-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
23 changed files
with
291 additions
and
278 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,4 +5,5 @@ nav: | |
- website | ||
- backend | ||
- Discord Bot: discord-bot | ||
- Music Bot: music-bot | ||
- DevOps: devops |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,8 +1,9 @@ | ||
# Config | ||
|
||
The behaviour of the server is determined by config files located underneath `src/config`. Config files end in `.config.json`, and are automatically ignored by the repository's `.gitignore` to avoid leaking sensitive information into the git commit history. | ||
The behavior of the server is determined by config files located underneath `src/config`. Config files end in `.config.json`, and are automatically ignored by the repository's `.gitignore` to avoid leaking sensitive information into the git commit history. | ||
|
||
There are two config files needed: | ||
|
||
- `auth.config.json` | ||
- `server.config.json` | ||
|
||
|
@@ -12,52 +13,48 @@ The repository provides templates files ending in `.config.template.json` for th | |
|
||
- `type` - The type of server this config file is for. It can be set to either `"production"` or `"debug"`. If you are using `"debug"`, make sure to also name the config as `auth.debug.config.json`. | ||
- `rootUsers` - An array of root users that can have complete access to the backend. | ||
- Users are objects with a `username` and a `password`. | ||
- Users are objects with a `username` and a `password`. | ||
- `jwt` - Settings for JSON web tokens. We use JSON web tokens for authentication | ||
- `secret` - A string used to sign a JSON web token. This can be set to anything, but must be kept a secret. | ||
- `secret` - A string used to sign a JSON web token. This can be set to anything, but must be kept a secret. | ||
- `oauth` - Settings for authentication | ||
- `discord` - Settings for discord authentication. | ||
- `stategyConfig` | ||
- `clientID` - Discord OAuth client ID. You can find this on the Discord developers dashboard on the COGS discord account. | ||
- `clientSecret` - Discord OAuth client secret. You ask an existing webmaster for the secret. | ||
- `google` - Settings for google authentication. Even though Google login functionality is implemented in both the backend and the frontend, it is currently unused in favor of only having Discord authentication. Therefore, filling out the google settings is optional. | ||
- `stategyConfig` | ||
- `clientID` - Google OAuth client ID. You can find this on the Google developer dashboard on the COGS google account. | ||
- `clientSecret` - Google OAuth client secret. You ask an existing webmaster for the secret. | ||
- `discord` - Settings for discord authentication. | ||
- `strategyConfig` | ||
- `clientID` - Discord OAuth client ID. You can find this on the Discord developers dashboard on the COGS discord account. | ||
- `clientSecret` - Discord OAuth client secret. You ask an existing webmaster for the secret. | ||
- `google` - Settings for google authentication. Even though Google login functionality is implemented in both the backend and the frontend, it is currently unused in favor of only having Discord authentication. Therefore, filling out the google settings is optional. | ||
- `strategyConfig` | ||
- `clientID` - Google OAuth client ID. You can find this on the Google developer dashboard on the COGS google account. | ||
- `clientSecret` - Google OAuth client secret. You ask an existing webmaster for the secret. | ||
|
||
## Server Config | ||
|
||
- `type` - The type of server this config file is for. It can be set to either `"production"` or `"debug"`. If you are using `"debug"`, make sure to also name the config as `server.debug.config.json`. | ||
- `mongoDB` - MongoDB settings | ||
- `url` - Connection string to MongoDB database. | ||
- `dbName` - Name of the database. For production it should be `maindb`. | ||
- `url` - Connection string to MongoDB database. | ||
- `dbName` - Name of the database. For production it should be `maindb`. | ||
- `nodemailer` - Nodemailer settings. See the [Nodemailer section](#nodemailer) for more information. | ||
- `backendDomain` - The domain for the backend. | ||
- `frontendDomain` - The domain for the frontend. | ||
|
||
### Nodemailer | ||
|
||
For debugging purposes you can use a free platform like [mailtrap](https://mailtrap.io/) to preview emails. | ||
For debugging purposes you can use a free platform like [mailtrap](https://mailtrap.io/) to preview emails. | ||
|
||
```yaml | ||
"nodemailer": { | ||
"nodemailer": | ||
{ | ||
"host": "smtp.mailtrap.io", | ||
"auth": { | ||
"user": "", | ||
"pass": "" | ||
}, | ||
"port": 2525 | ||
} | ||
"auth": { "user": "", "pass": "" }, | ||
"port": 2525, | ||
} | ||
``` | ||
|
||
For the release config you can use Gmail transport settings, so the emails are sent using our noreply gmail account: | ||
|
||
```yaml | ||
"nodemailer": { | ||
"nodemailer": | ||
{ | ||
"service": "Gmail", | ||
"auth": { | ||
"user": "[email protected]", | ||
"pass": "" | ||
} | ||
} | ||
``` | ||
"auth": { "user": "[email protected]", "pass": "" }, | ||
} | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,46 +10,45 @@ Continuous integration and deployment is the process of automatically running un | |
|
||
## Website | ||
|
||
We use this for our website, since it's hosted on Github Pages. Inside our `rucogs.github.io` repository, we have `.github/workflows/gh-pages-deployment.yml` workflow show below. This workflow automatically builds and deploys the website to Github Pages any time there is a commit made to the `main` branch. | ||
