From d3e9a4de34c6d0860b9453170c80386ca12cbc57 Mon Sep 17 00:00:00 2001 From: Ridwan Olawumi Date: Mon, 4 Nov 2024 18:00:48 +0100 Subject: [PATCH] Changed the deployment workflow to use the staging environment --- .env.obstracts-web | 7 ++- .github/workflows/deploy-image-production.yml | 40 ++++++++++++- .github/workflows/deploy-image-staging.yml | 40 ++++++++++++- Dockerfile | 1 + Dockerfile.deploy | 58 +++++++++++++++++++ 5 files changed, 141 insertions(+), 5 deletions(-) create mode 100644 Dockerfile.deploy diff --git a/.env.obstracts-web b/.env.obstracts-web index 101983c..f35bda7 100644 --- a/.env.obstracts-web +++ b/.env.obstracts-web @@ -1,6 +1,6 @@ #django settings -DJANGO_SECRET= -DJANGO_DEBUG= +DJANGO_SECRET=insecure_django_secret +DJANGO_DEBUG=True #celery settings CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=1 @@ -14,6 +14,7 @@ BIN_LIST_API_KEY= OPENAI_API_KEY= OPENAI_MODEL= INPUT_TOKEN_LIMIT= +INPUT_TOKEN_LIMIT= # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS @@ -34,4 +35,4 @@ R2_ENDPOINT_URL= R2_BUCKET_NAME= R2_ACCESS_KEY= R2_SECRET_KEY= -R2_CUSTOM_DOMAIN= +R2_CUSTOM_DOMAIN= \ No newline at end of file diff --git a/.github/workflows/deploy-image-production.yml b/.github/workflows/deploy-image-production.yml index 39241b4..bb7787f 100644 --- a/.github/workflows/deploy-image-production.yml +++ b/.github/workflows/deploy-image-production.yml @@ -15,7 +15,7 @@ env: jobs: build-and-push-image: runs-on: ubuntu-latest - environment: obstracts_production + environment: obstracts_web_production permissions: contents: read packages: write @@ -40,12 +40,50 @@ jobs: uses: docker/build-push-action@v6 with: context: . + file: ./Dockerfile.deploy push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} visibility: private build-args: | MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }} + #django settings + DJANGO_SECRET=${{ secrets.DJANGO_SECRET }} + DJANGO_DEBUG=${{ secrets.DJANGO_DEBUG }} + + #celery settings + CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${{ secrets.CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP }} + # obstracts settings + MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }} + DEFAULT_PAGE_SIZE=${{ secrets.DEFAULT_PAGE_SIZE }} + + # txt2stix settings + BIN_LIST_API_KEY=${{ secrets.BIN_LIST_API_KEY }} + OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} + OPENAI_MODEL=${{ secrets.OPENAI_MODEL }} + INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }} + INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }} + + # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS + + CTIBUTLER_HOST=${{ secrets.CTIBUTLER_HOST }} + CTIBUTLER_APIKEY=${{ secrets.CTIBUTLER_APIKEY }} + + # VULMATCH FOR CVE AND CPE LOOKUPS + VULMATCH_HOST=${{ secrets.VULMATCH_HOST }} + VULMATCH_APIKEY=${{ secrets.VULMATCH_APIKEY }} + + # file2txt settings + GOOGLE_VISION_API_KEY=${{ secrets.GOOGLE_VISION_API_KEY }} + MARKER_API_KEY=${{ secrets.MARKER_API_KEY }} + + # R2 storage configuration + USE_S3_STORAGE=${{ secrets.USE_S3_STORAGE }}1 + R2_ENDPOINT_URL=${{ secrets.R2_ENDPOINT_URL }} + R2_BUCKET_NAME=${{ secrets.R2_BUCKET_NAME }} + R2_ACCESS_KEY=${{ secrets.R2_ACCESS_KEY }} + R2_SECRET_KEY=${{ secrets.R2_SECRET_KEY }} + R2_CUSTOM_DOMAIN=${{ secrets.R2_CUSTOM_DOMAIN }} - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: diff --git a/.github/workflows/deploy-image-staging.yml b/.github/workflows/deploy-image-staging.yml index ab968b8..0fc5718 100644 --- a/.github/workflows/deploy-image-staging.yml +++ b/.github/workflows/deploy-image-staging.yml @@ -16,7 +16,7 @@ env: jobs: build-and-push-image: runs-on: ubuntu-latest - environment: obstracts_staging # Specify the GitHub environment here + environment: obstracts_web_staging # Specify the GitHub environment here # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. permissions: contents: read @@ -43,12 +43,50 @@ jobs: uses: docker/build-push-action@v6 with: context: . + file: ./Dockerfile.deploy push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} visibility: private build-args: | MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }} + #django settings + DJANGO_SECRET=${{ secrets.DJANGO_SECRET }} + DJANGO_DEBUG=${{ secrets.DJANGO_DEBUG }} + + #celery settings + CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${{ secrets.CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP }} + # obstracts settings + MAX_PAGE_SIZE=${{ secrets.MAX_PAGE_SIZE }} + DEFAULT_PAGE_SIZE=${{ secrets.DEFAULT_PAGE_SIZE }} + + # txt2stix settings + BIN_LIST_API_KEY=${{ secrets.BIN_LIST_API_KEY }} + OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} + OPENAI_MODEL=${{ secrets.OPENAI_MODEL }} + INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }} + INPUT_TOKEN_LIMIT=${{ secrets.INPUT_TOKEN_LIMIT }} + + # CTIBUTLER FOR ATT&CK, CAPEC, CWE, ATLAS, AND LOCATION LOOKUPS + + CTIBUTLER_HOST=${{ secrets.CTIBUTLER_HOST }} + CTIBUTLER_APIKEY=${{ secrets.CTIBUTLER_APIKEY }} + + # VULMATCH FOR CVE AND CPE LOOKUPS + VULMATCH_HOST=${{ secrets.VULMATCH_HOST }} + VULMATCH_APIKEY=${{ secrets.VULMATCH_APIKEY }} + + # file2txt settings + GOOGLE_VISION_API_KEY=${{ secrets.GOOGLE_VISION_API_KEY }} + MARKER_API_KEY=${{ secrets.MARKER_API_KEY }} + + # R2 storage configuration + USE_S3_STORAGE=${{ secrets.USE_S3_STORAGE }}1 + R2_ENDPOINT_URL=${{ secrets.R2_ENDPOINT_URL }} + R2_BUCKET_NAME=${{ secrets.R2_BUCKET_NAME }} + R2_ACCESS_KEY=${{ secrets.R2_ACCESS_KEY }} + R2_SECRET_KEY=${{ secrets.R2_SECRET_KEY }} + R2_CUSTOM_DOMAIN=${{ secrets.R2_CUSTOM_DOMAIN }} - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: diff --git a/Dockerfile b/Dockerfile index ec4e7d5..5967502 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,6 @@ FROM python:3.11 ENV PYTHONUNBUFFERED=1 + WORKDIR /usr/src/app COPY requirements.txt ./ RUN pip install -r requirements.txt diff --git a/Dockerfile.deploy b/Dockerfile.deploy new file mode 100644 index 0000000..a7e04cd --- /dev/null +++ b/Dockerfile.deploy @@ -0,0 +1,58 @@ +FROM python:3.11 +ENV PYTHONUNBUFFERED=1 + +# Arguments +ARG EMAIL_HOST_USER= +ARG DJANGO_SECRET= +ARG DJANGO_DEBUG= +ARG CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP= +ARG MAX_PAGE_SIZE= +ARG DEFAULT_PAGE_SIZE= +ARG BIN_LIST_API_KEY= +ARG OPENAI_API_KEY= +ARG OPENAI_MODEL= +ARG INPUT_TOKEN_LIMIT= +ARG INPUT_TOKEN_LIMIT= +ARG CTIBUTLER_HOST= +ARG CTIBUTLER_APIKEY= +ARG VULMATCH_HOST= +ARG VULMATCH_APIKEY= +ARG GOOGLE_VISION_API_KEY= +ARG MARKER_API_KEY= +ARG USE_S3_STORAGE= +ARG R2_ENDPOINT_URL= +ARG R2_BUCKET_NAME= +ARG R2_ACCESS_KEY= +ARG R2_SECRET_KEY= +ARG R2_CUSTOM_DOMAIN= + +# Set environment variables +ENV DJANGO_SECRET=${DJANGO_SECRET} +ENV DJANGO_DEBUG=${DJANGO_DEBUG} +ENV CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP=${CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP} +ENV MAX_PAGE_SIZE=${MAX_PAGE_SIZE} +ENV DEFAULT_PAGE_SIZE=${DEFAULT_PAGE_SIZE} +ENV BIN_LIST_API_KEY=${BIN_LIST_API_KEY} +ENV OPENAI_API_KEY=${OPENAI_API_KEY} +ENV OPENAI_MODEL=${OPENAI_MODEL} +ENV INPUT_TOKEN_LIMIT=${INPUT_TOKEN_LIMIT} +ENV CTIBUTLER_HOST=${CTIBUTLER_HOST} +ENV CTIBUTLER_APIKEY=${CTIBUTLER_APIKEY} +ENV VULMATCH_HOST=${VULMATCH_HOST} +ENV VULMATCH_APIKEY=${VULMATCH_APIKEY} +ENV GOOGLE_VISION_API_KEY=${GOOGLE_VISION_API_KEY} +ENV USE_S3_STORAGE=${USE_S3_STORAGE} +ENV MARKER_API_KEY=${MARKER_API_KEY} +ENV R2_ENDPOINT_URL=${R2_ENDPOINT_URL} +ENV R2_BUCKET_NAME=${R2_BUCKET_NAME} +ENV R2_ACCESS_KEY=${R2_ACCESS_KEY} +ENV R2_CUSTOM_DOMAIN=${R2_CUSTOM_DOMAIN} + + + +WORKDIR /usr/src/app +COPY requirements.txt ./ +RUN pip install -r requirements.txt + +COPY . /usr/src/app +RUN pip install https://github.com/muchdogesec/dogesec_commons/releases/download/main-2024-11-01/dogesec_commons-0.0.1b0-py3-none-any.whl \ No newline at end of file