From fd53765ab2caf009e2db7161c4e03a51980dbfd5 Mon Sep 17 00:00:00 2001 From: Josh Date: Tue, 19 Aug 2025 18:10:30 +0000 Subject: [PATCH] added cookie secrets to deploy --- .woodpecker.yml | 14 ++++++++++++-- deploy_all.sh | 1 + 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index ab00f4f..cc6e176 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -125,6 +125,16 @@ steps: export CORS_ALLOWED_ORIGINS APTIVA_API_BASE=$(gcloud secrets versions access latest --secret=APTIVA_API_BASE_$ENV --project=$PROJECT); \ export APTIVA_API_BASE + TOKEN_MAX_AGE=$(gcloud secrets versions access latest --secret=TOKEN_MAX_AGE_$ENV --project=$PROJECT); \ + export TOKEN_MAX_AGE + COOKIE_SECURE=$(gcloud secrets versions access latest --secret=COOKIE_SECURE_$ENV --project=$PROJECT); \ + export COOKIE_SECURE + COOKIE_SAMESITE=$(gcloud secrets versions access latest --secret=COOKIE_SAMESITE_$ENV --project=$PROJECT); \ + export COOKIE_SAMESITE + ACCESS_COOKIE_NAME=$(gcloud secrets versions access latest --secret=ACCESS_COOKIE_NAME_$ENV --project=$PROJECT); \ + export ACCESS_COOKIE_NAME + CORS_COOKIE_NAME=$(gcloud secrets versions access latest --secret=CORS_COOKIE_NAME_$ENV --project=$PROJECT); \ + export CORS_COOKIE_NAME export FROM_SECRETS_MANAGER=true; \ \ @@ -143,9 +153,9 @@ steps: fi; \ \ cd /home/jcoakley/aptiva-staging-app; \ - sudo --preserve-env=IMG_TAG,FROM_SECRETS_MANAGER,JWT_SECRET,OPENAI_API_KEY,ONET_USERNAME,ONET_PASSWORD,STRIPE_SECRET_KEY,STRIPE_PUBLISHABLE_KEY,STRIPE_WH_SECRET,STRIPE_PRICE_PREMIUM_MONTH,STRIPE_PRICE_PREMIUM_YEAR,STRIPE_PRICE_PRO_MONTH,STRIPE_PRICE_PRO_YEAR,DB_NAME,DB_HOST,DB_PORT,DB_USER,DB_PASSWORD,DB_SSL_CA,DB_SSL_CERT,DB_SSL_KEY,TWILIO_ACCOUNT_SID,TWILIO_AUTH_TOKEN,TWILIO_MESSAGING_SERVICE_SID,KMS_KEY_NAME,DEK_PATH,SUPPORT_SENDGRID_API_KEY,GOOGLE_MAPS_API_KEY,SERVER1_PORT,SERVER2_PORT,SERVER3_PORT,CORS_ALLOWED_ORIGINS,ENV_NAME,APTIVA_API_BASE \ + sudo --preserve-env=IMG_TAG,FROM_SECRETS_MANAGER,JWT_SECRET,OPENAI_API_KEY,ONET_USERNAME,ONET_PASSWORD,STRIPE_SECRET_KEY,STRIPE_PUBLISHABLE_KEY,STRIPE_WH_SECRET,STRIPE_PRICE_PREMIUM_MONTH,STRIPE_PRICE_PREMIUM_YEAR,STRIPE_PRICE_PRO_MONTH,STRIPE_PRICE_PRO_YEAR,DB_NAME,DB_HOST,DB_PORT,DB_USER,DB_PASSWORD,DB_SSL_CA,DB_SSL_CERT,DB_SSL_KEY,TWILIO_ACCOUNT_SID,TWILIO_AUTH_TOKEN,TWILIO_MESSAGING_SERVICE_SID,KMS_KEY_NAME,DEK_PATH,SUPPORT_SENDGRID_API_KEY,GOOGLE_MAPS_API_KEY,SERVER1_PORT,SERVER2_PORT,SERVER3_PORT,CORS_ALLOWED_ORIGINS,ENV_NAME,APTIVA_API_BASE,PROJECT,TOKEN_MAX_AGE,COOKIE_SECURE,COOKIE_SAMESITE,ACCESS_COOKIE_NAME \ docker compose pull; \ - sudo --preserve-env=IMG_TAG,FROM_SECRETS_MANAGER,JWT_SECRET,OPENAI_API_KEY,ONET_USERNAME,ONET_PASSWORD,STRIPE_SECRET_KEY,STRIPE_PUBLISHABLE_KEY,STRIPE_WH_SECRET,STRIPE_PRICE_PREMIUM_MONTH,STRIPE_PRICE_PREMIUM_YEAR,STRIPE_PRICE_PRO_MONTH,STRIPE_PRICE_PRO_YEAR,DB_NAME,DB_HOST,DB_PORT,DB_USER,DB_PASSWORD,DB_SSL_CA,DB_SSL_CERT,DB_SSL_KEY,TWILIO_ACCOUNT_SID,TWILIO_AUTH_TOKEN,TWILIO_MESSAGING_SERVICE_SID,KMS_KEY_NAME,DEK_PATH,SUPPORT_SENDGRID_API_KEY,GOOGLE_MAPS_API_KEY,SERVER1_PORT,SERVER2_PORT,SERVER3_PORT,CORS_ALLOWED_ORIGINS,ENV_NAME,APTIVA_API_BASE \ + sudo --preserve-env=IMG_TAG,FROM_SECRETS_MANAGER,JWT_SECRET,OPENAI_API_KEY,ONET_USERNAME,ONET_PASSWORD,STRIPE_SECRET_KEY,STRIPE_PUBLISHABLE_KEY,STRIPE_WH_SECRET,STRIPE_PRICE_PREMIUM_MONTH,STRIPE_PRICE_PREMIUM_YEAR,STRIPE_PRICE_PRO_MONTH,STRIPE_PRICE_PRO_YEAR,DB_NAME,DB_HOST,DB_PORT,DB_USER,DB_PASSWORD,DB_SSL_CA,DB_SSL_CERT,DB_SSL_KEY,TWILIO_ACCOUNT_SID,TWILIO_AUTH_TOKEN,TWILIO_MESSAGING_SERVICE_SID,KMS_KEY_NAME,DEK_PATH,SUPPORT_SENDGRID_API_KEY,GOOGLE_MAPS_API_KEY,SERVER1_PORT,SERVER2_PORT,SERVER3_PORT,CORS_ALLOWED_ORIGINS,ENV_NAME,APTIVA_API_BASE,PROJECT,TOKEN_MAX_AGE,COOKIE_SECURE,COOKIE_SAMESITE,ACCESS_COOKIE_NAME \ docker compose up -d --force-recreate --remove-orphans; \ echo "✅ Staging stack refreshed with tag $IMG_TAG"' diff --git a/deploy_all.sh b/deploy_all.sh index 4d7bd9f..4f1abe4 100755 --- a/deploy_all.sh +++ b/deploy_all.sh @@ -14,6 +14,7 @@ echo "🔧 Deploying environment: $ENV (GCP: $PROJECT)" SECRETS=( ENV_NAME PROJECT CORS_ALLOWED_ORIGINS + TOKEN_MAX_AGE COOKIE_SECURE COOKIE_SAMESITE ACCESS_COOKIE_NAME CORS_COOKIE_NAME COOKIE_SECRET SERVER1_PORT SERVER2_PORT SERVER3_PORT JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET