diff --git a/config/deploy.rb b/config/deploy.rb index 3129cfd38..7a10e80ed 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -21,7 +21,7 @@ set :log_level, :info set :pty, true set :use_sudo, false -set :linked_files, %w[config/database.yml config/secrets.yml config/environments/production.rb] +set :linked_files, %w[config/database.yml config/secrets.yml] set :linked_dirs, %w[log tmp public/system public/assets public/ckeditor_assets] set :keep_releases, 5 @@ -46,6 +46,9 @@ namespace :deploy do before "deploy:migrate", "remove_local_census_records_duplicates" after "deploy:migrate", "add_new_settings" + + before :publishing, "smtp_ssl_and_delay_jobs_secrets" + after :publishing, "deploy:restart" after :published, "delayed_job:restart" after :published, "refresh_sitemap" @@ -127,3 +130,29 @@ task :setup_puma do end end end + +task :smtp_ssl_and_delay_jobs_secrets do + on roles(:app) do + within current_path do + with rails_env: fetch(:rails_env) do + tasks_file_path = "lib/tasks/secrets.rake" + shared_secrets_path = "#{shared_path}/config/secrets.yml" + + unless test("[ -e #{current_path}/#{tasks_file_path} ]") + begin + unless test("[ -w #{shared_secrets_path} ]") + execute "sudo chown `whoami` #{shared_secrets_path}" + execute "chmod u+w #{shared_secrets_path}" + end + + execute "cp #{release_path}/#{tasks_file_path} #{current_path}/#{tasks_file_path}" + + execute :rake, "secrets:smtp_ssl_and_delay_jobs" + ensure + execute "rm #{current_path}/#{tasks_file_path}" + end + end + end + end + end +end diff --git a/config/environments/preproduction.rb b/config/environments/preproduction.rb index 78a443249..39c060f13 100644 --- a/config/environments/preproduction.rb +++ b/config/environments/preproduction.rb @@ -47,7 +47,8 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. @@ -71,17 +72,11 @@ Rails.application.configure do config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name } config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}" - # SMTP configuration to deliver emails - # Uncomment the following block of code and add your SMTP service credentials - # config.action_mailer.delivery_method = :smtp - # config.action_mailer.smtp_settings = { - # address: "smtp.example.com", - # port: 587, - # domain: "example.com", - # user_name: "", - # password: "", - # authentication: "plain", - # enable_starttls_auto: true } + # Configure your SMTP service credentials in secrets.yml + if Rails.application.secrets.smtp_settings + config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp + config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings + end # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). diff --git a/config/environments/production.rb b/config/environments/production.rb index 6c23b8ab5..707331124 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -49,7 +49,8 @@ Rails.application.configure do # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. @@ -72,17 +73,11 @@ Rails.application.configure do config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name } config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}" - # SMTP configuration to deliver emails - # Uncomment the following block of code and add your SMTP service credentials - # config.action_mailer.delivery_method = :smtp - # config.action_mailer.smtp_settings = { - # address: "smtp.example.com", - # port: 587, - # domain: "example.com", - # user_name: "", - # password: "", - # authentication: "plain", - # enable_starttls_auto: true } + # Configure your SMTP service credentials in secrets.yml + if Rails.application.secrets.smtp_settings + config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp + config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings + end # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 8e64e9fae..f47529f64 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -47,7 +47,8 @@ Rails.application.configure do # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # Configure force_ssl in secrets.yml + config.force_ssl = Rails.application.secrets.force_ssl # Use the lowest log level to ensure availability of diagnostic information # when problems arise. @@ -71,17 +72,11 @@ Rails.application.configure do config.action_mailer.default_url_options = { host: Rails.application.secrets.server_name } config.action_mailer.asset_host = "https://#{Rails.application.secrets.server_name}" - # SMTP configuration to deliver emails - # Uncomment the following block of code and add your SMTP service credentials - # config.action_mailer.delivery_method = :smtp - # config.action_mailer.smtp_settings = { - # address: "smtp.example.com", - # port: 587, - # domain: "example.com", - # user_name: "", - # password: "", - # authentication: "plain", - # enable_starttls_auto: true } + # Configure your SMTP service credentials in secrets.yml + if Rails.application.secrets.smtp_settings + config.action_mailer.delivery_method = Rails.application.secrets.mailer_delivery_method || :smtp + config.action_mailer.smtp_settings = Rails.application.secrets.smtp_settings + end # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). diff --git a/config/initializers/delayed_job_config.rb b/config/initializers/delayed_job_config.rb index 151511dc6..3bcbfa4a1 100644 --- a/config/initializers/delayed_job_config.rb +++ b/config/initializers/delayed_job_config.rb @@ -1,8 +1,11 @@ if Rails.env.test? || Rails.env.development? Delayed::Worker.delay_jobs = false -else +elsif Rails.application.secrets.delay_jobs.nil? Delayed::Worker.delay_jobs = true +else + Delayed::Worker.delay_jobs = Rails.application.secrets.delay_jobs end + Delayed::Worker.destroy_failed_jobs = false Delayed::Worker.sleep_delay = 2 Delayed::Worker.max_attempts = 3 diff --git a/config/secrets.yml.example b/config/secrets.yml.example index 3a8678766..b9f227a46 100644 --- a/config/secrets.yml.example +++ b/config/secrets.yml.example @@ -32,6 +32,8 @@ test: staging: secret_key_base: "" server_name: "" + force_ssl: true + delay_jobs: true rollbar_server_token: "" http_basic_username: "" http_basic_password: "" @@ -44,6 +46,17 @@ staging: preproduction: secret_key_base: "" server_name: "" + # mailer_delivery_method: "smtp" + # smtp_settings: + # address: "smtp.example.com" + # port: 25 + # domain: "your_domain.com" + # user_name: "" + # password: "" + # authentication: "plain" + # enable_starttls_auto: true + force_ssl: true + delay_jobs: true rollbar_server_token: "" http_basic_username: "" http_basic_password: "" @@ -61,6 +74,17 @@ preproduction: production: secret_key_base: "" server_name: "" + # mailer_delivery_method: "smtp" + # smtp_settings: + # address: "smtp.example.com" + # port: 25 + # domain: "your_domain.com" + # user_name: "" + # password: "" + # authentication: "plain" + # enable_starttls_auto: true + force_ssl: true + delay_jobs: true rollbar_server_token: "" http_basic_username: "" http_basic_password: "" diff --git a/lib/tasks/secrets.rake b/lib/tasks/secrets.rake new file mode 100644 index 000000000..25d66d3c3 --- /dev/null +++ b/lib/tasks/secrets.rake @@ -0,0 +1,29 @@ +namespace :secrets do + desc "Add SMTP, SSL and delay jobs settings to secrets.yml" + task smtp_ssl_and_delay_jobs: :environment do + current_settings = { + "mailer_delivery_method" => ActionMailer::Base.delivery_method.to_s, + "smtp_settings" => ActionMailer::Base.smtp_settings.stringify_keys, + "force_ssl" => Rails.application.config.force_ssl, + "delay_jobs" => Delayed::Worker.delay_jobs + } + + settings_to_add = current_settings.select do |name, _| + Rails.application.secrets[name].nil? + end + + exit if settings_to_add.empty? + + secrets = Rails.application.config.paths["config/secrets"].first + stream = Psych.parse_stream(File.read(secrets)) + nodes = stream.children.first.children.first + + environment_index = nodes.children.index do |child| + child.is_a?(Psych::Nodes::Scalar) && child.value == Rails.env + end + + nodes.children[environment_index + 1].children.push(*Psych.parse(settings_to_add.to_yaml).children.first.children) + + File.open(secrets, "w") { |file| file.write stream.to_yaml } + end +end