From 43a18e37a027bdfc3edc19b072e78cf457c410ac Mon Sep 17 00:00:00 2001 From: Stephan D Date: Tue, 11 Nov 2025 18:59:47 +0100 Subject: [PATCH] nootification build --- .woodpecker/notification.yml | 75 +++++++++++ ci/prod/.env.runtime | 17 +++ ci/prod/compose/notification.dockerfile | 43 +++++++ ci/prod/compose/notification.yml | 54 ++++++++ ci/prod/scripts/deploy/notification.sh | 161 ++++++++++++++++++++++++ ci/scripts/notification/build-image.sh | 85 +++++++++++++ ci/scripts/notification/deploy.sh | 68 ++++++++++ 7 files changed, 503 insertions(+) create mode 100644 .woodpecker/notification.yml create mode 100644 ci/prod/compose/notification.dockerfile create mode 100644 ci/prod/compose/notification.yml create mode 100755 ci/prod/scripts/deploy/notification.sh create mode 100755 ci/scripts/notification/build-image.sh create mode 100755 ci/scripts/notification/deploy.sh diff --git a/.woodpecker/notification.yml b/.woodpecker/notification.yml new file mode 100644 index 0000000..db4133c --- /dev/null +++ b/.woodpecker/notification.yml @@ -0,0 +1,75 @@ +matrix: + include: + - NOTIFICATION_IMAGE_PATH: notification/service + NOTIFICATION_DOCKERFILE: ci/prod/compose/notification.dockerfile + NOTIFICATION_MONGO_SECRET_PATH: sendico/db + NOTIFICATION_MAIL_SECRET_PATH: sendico/notification/mail + NOTIFICATION_API_SECRET_PATH: sendico/api/endpoint + NOTIFICATION_ENV: prod + +when: + - event: push + branch: main + +steps: + - name: version + image: alpine:latest + commands: + - set -euo pipefail 2>/dev/null || set -eu + - apk add --no-cache git + - GIT_REV="$(git rev-parse --short HEAD)" + - BUILD_BRANCH="$(git rev-parse --abbrev-ref HEAD)" + - APP_V="$(cat version)" + - BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" + - BUILD_USER="${WOODPECKER_MACHINE:-woodpecker}" + - printf "GIT_REV=%s\nBUILD_BRANCH=%s\nAPP_V=%s\nBUILD_DATE=%s\nBUILD_USER=%s\n" \ + "$GIT_REV" "$BUILD_BRANCH" "$APP_V" "$BUILD_DATE" "$BUILD_USER" | tee .env.version + + - name: proto + image: golang:alpine + depends_on: [ version ] + commands: + - set -eu + - apk add --no-cache bash git build-base protoc protobuf-dev + - go install google.golang.org/protobuf/cmd/protoc-gen-go@latest + - go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest + - export PATH="$(go env GOPATH)/bin:$PATH" + - bash ci/scripts/proto/generate.sh + + - name: secrets + image: alpine:latest + depends_on: [ version ] + environment: + VAULT_ADDR: { from_secret: VAULT_ADDR } + VAULT_ROLE_ID: { from_secret: VAULT_APP_ROLE } + VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID } + commands: + - set -euo pipefail + - apk add --no-cache bash coreutils openssh-keygen curl sed python3 + - mkdir -p secrets + - ./ci/vlt kv_to_file kv ops/deploy/ssh_key private_b64 secrets/SSH_KEY.b64 600 + - base64 -d secrets/SSH_KEY.b64 > secrets/SSH_KEY + - chmod 600 secrets/SSH_KEY + - ssh-keygen -y -f secrets/SSH_KEY >/dev/null + - ./ci/vlt kv_get kv registry user > secrets/REGISTRY_USER + - ./ci/vlt kv_get kv registry password > secrets/REGISTRY_PASSWORD + + - name: build-image + image: gcr.io/kaniko-project/executor:debug + depends_on: [ proto, secrets ] + commands: + - sh ci/scripts/notification/build-image.sh + + - name: