Merge pull request #1 from muchdogesec/env-arguments1

Changed the deployment workflow to use the staging environment
muchdogesec · Nov 5, 2024 · 9b5bee6 · 9b5bee6
2 parents 54440dd + d3e9a4d
commit 9b5bee6
Show file tree

Hide file tree

Showing 5 changed files with 141 additions and 5 deletions.
diff --git a/.env.obstracts-web b/.env.obstracts-web
@@ -1,6 +1,6 @@
 #django settings
-DJANGO_SECRET=
-DJANGO_DEBUG=
+DJANGO_SECRET=insecure_django_secret
+DJANGO_DEBUG=True
 
 #celery settings
 CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=1
@@ -14,6 +14,7 @@ BIN_LIST_API_KEY=
 OPENAI_API_KEY=
 OPENAI_MODEL=
 INPUT_TOKEN_LIMIT=
+INPUT_TOKEN_LIMIT=
 
 # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS
 
@@ -34,4 +35,4 @@ R2_ENDPOINT_URL=
 R2_BUCKET_NAME=
 R2_ACCESS_KEY=
 R2_SECRET_KEY= 
-R2_CUSTOM_DOMAIN=
+R2_CUSTOM_DOMAIN=
diff --git a/.github/workflows/deploy-image-production.yml b/.github/workflows/deploy-image-production.yml
@@ -15,7 +15,7 @@ env:
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
-    environment: obstracts_production
+    environment: obstracts_web_production
     permissions:
       contents: read
       packages: write
@@ -40,12 +40,50 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          file: ./Dockerfile.deploy
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           visibility: private
           build-args: |
             MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }}
+            #django settings
+            DJANGO_SECRET=${{ secrets.DJANGO_SECRET }}
+            DJANGO_DEBUG=${{ secrets.DJANGO_DEBUG }}
+
+            #celery settings
+            CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${{ secrets.CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP }}
+            # obstracts settings
+            MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }}
+            DEFAULT_PAGE_SIZE=${{ secrets.DEFAULT_PAGE_SIZE }}
+
+            # txt2stix settings
+            BIN_LIST_API_KEY=${{ secrets.BIN_LIST_API_KEY }}
+            OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
+            OPENAI_MODEL=${{ secrets.OPENAI_MODEL }}
+            INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }}
+            INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }}
+
+            # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS
+
+            CTIBUTLER_HOST=${{ secrets.CTIBUTLER_HOST }}
+            CTIBUTLER_APIKEY=${{ secrets.CTIBUTLER_APIKEY }}
+
+            # VULMATCH FOR CVE AND CPE LOOKUPS
+            VULMATCH_HOST=${{ secrets.VULMATCH_HOST }}
+            VULMATCH_APIKEY=${{ secrets.VULMATCH_APIKEY }}
+
+            # file2txt settings
+            GOOGLE_VISION_API_KEY=${{ secrets.GOOGLE_VISION_API_KEY }}
+            MARKER_API_KEY=${{ secrets.MARKER_API_KEY }}
+
+            # R2 storage configuration
+            USE_S3_STORAGE=${{ secrets.USE_S3_STORAGE }}1
+            R2_ENDPOINT_URL=${{ secrets.R2_ENDPOINT_URL }}
+            R2_BUCKET_NAME=${{ secrets.R2_BUCKET_NAME }}
+            R2_ACCESS_KEY=${{ secrets.R2_ACCESS_KEY }}
+            R2_SECRET_KEY=${{ secrets.R2_SECRET_KEY }} 
+            R2_CUSTOM_DOMAIN=${{ secrets.R2_CUSTOM_DOMAIN }}
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:

