an "authorization callback URL" of -`http://localhost:9292/auth/github/callback`. - -Finally, if you want to interact with the GitHub API in the developer console, -You can create a [Personal Access Token][pat] (PAT). This is optional, but if -it's defined in the config, then `@training` in the console will be initialized -with that token. - `collaborators.yml` ------------------- @@ -62,6 +49,28 @@ instance of `DevTraining::Readme`, see the documentation for more information. Running the App =============== +You'll need an OAuth app on GitHub in order to interact with the GitHub +API. See "[Creating an OAuth App][oaa]" for more information. For local +development, create an app with an "authorization callback URL" of +`http://localhost:9292/auth/github/callback`. + +Finally, if you want to interact with the GitHub API in the developer console, +You can create a [Personal Access Token][pat] (PAT). This is optional, but if +it's defined in the config, then `@training` in the console will be initialized +with that token. + +```shell +# .env.local + +GITHUB_KEY=your_key +GITHUB_SECRET=your_secret + +# if using console PAT +GITHUB_TOKEN=your_token +``` + +Once your secrets are configured, + ```bash script/server ``` @@ -79,8 +88,7 @@ Developer Console script/console ``` -will load the `ApplicationConfiguration`, require the `DevTraining` libraries, -and (if possible) initialize a `DevTraining` with your PAT to `@training`. +will require the `DevTraining` libraries, and (if possible) initialize a `DevTraining` with your PAT to `@training`. Docs ---- diff --git a/Rakefile b/Rakefile index 8b45475..2b83fcf 100644 --- a/Rakefile +++ b/Rakefile @@ -2,9 +2,6 @@ require_relative 'config/environment' -require 'application_configuration' -ApplicationConfiguration.load! - require 'application_assets' require 'rake/sprocketstask' @@ -23,6 +20,36 @@ namespace :assets do end # rubocop:enable Rake/Desc +namespace :credentials do + desc 'Outputs the credentials stored in `ARGV[1]` (used by diff helper)' + task :diff do + credentials = ActiveSupport::EncryptedConfiguration.new( + config_path: File.expand_path(ARGV[1], __dir__), + key_path: CREDENTIALS.key_path, + env_key: CREDENTIALS.env_key, + raise_if_missing_key: false + ) + begin + puts credentials.read.presence || credentials.content_path.read + rescue ActiveSupport::MessageEncryptor::InvalidMessage + puts credentials.content_path.read + end + end + + desc 'Edit the credentials file using the system editor' + task :edit do + require 'rails/command/helpers/editor' + include Rails::Command::Helpers::Editor + + using_system_editor { CREDENTIALS.change { |tempfile| system_editor(tempfile) } } + end + + desc 'Show the credentials stored in the credentials file' + task :show do + puts CREDENTIALS.read.presence || 'No decryptable credentials found' + end +end + unless ENV.fetch('RACK_ENV', 'development') == 'production' require 'fileutils' require 'haml_lint/rake_task' diff --git a/config.ru b/config.ru index 5256b0c..99e0cb0 100644 --- a/config.ru +++ b/config.ru @@ -2,9 +2,6 @@ require_relative 'config/environment' -require 'application_configuration' -ApplicationConfiguration.load! - require 'application_assets' require 'dev_training_application' diff --git a/config/application.yml.example b/config/application.yml.example deleted file mode 100644 index bd88ddf..0000000 --- a/config/application.yml.example +++ /dev/null @@ -1,8 +0,0 @@ -development: - # https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app - github_key: - github_secret: - - # Optional: used in script/console - # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token - console_token: diff --git a/config/credentials.rb b/config/credentials.rb new file mode 100644 index 0000000..4b58275 --- /dev/null +++ b/config/credentials.