stripe secrets sopelling

.github/workflows/stripe-to-invoice.yml

@@ -113,7 +113,7 @@ jobs:
             --from-literal=DATABASE_URL="$DATABASE_URL" \
             --dry-run=client -o yaml | kubectl apply -f -
   
-      - name: Apply Stripe secrets
+      - name: Apply Next env/secrets
         run: |
           set -e
           set -a
@@ -123,16 +123,30 @@ jobs:
           if [[ "$ENV" == "prod" ]]; then
             STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY"
             STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID"
+            APP_URL=$PROD_APP_URL
+            AWS_REGION=$PROD_AWS_REGION
+            AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID
+            AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY
+            SES_FROM_EMAIL=$PROD_SES_FROM_EMAIL
           else
             STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
             STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
+            APP_URL=$DEV_APP_URL
+            AWS_REGION=$DEV_AWS_REGION
+            AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID
+            AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY
+            SES_FROM_EMAIL=$DEV_SES_FROM_EMAIL
           fi
-
           : "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}"
           : "${STRIPE_CLIENT_ID:?missing STRIPE_CLIENT_ID}"
           : "${NAMESPACE:?missing NAMESPACE}"
+          : "${APP_URL:?missing APP_URL}"
+          : "${AWS_REGION:?missing AWS_REGION}"
+          : "${AWS_ACCESS_KEY_ID:?missing AWS_ACCESS_KEY_ID}"
+          : "${AWS_SECRET_ACCESS_KEY:?missing AWS_SECRET_ACCESS_KEY}"
+          : "${SES_FROM_EMAIL:?missing SES_FROM_EMAIL}"
 
-          export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE
+          export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE APP_URL AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY SES_FROM_EMAIL
 
           envsubst < stripe_to_invoice/deployment/secrets/stripe-secrets.yaml \
             | kubectl apply -f -

db/atlas/atlas.hcl

@@ -7,7 +7,7 @@ env "stripe_invoice_dev" {
 }
 
 env "stripe_invoice_prod" {
-  url = "postgres://${getenv("POSTGRES_USER")}:${getenv("POSTGRES_PASSWORD")}@postgres-prod.default.svc.cluster.local:5432/stripe_invoice_prod?sslmode=disable"
+  url = "postgres://${getenv("POSTGRES_USER")}:${getenv("POSTGRES_PASSWORD")}@postgres-prod.default.svc.cluster.local:5432/stripe_invoice?sslmode=disable"
 
 
   migration {

db/k8s/backups/pg-backup-cronjob.yaml

@@ -53,7 +53,7 @@ spec:
                   pg_dump \
                     -h postgres-prod.default.svc.cluster.local \
                     -U $POSTGRES_USER \
-                    stripe_invoice_prod \
+                    stripe_invoice \
                   | gzip \
                   | aws s3 cp - s3://$S3_BUCKET/prod/stripe_invoice/$(date +%F).sql.gz
               envFrom:

db/k8s/migrations/stripe-to-invoice-dev-migrate.yaml

@@ -10,7 +10,7 @@
 #         - name: atlas
 #           image: arigaio/atlas:latest
 #           command: ["/atlas"]
-#           args: ["migrate", "apply", "--env", "stripe_invoice_dev"]
+#           args: ["migrate", "apply", "--env", "stripe_invoice"]
 #           envFrom:
 #             - secretRef:
 #                 name: postgres-secret

db/k8s/migrations/stripe-to-invoice-prod-migrate.yaml

@@ -9,7 +9,7 @@
 #       containers:
 #         - name: atlas
 #           image: arigaio/atlas:latest
-#           command: ["migrate", "apply", "--env", "stripe_invoice_prod"]
+#           command: ["migrate", "apply", "--env", "stripe_invoice"]
 #           envFrom:
 #             - secretRef:
 #                 name: postgres-secret

stripe_to_invoice/deployment/deployment.yaml

@@ -46,6 +46,38 @@ spec:
                   name: stripe-secrets
                   key: STRIPE_CLIENT_ID
 
+            # ---- App ----
+            - name: APP_URL
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: APP_URL
+
+            # ---- AWS / SES ----
+            - name: AWS_REGION
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: AWS_REGION
+
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: AWS_ACCESS_KEY_ID
+
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: AWS_SECRET_ACCESS_KEY
+
+            - name: SES_FROM_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: stripe-secrets
+                  key: SES_FROM_EMAIL
+
       imagePullSecrets:
         - name: registrypullsecret
 

stripe_to_invoice/deployment/secrets/.env

@@ -1,6 +1,19 @@
 # Test mode for deployment
 DEV_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
 DEV_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
+DEV_APP_URL=stripe-to-invoice.dev.juntekim.com
+DEV_AWS_REGION=eu-west-2
+DEV_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
+DEV_AWS_SECRET_ACCESS_KEY=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
+DEV_SES_FROM_EMAIL=no-reply@juntekim.com
 
+
+# Prod
 PROD_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
 PROD_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
+PROD_APP_URL=stripe-to-invoice.juntekim.com
+PROD_AWS_REGION=eu-west-2
+PROD_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
+PROD_AWS_SECRET_ACCESS_KEY=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
+PROD_SES_FROM_EMAIL=no-reply@juntekim.com
+

stripe_to_invoice/deployment/secrets/stripe-secrets.yaml

@@ -7,3 +7,8 @@ type: Opaque
 stringData:
   STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
   STRIPE_CLIENT_ID: ${STRIPE_CLIENT_ID}
+  APP_URL: ${APP_URL}
+  AWS_REGION: ${AWS_REGION}
+  AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
+  AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
+  SES_FROM_EMAIL: ${SES_FROM_EMAIL}