diff --git a/.github/workflows/deploy-image-staging.yml b/.github/workflows/deploy-image-staging.yml
@@ -16,7 +16,7 @@ env:
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
-    environment: obstracts_staging # Specify the GitHub environment here
+    environment: obstracts_web_staging # Specify the GitHub environment here
     # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
     permissions:
       contents: read
@@ -43,12 +43,50 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          file: ./Dockerfile.deploy
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           visibility: private
           build-args: |
             MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }}
+            #django settings
+            DJANGO_SECRET=${{ secrets.DJANGO_SECRET }}
+            DJANGO_DEBUG=${{ secrets.DJANGO_DEBUG }}
+
+            #celery settings
+            CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${{ secrets.CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP }}
+            # obstracts settings
+            MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }}
+            DEFAULT_PAGE_SIZE=${{ secrets.DEFAULT_PAGE_SIZE }}
+
+            # txt2stix settings
+            BIN_LIST_API_KEY=${{ secrets.BIN_LIST_API_KEY }}
+            OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
+            OPENAI_MODEL=${{ secrets.OPENAI_MODEL }}
+            INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }}
+            INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }}
+
+            # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS
+
+            CTIBUTLER_HOST=${{ secrets.CTIBUTLER_HOST }}
+            CTIBUTLER_APIKEY=${{ secrets.CTIBUTLER_APIKEY }}
+
+            # VULMATCH FOR CVE AND CPE LOOKUPS
+            VULMATCH_HOST=${{ secrets.VULMATCH_HOST }}
+            VULMATCH_APIKEY=${{ secrets.VULMATCH_APIKEY }}
+
+            # file2txt settings
+            GOOGLE_VISION_API_KEY=${{ secrets.GOOGLE_VISION_API_KEY }}
+            MARKER_API_KEY=${{ secrets.MARKER_API_KEY }}
+
+            # R2 storage configuration
+            USE_S3_STORAGE=${{ secrets.USE_S3_STORAGE }}1
+            R2_ENDPOINT_URL=${{ secrets.R2_ENDPOINT_URL }}
+            R2_BUCKET_NAME=${{ secrets.R2_BUCKET_NAME }}
+            R2_ACCESS_KEY=${{ secrets.R2_ACCESS_KEY }}
+            R2_SECRET_KEY=${{ secrets.R2_SECRET_KEY }} 
+            R2_CUSTOM_DOMAIN=${{ secrets.R2_CUSTOM_DOMAIN }}
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1
         with:

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,6 @@
 FROM python:3.11
 ENV PYTHONUNBUFFERED=1
+
 WORKDIR /usr/src/app
 COPY requirements.txt ./
 RUN pip install -r requirements.txt

diff --git a/Dockerfile.deploy b/Dockerfile.deploy
@@ -0,0 +1,58 @@
+FROM python:3.11
+ENV PYTHONUNBUFFERED=1
+
+# Arguments
+ARG EMAIL_HOST_USER=
+ARG DJANGO_SECRET=
+ARG DJANGO_DEBUG=
+ARG CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=
+ARG MAX_PAGE_SIZE=
+ARG DEFAULT_PAGE_SIZE=
+ARG BIN_LIST_API_KEY=
+ARG OPENAI_API_KEY=
+ARG OPENAI_MODEL=
+ARG INPUT_TOKEN_LIMIT=
+ARG INPUT_TOKEN_LIMIT=
+ARG CTIBUTLER_HOST=
+ARG CTIBUTLER_APIKEY=
+ARG VULMATCH_HOST=
+ARG VULMATCH_APIKEY=
+ARG GOOGLE_VISION_API_KEY=
+ARG MARKER_API_KEY=
+ARG USE_S3_STORAGE=
+ARG R2_ENDPOINT_URL=
+ARG R2_BUCKET_NAME=
+ARG R2_ACCESS_KEY=
+ARG R2_SECRET_KEY= 
+ARG R2_CUSTOM_DOMAIN=
+
+# Set environment variables
+ENV DJANGO_SECRET=${DJANGO_SECRET}
+ENV DJANGO_DEBUG=${DJANGO_DEBUG}
+ENV CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP}
+ENV MAX_PAGE_SIZE=${MAX_PAGE_SIZE}
+ENV DEFAULT_PAGE_SIZE=${DEFAULT_PAGE_SIZE}
+ENV BIN_LIST_API_KEY=${BIN_LIST_API_KEY}
+ENV OPENAI_API_KEY=${OPENAI_API_KEY}
+ENV OPENAI_MODEL=${OPENAI_MODEL}
+ENV INPUT_TOKEN_LIMIT=${INPUT_TOKEN_LIMIT}
+ENV CTIBUTLER_HOST=${CTIBUTLER_HOST}
+ENV CTIBUTLER_APIKEY=${CTIBUTLER_APIKEY}
+ENV VULMATCH_HOST=${VULMATCH_HOST}
+ENV VULMATCH_APIKEY=${VULMATCH_APIKEY}
+ENV GOOGLE_VISION_API_KEY=${GOOGLE_VISION_API_KEY}
+ENV USE_S3_STORAGE=${USE_S3_STORAGE}
+ENV MARKER_API_KEY=${MARKER_API_KEY}
+ENV R2_ENDPOINT_URL=${R2_ENDPOINT_URL}
+ENV R2_BUCKET_NAME=${R2_BUCKET_NAME}
+ENV R2_ACCESS_KEY=${R2_ACCESS_KEY}
+ENV R2_CUSTOM_DOMAIN=${R2_CUSTOM_DOMAIN}
+
+
+
+WORKDIR /usr/src/app
+COPY requirements.txt ./
+RUN pip install -r requirements.txt
+
+COPY . /usr/src/app
+RUN pip install https://github.com/muchdogesec/dogesec_commons/releases/download/main-2024-11-01/dogesec_commons-0.0.1b0-py3-none-any.whl