Merge pull request #417 from brickbox-io/env_settings

.github/workflows/Dajango.yml

@@ -17,13 +17,31 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      # Step 1, add the IP address
-      - name: Add IP address to trusted source (managed database)
+      - name: Step 0 | Set Environment Variables
+        run: |
+          echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> $GITHUB_ENV
+          echo "SOCIAL_AUTH_GOOGLE_client_id=${{ secrets.SOCIAL_AUTH_GOOGLE_client_id }}" >> $GITHUB_ENV
+          echo "SOCIAL_AUTH_GOOGLE_secret=${{ secrets.SOCIAL_AUTH_GOOGLE_secret }}" >> $GITHUB_ENV
+          echo "DEBUG_DB_PASSWORD=${{ secrets.DEBUG_DB_PASSWORD }}" >> $GITHUB_ENV
+          echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $GITHUB_ENV
+          echo "TEST_DB_PASSWORD=${{ secrets.TEST_DB_PASSWORD }}" >> $GITHUB_ENV
+          echo "EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" >> $GITHUB_ENV
+          echo "STRIPE_CLIENT_ID_TEST=${{ secrets.STRIPE_CLIENT_ID_TEST }}" >> $GITHUB_ENV
+          echo "STRIPE_SECRET_KEY_TEST=${{ secrets.STRIPE_SECRET_KEY_TEST }}" >> $GITHUB_ENV
+          echo "STRIPE_PUBLISHABLE_KEY_TEST=${{ secrets.STRIPE_PUBLISHABLE_KEY_TEST }}" >> $GITHUB_ENV
+          echo "STRIPE_CLIENT_ID=${{ secrets.STRIPE_CLIENT_ID }}" >> $GITHUB_ENV
+          echo "STRIPE_SECRET_KEY=${{ secrets.STRIPE_SECRET_KEY }}" >> $GITHUB_ENV
+          echo "STRIPE_PUBLISHABLE_KEY=${{ secrets.STRIPE_PUBLISHABLE_KEY }}" >> $GITHUB_ENV
+          echo "DO_SPACES_KEY=${{ secrets.DO_SPACES_KEY }}" >> $GITHUB_ENV
+          echo "DO_SPACES_SECRET=${{ secrets.DO_SPACES_SECRET }}" >> $GITHUB_ENV
+          echo "root_password=${{ secrets.root_password }}" >> $GITHUB_ENV
+
+      - name: Step 1 | Add IP address to trusted source (managed database)
         uses: GarreauArthur/manage-digital-ocean-managed-database-trusted-sources-gh-action@main
         with:
           action: "add"
           database_id: 3ece3463-8ce9-4bb2-9362-f6b3fd8e4c42
-          digitalocean_token: aad056c20d6d9da0beadbf3028abc712fda675cadbe1b651e1b155736de45bd7
+          digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}
 
       # Step 2, do whatever you need to do with you database
       - uses: actions/checkout@v3
@@ -53,4 +71,4 @@ jobs:
         with:
           action: "remove"
           database_id: 3ece3463-8ce9-4bb2-9362-f6b3fd8e4c42
-          digitalocean_token: aad056c20d6d9da0beadbf3028abc712fda675cadbe1b651e1b155736de45bd7
+          digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}

.github/workflows/ci.yml

@@ -75,7 +75,7 @@ jobs:
         with:
           action: "add"
           database_id: 3ece3463-8ce9-4bb2-9362-f6b3fd8e4c42
-          digitalocean_token: aad056c20d6d9da0beadbf3028abc712fda675cadbe1b651e1b155736de45bd7
+          digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}
 
       - uses: actions/checkout@v3
         with:
@@ -138,4 +138,4 @@ jobs:
         with:
           action: "remove"
           database_id: 3ece3463-8ce9-4bb2-9362-f6b3fd8e4c42
-          digitalocean_token: aad056c20d6d9da0beadbf3028abc712fda675cadbe1b651e1b155736de45bd7
+          digitalocean_token: ${{ secrets.DIGITALOCEAN_TOKEN }}

.gitignore

@@ -2,6 +2,7 @@
 brickbox-env/*
 bbenv/*
 env/*
+.env
 
 # python
 */__pycache__/*

bb_tasks/tasks/system.py

@@ -1,10 +1,15 @@
 ''' Tasks that support overall system operations. '''
 
 from celery import shared_task
+import environ
+
 import box
 
 from bb_vm.models import GPU, BackgroundTask, RentedGPU
 
+# Environment variables
+env = environ.Env()
+environ.Env.read_env()
 
 @shared_task
 def prepare_gpu_background_task():
@@ -20,7 +25,7 @@ def prepare_gpu_background_task():
             background_brick.user_data = BackgroundTask.objects.all().order_by('-id')[0].script
 
             background_brick.create(base_image="base_os-1")
-            background_brick.set_root_password(password='r0flduqu')
+            background_brick.set_root_password(password=env('root_password'))
             background_brick.attach_gpu(xml_data=f'{str(gpu.xml)}')
             background_brick.toggle_state(set_state='on')
 

brickbox/settings.py

@@ -2,6 +2,11 @@
 
 import os
 import sys
+import environ
+
+# Environment variables
+env = environ.Env()
+environ.Env.read_env()
 