We use this for our website, since it's hosted on Github Pages. Inside our `rucogs.github.io` repository, we have `.github/workflows/gh-pages-deployment.yml` workflow show below. This workflow automatically builds and deploys the website to Github Pages any time there is a commit made to the `main` branch. | ||
|
||
```yaml | ||
name: Deploy to GitHub Pages | ||
|
||
on: | ||
push: | ||
branches: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly. | ||
with: | ||
persist-credentials: false | ||
- name: Use Node.js (Latest) | ||
uses: actions/setup-node@v2 | ||
with: | ||
node-version: '14' | ||
check-latest: true | ||
- name: Build | ||
run: | | ||
npm install -g @angular/cli | ||
npm install | ||
npm run build | ||
cp dist/index.html dist/404.html | ||
- name: Deploy | ||
uses: JamesIves/[email protected] | ||
with: | ||
branch: gh-pages # The branch the action should deploy to. | ||
folder: dist # The folder the action should deploy. | ||
- name: Checkout | ||
uses: actions/checkout@v2 # If you're using actions/checkout@v2 you must set persist-credentials to false in most cases for the deployment to work correctly. | ||
with: | ||
persist-credentials: false | ||
- name: Use Node.js (Latest) | ||
uses: actions/setup-node@v2 | ||
with: | ||
node-version: "14" | ||
check-latest: true | ||
- name: Build | ||
run: | | ||
npm install -g @angular/cli | ||
npm install | ||
npm run build | ||
cp dist/index.html dist/404.html | ||
- name: Deploy | ||
uses: JamesIves/[email protected] | ||
with: | ||
branch: gh-pages # The branch the action should deploy to. | ||
folder: dist # The folder the action should deploy. | ||
``` | ||
## Backups | ||
We also use Github Actions to automate backups of both the database and users' uploaded files. Inside our `rucogs-infrastructure-backup` repository, we have `.github/workflows/actions.yml` workflow shown below. This workflows requires the URI connection string to the MongoDB database, as well as the | ||
|
||
We also use Github Actions to automate backups of both the database and users' uploaded files. Inside our `rucogs-infrastructure-backup` repository, we have `.github/workflows/actions.yml` workflow shown below. This workflows requires the URI connection string to the MongoDB database, as well as the | ||
|
||
```yaml | ||
name: 📦 Make Backups | ||
|
@@ -88,15 +87,15 @@ jobs: | |
uses: actions/upload-artifact@v3 | ||
with: | ||
name: mongodump | ||
path: mongodump.zip | ||
path: mongodump.zip | ||
uploads-backup: | ||
name: Uploads Backup | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Download uploads folder | ||
run: sshpass -p "${{ secrets.BACKEND_ROOT_PASS }}" scp -o StrictHostKeyChecking=no -r "${{ secrets.BACKEND_URI }}:${{ env.BACKEND_UPLOADS_DIR }}" ./uploads | ||
- name: Zip uploads | ||
run: 7z a uploads.zip uploads | ||
|
@@ -106,7 +105,7 @@ jobs: | |
name: uploads | ||
path: uploads.zip | ||
retention-days: 1 | ||
create-release: | ||
needs: [mongodb-backup, uploads-backup] | ||
name: Create Release | ||
|
@@ -132,7 +131,7 @@ jobs: | |
Backed up to ready to go! 🚀 | ||
draft: false | ||
prerelease: false | ||
upload-release-artifacts: | ||
needs: create-release | ||
name: Upload Release Artifacts | ||
|
@@ -146,7 +145,7 @@ jobs: | |
with: | ||
name: ${{ matrix.artifact_name }} | ||
path: ./ | ||
- name: Upload Artifact to Release | ||
id: upload-release-asset | ||
uses: softprops/action-gh-release@v1 | ||
|
@@ -160,18 +159,18 @@ jobs: | |
|
||
### Environment Variables | ||
|
||
Nonsensitive configuration can be done in the workflow file itself | ||
Nonsensitive configuration can be done in the workflow file itself | ||
|
||
- `MONGODB_TOOLS_DOWNLOAD` - A environment variable that links to a download for `mongodump`, a tool that can dump the contents of the database into a file. | ||
We use this to create a backup of the MongoDB database hosted on MongoDB Atlas. | ||
- `BACKEND_UPLOADS_DIR` - A environment variable that holds the absolute path to directory of the uploads folder within the backend server. | ||
- ` cron: "0 0 * * 0"` - Sets up a the backup action to run every month using a cron expression. You can use [crontab.guru](https://crontab.guru/) to build a cron expression. | ||
At the moment it runs the action at 00:00 on Sundays. | ||
- `BACKEND_UPLOADS_DIR` - A environment variable that holds the absolute path to directory of the uploads folder within the backend server. | ||
- ` cron: "0 0 * * 0"` - Sets up a the backup action to run every month using a cron expression. You can use [crontab.guru](https://crontab.guru/) to build a cron expression. | ||
At the moment it runs the action at 00:00 on Sundays. | ||
### Secrets | ||
### Secrets | ||
Sensitive information is stored as a repository secret on our Github repository. Here is a list of the follow secrets that can be configured | ||
- `MONGO_URI` - The [MongoDB connection string](https://www.mongodb.com/docs/manual/reference/connection-string/) used to connect to our `MainDB` databse | ||
- `MONGO_URI` - The [MongoDB connection string](https://www.mongodb.com/docs/manual/reference/connection-string/) used to connect to our `MainDB` database | ||
- `BACKEND_URI` - The ssh connection string to the backend. It's typically `[email protected]` where `123.45.678` represents your server's ip address. | ||
- `BACKEND_ROOT_PASS` - The root password of the database. | ||
- `BACKEND_ROOT_PASS` - The password of the backend for the user you specified in the `BACKEND_URI`. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.