Merge pull request #81 from sonatype-nexus-community/feat/environment…

…-path-pem feat: make location of `the-cla.pem` configurable via environment variable
sonatype-nexus-community · Jul 11, 2024 · 80934e8 · 80934e8
2 parents dd7841f + 0f3c714
commit 80934e8
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 6 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,9 +6,6 @@ on:
     pull_request:
         paths-ignore:
             - 'README.md'
-    push:
-        paths-ignore:
-            - 'README.md'
 
 # Testing only needs permissions to read the repository contents.
 permissions:

diff --git a/README.md b/README.md
@@ -167,6 +167,7 @@ GH_WEBHOOK_SECRET=totallysecret
 GH_APP_ID=1337
 INFO_USERNAME=theInfoUsername
 INFO_PASSWORD=theInfoPassword
+CLA_PEM_FILE=/path/to/the-cla.pem
 ```
 
 The important things to update are:
@@ -181,6 +182,7 @@ The important things to update are:
 - `SSL_MODE=disable` - this only exists to enable local development with a local database. Remove this setting for deployment to AWS.
 - `INFO_USERNAME` - the username to access the "info" endpoint, e.g. to check if a particular login has signed the cla.
 - `INFO_PASSWORD` - the password to access the "info" endpoint, e.g. to check if a particular login has signed the cla.
+- `CLA_PEM_FILE` - Path to `the-cla.pem` (optional - defaults to just `the-cla.pem` if not defined)
 
 Since these are all environment variables, you can just set them that way if you prefer, but it's important these variables are available at build time, as we inject these into the React code, which is honestly pretty sweet!
 

diff --git a/github/github.go b/github/github.go
@@ -22,21 +22,31 @@ package github
 import (
 	"context"
 	"fmt"
-	"go.uber.org/zap"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 
+	"go.uber.org/zap"
+
 	"github.com/bradleyfalzon/ghinstallation/v2"
 	"github.com/google/go-github/v42/github"
 	"github.com/sonatype-nexus-community/the-cla/db"
 	"github.com/sonatype-nexus-community/the-cla/types"
 	webhook "gopkg.in/go-playground/webhooks.v5/github"
 )
 
-const FilenameTheClaPem string = "the-cla.pem"
+func getpemlocation() string {
+	fromenv := os.Getenv("CLA_PEM_FILE")
+	if len(fromenv) == 0 {
+		return "the-cla.pem"
+	}
+	return fromenv
+}
+
+var FilenameTheClaPem string = getpemlocation()
+
 const EnvGhAppId = "GH_APP_ID"
 
 // RepositoriesService handles communication with the repository related methods

diff --git a/main.tf b/main.tf
@@ -75,10 +75,15 @@ resource "kubernetes_deployment" "the_cla" {
 
       spec {
         container {
-          image             = "sonatypecommunity/the-cla:latest"
+          image             = "sonatypecommunity/the-cla:v0.0.3"
           name              = "the-cla"
           image_pull_policy = "IfNotPresent"
 
+          env {
+            name = "CLA_PEM_FILE"
+            value = "/the-cla-secrets/the-cla.pem"
+          }
+
           env {
             name = "GITHUB_CLIENT_SECRET"
             value_from {