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
@@ -11,7 +16,7 @@
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '*k*!&5jkh4%)5$y&g48l9msx+mnzuto5cld*%y92krq*&5uo)c'
+SECRET_KEY = env('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True
@@ -146,8 +151,8 @@
             'email',
         ],
         'APP': {
-            'client_id': '918414840239-qljh31euklmcem5ec7s72a726r3aofsr.apps.googleusercontent.com',
-            'secret': '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',
+            'client_id': env('SOCIAL_AUTH_GOOGLE_client_id'),
+            'secret': env('SOCIAL_AUTH_GOOGLE_secret'),
             'key': ''
         }
     }
@@ -163,19 +168,19 @@
 if DEBUG:
     DB_NAME = 'debug-brickbox-db'
     DB_USER = 'doadmin'
-    DB_PASSWORD = 'dadi8xb2jd71ffx9'
+    DB_PASSWORD = env('DEBUG_DB_PASSWORD')
 else:
     DB_NAME = 'brickbox-db'
     DB_USER = 'doadmin'
-    DB_PASSWORD = 'dadi8xb2jd71ffx9'
+    DB_PASSWORD = env('DB_PASSWORD')
 
 if 'test' in sys.argv:
     DATABASES = {
         'default': {
             'ENGINE': 'django.db.backends.postgresql_psycopg2',
             'NAME': 'brickbox-ci',
             'USER': 'GitHub-Action',
-            'PASSWORD': '4kXOjCvhh5a3wWV7',
+            'PASSWORD': env('TEST_DB_PASSWORD'),
             'HOST': 'brickbox-db-postgresql-do-user-9465762-0.b.db.ondigitalocean.com',
             'PORT': '25060',
             'TEST': {'NAME': 'brickbox-ci'},
@@ -288,9 +293,9 @@
 EMAIL_USE_TLS = True
 
 if DEBUG:
-    EMAIL_HOST_PASSWORD = 'r0flduqu' #Secure Single App Password
+    EMAIL_HOST_PASSWORD = env('EMAIL_PASSWORD') #Secure Single App Password
 else:
-    EMAIL_HOST_PASSWORD = 'r0flduqu'
+    EMAIL_HOST_PASSWORD = env('EMAIL_PASSWORD')
 
 PASSWORD_RESET_MAIL_FROM_USER = 'info@brickbox.io'    #CRM
 
@@ -398,19 +403,19 @@
 # ---------------------------------------------------------------------------- #
 
 # ----------------------- Stripe Debug/Test Credentials ---------------------- #
-CLIENT_ID_TEST = 'ca_KbUZTFe8KqC56Ngh7b4hQUBu0fifyban'
+CLIENT_ID_TEST = env('STRIPE_CLIENT_ID_TEST')
 
-STRIPE_SECRET_KEY_TEST = 'sk_test_51Jb9T1AFJmW5oMdbI6NszFIEwIHNynAa1pHqeUkBRMWAqFUj2XguaLzfFqspuarRB5uqVZPuFkyDb4f5k7WuJ3EE00OqwKdoI4' # pylint: disable=line-too-long
+STRIPE_SECRET_KEY_TEST = env('STRIPE_SECRET_KEY_TEST')
 
-STRIPE_PUBLISHABLE_KEY_TEST = 'pk_test_51Jb9T1AFJmW5oMdbOtpNv8mEKgXZZjdVScjhh1l7wMJ4h2UynWpnIl1tlsmX0Hgt33lE8hyoiKer85GgfHnNjagK00aZMtPtzX' # pylint: disable=line-too-long
+STRIPE_PUBLISHABLE_KEY_TEST = env('STRIPE_PUBLISHABLE_KEY_TEST')
 
 # ---------------------------- Stripe Credentials ---------------------------- #
-CLIENT_ID = 'ca_KbUZatPIraDbaExd7VA0jkTR6Cb2et76'
+CLIENT_ID = env('STRIPE_CLIENT_ID')
 
-STRIPE_SECRET_KEY = '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' # pylint: disable=line-too-long
+STRIPE_SECRET_KEY = env('STRIPE_SECRET_KEY')
 
-STRIPE_PUBLISHABLE_KEY = 'pk_live_51Jb9T1AFJmW5oMdb3WcUDAIySK9NYUmd3JrP4rb7NvDupmnM8HfVYdpWHxoNf1HFLcwTAcXGmM23D9VKjfu2vTnz00LAAcLjtx' # pylint: disable=line-too-long
+STRIPE_PUBLISHABLE_KEY = env('STRIPE_PUBLISHABLE_KEY')
 
 # ---------------------- DigitalOcean Spaces Credentials --------------------- #
-DO_SPACES_KEY = 'OU6N4IAG7LSM7B7SZHM7'
-DO_SPACES_SECRET = 'Rx93aM8pMDXOh8IKtPFIJv5egFg8/Gbqr1AEtA7XUr0'
+DO_SPACES_KEY = env('DO_SPACES_KEY')
+DO_SPACES_SECRET = env('DO_SPACES_SECRET')

requirements.txt

@@ -9,6 +9,7 @@ djangorestframework>=3.12.4
 django-allauth>=0.46.0
 django-csp>=3.7
 django-DevOps>=0.2.5
+django-environ>=0.3.1
 django-filter>=21.1
 django-health-check>=3.16.4
 django-oauth-toolkit>=1.5.0