Merge pull request #3695 from consul/smtp_secrets

Define SMTP settings in secrets file

config/deploy.rb

@@ -21,7 +21,7 @@ set :log_level, :info
 set :pty, true
 set :use_sudo, false
 
-set :linked_files, %w[config/database.yml config/secrets.yml config/environments/production.rb]
+set :linked_files, %w[config/database.yml config/secrets.yml]
 set :linked_dirs, %w[log tmp public/system public/assets public/ckeditor_assets]
 
 set :keep_releases, 5
@@ -46,6 +46,9 @@ namespace :deploy do
   before "deploy:migrate", "remove_local_census_records_duplicates"
 
   after "deploy:migrate", "add_new_settings"
+
+  before :publishing, "smtp_ssl_and_delay_jobs_secrets"
+
   after :publishing, "deploy:restart"
   after :published, "delayed_job:restart"
   after :published, "refresh_sitemap"
@@ -127,3 +130,29 @@ task :setup_puma do
     end
   end
 end
+
+task :smtp_ssl_and_delay_jobs_secrets do
+  on roles(:app) do
+    within current_path do
+      with rails_env: fetch(:rails_env) do
+        tasks_file_path = "lib/tasks/secrets.rake"
+        shared_secrets_path = "#{shared_path}/config/secrets.yml"
+
+        unless test("[ -e #{current_path}/#{tasks_file_path} ]")
+          begin
+            unless test("[ -w #{shared_secrets_path} ]")
+              execute "sudo chown `whoami` #{shared_secrets_path}"
+              execute "chmod u+w #{shared_secrets_path}"
+            end
+
+            execute "cp #{release_path}/#{tasks_file_path} #{current_path}/#{tasks_file_path}"
+
+            execute :rake, "secrets:smtp_ssl_and_delay_jobs"
+          ensure
+            execute "rm #{current_path}/#{tasks_file_path}"
+          end
+        end
+      end
+    end
+  end
+end

config/environments/preproduction.rb

@@ -47,7 +47,8 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = true
+  # Configure force_ssl in secrets.yml
+  config.force_ssl = Rails.application.secrets.force_ssl
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
@@ -71,17 +72,11 @@ Rails.application.configure do
   config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name }
   config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}"
 
-  # SMTP configuration to deliver emails
-  # Uncomment the following block of code and add your SMTP service credentials
-  # config.action_mailer.delivery_method = :smtp
-  # config.action_mailer.smtp_settings = {
-  #   address:              "smtp.example.com",
-  #   port:                 587,
-  #   domain:               "example.com",
-  #   user_name:            "<username>",
-  #   password:             "<password>",
-  #   authentication:       "plain",
-  #   enable_starttls_auto: true }
+  # Configure your SMTP service credentials in secrets.yml
+  if Rails.application.secrets.smtp_settings
+    config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp
+    config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings
+  end
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).

config/environments/production.rb

@@ -49,7 +49,8 @@ Rails.application.configure do
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = true
+  # Configure force_ssl in secrets.yml
+  config.force_ssl = Rails.application.secrets.force_ssl
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
@@ -72,17 +73,11 @@ Rails.application.configure do
   config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name }
   config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}"
 
-  # SMTP configuration to deliver emails
-  # Uncomment the following block of code and add your SMTP service credentials
-  # config.action_mailer.delivery_method = :smtp
-  # config.action_mailer.smtp_settings = {
-  #   address:              "smtp.example.com",
-  #   port:                 587,
-  #   domain:               "example.com",
-  #   user_name:            "<username>",
-  #   password:             "<password>",
-  #   authentication:       "plain",
-  #   enable_starttls_auto: true }
+  # Configure your SMTP service credentials in secrets.yml
+  if Rails.application.secrets.smtp_settings
+    config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp
+    config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings
+  end
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).

config/environments/staging.rb

@@ -47,7 +47,8 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  config.force_ssl = true
+  # Configure force_ssl in secrets.yml
+  config.force_ssl = Rails.application.secrets.force_ssl
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
@@ -71,17 +72,11 @@ Rails.application.configure do
   config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name }
   config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}"
 