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +require 'active_support/encrypted_configuration' + +CREDENTIALS = ActiveSupport::EncryptedConfiguration.new( + config_path: File.expand_path('dev-training-web.yml.enc', __dir__), + key_path: File.expand_path('dev-training-web.key', __dir__), + env_key: 'MASTER_KEY', + raise_if_missing_key: false +) diff --git a/config/deploy.rb b/config/deploy.rb index cf43434..b3006a2 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -13,7 +13,7 @@ set :keep_releases, 5 -append :linked_files, 'config/application.yml' +append :linked_files, 'config/dev-training-web.key' append :linked_dirs, 'log', 'public/assets' before 'git:check', 'git:allow_shared' diff --git a/config/dev-training-web.yml.enc b/config/dev-training-web.yml.enc new file mode 100644 index 0000000..9cb2b74 --- /dev/null +++ b/config/dev-training-web.yml.enc @@ -0,0 +1 @@ +YynZDONO7hVxzFtqmWG/jS+gvGDIeeXI8k1w96+hqpt4Un21ejPs2oX5QC6atuqtg7YVeA120QcT0MGjywtq/uKQ1pk4/RO85rWOlOd/+kvAVxSKsPNSDCtJ2iZzVj671fIZJe9+gh9f5wY8Rq3I0WOtpVhQ73D0sLQmFmPLmqL2O4FA+pwpx9xSUHeC143Z+KlQh4hYGo1LUmWGCyt7liJtoWhhlt+1HGtfg0tDIiI0OD0BONRM9sTVLaVhVPX2p6FsR3OO+F8ekEiCD38EhiE/iejYjQZrV+KJcJPMiiEDbCIyrDXfEA7TzPYbI3JAS8Wrjr1l--7DDqARDFnEmmUn+Z--nYFJbDi62FzlV0DT83Fmyg== \ No newline at end of file diff --git a/config/environment.rb b/config/environment.rb index 413c35a..2124121 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,8 @@ # frozen_string_literal: true +env = ENV.fetch('RACK_ENV', 'development') $LOAD_PATH.unshift File.expand_path('../lib', __dir__) require 'bundler/setup' -Bundler.require(:default, ENV.fetch('RACK_ENV', 'development')) +Bundler.require(:default, env) +Dotenv.load('.env', '.env.local', ".env.#{env}", ".env.#{env}.local") if defined?(Dotenv) +require_relative 'credentials' diff --git a/lib/application_configuration.rb b/lib/application_configuration.rb deleted file mode 100644 index 2b80aff..0000000 --- a/lib/application_configuration.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -require 'figaro' - -## -# helper module for loading Figaro configuration in the environment in a non- -# Rails application. -module ApplicationConfiguration - def self.config_file # :nodoc: - File.join(__dir__, '..', 'config', 'application.yml') - end - - ## - # Read the `config/application.yml` file and load it into `ENV` - def self.load! - Figaro.adapter = Figaro::Application - Figaro.application = Figaro::Application.new( - path: config_file, - environment: ENV['RACK_ENV'] || 'development' - ) - Figaro.load - end -end diff --git a/lib/application_secrets.rb b/lib/application_secrets.rb new file mode 100644 index 0000000..cfb99c4 --- /dev/null +++ b/lib/application_secrets.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +require 'securerandom' + +## +# helper module for loading secret values from environment/credentials. +module ApplicationSecrets + class << self + def session_secret + production? ? CREDENTIALS['session_secret'] : ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) } + end + + def github_key = production? ? CREDENTIALS['github_key'] : ENV.fetch('GITHUB_KEY', nil) + + def github_secret = production? ? CREDENTIALS['github_secret'] : ENV.fetch('GITHUB_SECRET', nil) + + private + + def production? = ENV['RACK_ENV'] == 'production' + end +end diff --git a/lib/dev_training_application.rb b/lib/dev_training_application.rb index bce7c01..8354ce6 100644 --- a/lib/dev_training_application.rb +++ b/lib/dev_training_application.rb @@ -2,6 +2,7 @@ require 'app_client' require 'application_assets' +require 'application_secrets' require 'dev_training' require 'logger' require 'rack/common_logger' @@ -25,11 +26,12 @@ class DevTrainingApplication < Sinatra::Base set :qualifications, proc { File.join root, 'config', 'qualifications.yml' } set :readme, proc { File.join root, 'config', 'README.md.erb' } set :app_client, (proc do - AppClient.new ENV.fetch('github_key'), ENV.fetch('github_secret') + AppClient.new ApplicationSecrets.github_key, ApplicationSecrets.github_secret end) set :sprockets, ApplicationAssets.new - set :sessions, (ENV['session_secret'] ? { secret: ENV['session_secret'] } : {}) + enable :sessions + set :session_secret, ApplicationSecrets.session_secret set :haml, layout: :application configure do @@ -57,7 +59,7 @@ def asset_path(file) # :nodoc: use OmniAuth::Builder do options = { scope: 'user:email, repo' } options[:provider_ignores_state] = true if ENV['RACK_ENV'] == 'development' - provider :github, ENV.fetch('github_key'), ENV.fetch('github_secret'), options + provider :github, ApplicationSecrets.github_key, ApplicationSecrets.github_secret, options end use Rack::Protection, use: %i[authenticity_token cookie_tossing form_token remote_referrer] diff --git a/script/console b/script/console index df34a17..e415909 100755 --- a/script/console +++ b/script/console @@ -3,11 +3,8 @@ require_relative '../config/environment' -require 'application_configuration' -ApplicationConfiguration.load! - require 'dev_training' -@training = DevTraining.new(ENV['console_token']) if ENV['console_token'] +@training = DevTraining.new(ENV['GITHUB_TOKEN']) if ENV['GITHUB_TOKEN'] $stdout.sync = true IRB.setup nil diff --git a/script/setup b/script/setup index 98439a8..2485054 100755 --- a/script/setup +++ b/script/setup @@ -17,6 +17,4 @@ FileUtils.chdir APP_ROOT do system('bundle check') || system!('bundle install') system('if command -v rbenv &> /dev/null; then rbenv rehash; fi') system 'npm install' - - FileUtils.cp 'config/application.yml.example', 'config/application.yml' unless File.exist?('config/application.yml') end diff --git a/spec/lib/application_configuration_spec.rb b/spec/lib/application_configuration_spec.rb deleted file mode 100644 index 52d43d5..0000000 --- a/spec/lib/application_configuration_spec.rb +++ /dev/null @@ -1,27 +0,0 @@ -# frozen_string_literal: true - -require 'application_configuration' - -RSpec.describe ApplicationConfiguration do - include MockYamlFile - - let(:config_file) { mock_yaml('application.yml', { 'test_key' => 'test_value' }) } - - before do - allow(described_class).to receive(:config_file).and_return(config_file) - end - - describe '.load!' do - subject(:call) { described_class.load! } - - before { call } - - it 'populates the Figaro store' do - expect(Figaro.env.test_key).to eq('test_value') - end - - it 'populates ENV' do - expect(ENV.fetch('test_key', nil)).to eq('test_value') - end - end -end diff --git a/spec/requests/dev_training_application_spec.rb b/spec/requests/dev_training_application_spec.rb index ea05d77..c3f73d0 100644 --- a/spec/requests/dev_training_application_spec.rb +++ b/spec/requests/dev_training_application_spec.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require 'app_client' +require 'application_secrets' require 'dev_training/repository' require 'dev_training/training' require 'dev_training_application' @@ -18,7 +19,8 @@ app.set :app_client, app_client app.set :host_authorization, { allow_if: ->(_) { true } } allow(app_client).to receive(:token_valid?).and_return(true) - stub_const 'ENV', { 'github_key' => 'key', 'github_secret' => 'secret' } + allow(ApplicationSecrets).to receive(:github_key).and_return('key') + allow(ApplicationSecrets).to receive(:github_secret).and_return('secret') OmniAuth.config.test_mode = true end