-  # SMTP configuration to deliver emails
-  # Uncomment the following block of code and add your SMTP service credentials
-  # config.action_mailer.delivery_method = :smtp
-  # config.action_mailer.smtp_settings = {
-  #   address:              "smtp.example.com",
-  #   port:                 587,
-  #   domain:               "example.com",
-  #   user_name:            "<username>",
-  #   password:             "<password>",
-  #   authentication:       "plain",
-  #   enable_starttls_auto: true }
+  # Configure your SMTP service credentials in secrets.yml
+  if Rails.application.secrets.smtp_settings
+    config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp
+    config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings
+  end
 
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).

config/initializers/delayed_job_config.rb

@@ -1,8 +1,11 @@
 if Rails.env.test? || Rails.env.development?
   Delayed::Worker.delay_jobs = false
-else
+elsif Rails.application.secrets.delay_jobs.nil?
   Delayed::Worker.delay_jobs = true
+else
+  Delayed::Worker.delay_jobs = Rails.application.secrets.delay_jobs
 end
+
 Delayed::Worker.destroy_failed_jobs = false
 Delayed::Worker.sleep_delay = 2
 Delayed::Worker.max_attempts = 3

config/secrets.yml.example

@@ -32,6 +32,8 @@ test:
 staging:
   secret_key_base: ""
   server_name: ""
+  force_ssl: true
+  delay_jobs: true
   rollbar_server_token: ""
   http_basic_username: ""
   http_basic_password: ""
@@ -44,6 +46,17 @@ staging:
 preproduction:
   secret_key_base: ""
   server_name: ""
+  # mailer_delivery_method: "smtp"
+  # smtp_settings:
+  #   address: "smtp.example.com"
+  #   port: 25
+  #   domain: "your_domain.com"
+  #   user_name: "<username>"
+  #   password: "<password>"
+  #   authentication: "plain"
+  #   enable_starttls_auto: true
+  force_ssl: true
+  delay_jobs: true
   rollbar_server_token: ""
   http_basic_username: ""
   http_basic_password: ""
@@ -61,6 +74,17 @@ preproduction:
 production:
   secret_key_base: ""
   server_name: ""
+  # mailer_delivery_method: "smtp"
+  # smtp_settings:
+  #   address: "smtp.example.com"
+  #   port: 25
+  #   domain: "your_domain.com"
+  #   user_name: "<username>"
+  #   password: "<password>"
+  #   authentication: "plain"
+  #   enable_starttls_auto: true
+  force_ssl: true
+  delay_jobs: true
   rollbar_server_token: ""
   http_basic_username: ""
   http_basic_password: ""

lib/tasks/secrets.rake

@@ -0,0 +1,29 @@
+namespace :secrets do
+  desc "Add SMTP, SSL and delay jobs settings to secrets.yml"
+  task smtp_ssl_and_delay_jobs: :environment do
+    current_settings = {
+      "mailer_delivery_method" => ActionMailer::Base.delivery_method.to_s,
+      "smtp_settings"          => ActionMailer::Base.smtp_settings.stringify_keys,
+      "force_ssl"              => Rails.application.config.force_ssl,
+      "delay_jobs"             => Delayed::Worker.delay_jobs
+    }
+
+    settings_to_add = current_settings.select do |name, _|
+      Rails.application.secrets[name].nil?
+    end
+
+    exit if settings_to_add.empty?
+
+    secrets = Rails.application.config.paths["config/secrets"].first
+    stream = Psych.parse_stream(File.read(secrets))
+    nodes = stream.children.first.children.first
+
+    environment_index = nodes.children.index do |child|
+      child.is_a?(Psych::Nodes::Scalar) && child.value == Rails.env
+    end
+
+    nodes.children[environment_index + 1].children.push(*Psych.parse(settings_to_add.to_yaml).children.first.children)
+
+    File.open(secrets, "w") { |file| file.write stream.to_yaml }
+  end
+end