deploy + image: alpine:latest + depends_on: [ secrets, build-image ] + environment: + VAULT_ADDR: { from_secret: VAULT_ADDR } + VAULT_ROLE_ID: { from_secret: VAULT_APP_ROLE } + VAULT_SECRET_ID: { from_secret: VAULT_SECRET_ID } + commands: + - set -euo pipefail + - apk add --no-cache bash openssh-client rsync coreutils curl sed python3 + - mkdir -p /root/.ssh + - install -m 600 secrets/SSH_KEY /root/.ssh/id_rsa + - sh ci/scripts/notification/deploy.sh diff --git a/ci/prod/.env.runtime b/ci/prod/.env.runtime index b636292..526d622 100644 --- a/ci/prod/.env.runtime +++ b/ci/prod/.env.runtime @@ -3,9 +3,20 @@ REGISTRY_URL=registry.sendico.io VAULT_ADDR=https://vault.sendico.io MONGO_PORT=27017 +MONGO_HOST=sendico_db1 MONGO_REPLICA_SET=sendico-rs MONGO_AUTH_SOURCE=admin +MONGO_DATABASE=sendico MONGO_ARCH=linux/arm64 +PERMISSION_MODEL=/app/env/permissions_model.conf +PERMISSION_COLLECTION=permissions +PERMISSION_TIMEOUT=5 +PERMISSION_IS_FILTERED=false +AMPLI_ENVIRONMENT=production +API_PROTOCOL=https +SERVICE_HOST=app.sendico.io +API_ENDPOINT=https://app.sendico.io/api +WS_ENDPOINT=wss://app.sendico.io/ws PBM_S3_ENDPOINT=https://s3.sendico.io PBM_S3_REGION=eu-central-1 @@ -87,3 +98,9 @@ PAYMENTS_MONGO_PORT=27017 PAYMENTS_MONGO_DATABASE=payments_orchestrator PAYMENTS_MONGO_AUTH_SOURCE=admin PAYMENTS_MONGO_REPLICA_SET=sendico-rs + +# Notification service +NOTIFICATION_DIR=notification +NOTIFICATION_COMPOSE_PROJECT=sendico-notification +NOTIFICATION_SERVICE_NAME=sendico_notification +NOTIFICATION_HTTP_PORT=8081 diff --git a/ci/prod/compose/notification.dockerfile b/ci/prod/compose/notification.dockerfile new file mode 100644 index 0000000..9f1669b --- /dev/null +++ b/ci/prod/compose/notification.dockerfile @@ -0,0 +1,43 @@ +# syntax=docker/dockerfile:1.7 + +ARG TARGETOS=linux +ARG TARGETARCH=amd64 + +FROM golang:alpine AS build +ARG APP_VERSION=dev +ARG GIT_REV=unknown +ARG BUILD_BRANCH=unknown +ARG BUILD_DATE=unknown +ARG BUILD_USER=ci +ENV GO111MODULE=on +ENV PATH="/go/bin:${PATH}" +WORKDIR /src +COPY . . +RUN apk add --no-cache bash git build-base protoc protobuf-dev \ + && go install google.golang.org/protobuf/cmd/protoc-gen-go@latest \ + && go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest \ + && bash ci/scripts/proto/generate.sh +WORKDIR /src/api/notification +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \ + go build -trimpath -ldflags "\ + -s -w \ + -X github.com/tech/sendico/notification/internal/appversion.Version=${APP_VERSION} \ + -X github.com/tech/sendico/notification/internal/appversion.Revision=${GIT_REV} \ + -X github.com/tech/sendico/notification/internal/appversion.Branch=${BUILD_BRANCH} \ + -X github.com/tech/sendico/notification/internal/appversion.BuildUser=${BUILD_USER} \ + -X github.com/tech/sendico/notification/internal/appversion.BuildDate=${BUILD_DATE}" \ + -o /out/notification . + +FROM alpine:latest AS runtime +RUN apk add --no-cache ca-certificates tzdata wget +WORKDIR /app +COPY api/notification/config.yml /app/config.yml +COPY api/notification/i18n /app/i18n +COPY api/notification/env /app/env +COPY api/pkg/auth/internal/casbin/models/auth.conf /app/env/permissions_model.conf +COPY --from=build /out/notification /app/notification +EXPOSE 8081 +ENTRYPOINT ["/app/notification"] +CMD ["--config.file", "/app/config.yml"] diff --git a/ci/prod/compose/notification.yml b/ci/prod/compose/notification.yml new file mode 100644 index 0000000..391ba94 --- /dev/null +++ b/ci/prod/compose/notification.yml @@ -0,0 +1,54 @@ +# Compose v2 - Notification service + +x-common-env: &common-env + env_file: + - ../env/.env.runtime + - ../env/.env.version + +networks: + sendico-net: + external: true + name: sendico-net + +services: + sendico_notification: + <<: *common-env + container_name: sendico-notification + restart: unless-stopped + image: ${REGISTRY_URL}/notification/service:${APP_V} + pull_policy: always + environment: + AMPLI_ENVIRONMENT: ${AMPLI_ENVIRONMENT} + API_PROTOCOL: ${API_PROTOCOL} + SERVICE_HOST: ${SERVICE_HOST} + API_ENDPOINT: ${API_ENDPOINT} + API_ENDPOINT_SECRET: ${API_ENDPOINT_SECRET} + WS_ENDPOINT: ${WS_ENDPOINT} + NATS_HOST: ${NATS_HOST} + NATS_PORT: ${NATS_PORT} + NATS_USER: ${NATS_USER} + NATS_PASSWORD: ${NATS_PASSWORD} + NATS_URL: ${NATS_URL} + MAIL_USER: ${MAIL_USER} + MAIL_SECRET: ${MAIL_SECRET} + MONGO_HOST: ${MONGO_HOST} + MONGO_PORT: ${MONGO_PORT} + MONGO_DATABASE: ${MONGO_DATABASE} + MONGO_USER: ${MONGO_USER} + MONGO_PASSWORD: ${MONGO_PASSWORD} + MONGO_AUTH_SOURCE: ${MONGO_AUTH_SOURCE} + MONGO_REPLICA_SET: ${MONGO_REPLICA_SET} + PERMISSION_MODEL: ${PERMISSION_MODEL} + PERMISSION_COLLECTION: ${PERMISSION_COLLECTION} + PERMISSION_TIMEOUT: ${PERMISSION_TIMEOUT} + PERMISSION_IS_FILTERED: ${PERMISSION_IS_FILTERED} + ports: + - "0.0.0.0:${NOTIFICATION_HTTP_PORT}:8081" + healthcheck: + test: ["CMD-SHELL","wget -qO- http://localhost:8081/health | grep -q '\"status\":\"ok\"'"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 60s + networks: + - sendico-net diff --git a/ci/prod/scripts/deploy/notification.sh b/ci/prod/scripts/deploy/notification.sh new file mode 100755 index 0000000..8e5ab99 --- /dev/null +++ b/ci/prod/scripts/deploy/notification.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env bash +set -euo pipefail +[[ "${DEBUG_DEPLOY:-0}" = "1" ]] && set -x +trap 'echo "[deploy-notification] error at line $LINENO" >&2' ERR + +: "${REMOTE_BASE:?missing REMOTE_BASE}" +: "${SSH_USER:?missing SSH_USER}" +: "${SSH_HOST:?missing SSH_HOST}" +: "${NOTIFICATION_DIR:?missing NOTIFICATION_DIR}" +: "${NOTIFICATION_COMPOSE_PROJECT:?missing NOTIFICATION_COMPOSE_PROJECT}" +: "${NOTIFICATION_SERVICE_NAME:?missing NOTIFICATION_SERVICE_NAME}" + +REMOTE_DIR="${REMOTE_BASE%/}/${NOTIFICATION_DIR}" +REMOTE_TARGET="${SSH_USER}@${SSH_HOST}" +COMPOSE_FILE="notification.yml" +SERVICE_NAMES="${NOTIFICATION_SERVICE_NAME}" + +REQUIRED_SECRETS=( + MONGO_USER + MONGO_PASSWORD + MAIL_USER + MAIL_SECRET + API_ENDPOINT_SECRET + NATS_USER + NATS_PASSWORD + NATS_URL +) + +for var in "${REQUIRED_SECRETS[@]}"; do + if [[ -z "${!var:-}" ]]; then + echo "missing required secret env: ${var}" >&2 + exit 65 + fi +done + +if [[ ! -s .env.version ]]; then + echo ".env.version is missing; run version step first" >&2 + exit 66 +fi + +b64enc() { + printf '%s' "$1" | base64 | tr -d '\n' +} + +MONGO_USER_B64="$(b64enc "${MONGO_USER}")" +MONGO_PASSWORD_B64="$(b64enc "${MONGO_PASSWORD}")" +MAIL_USER_B64="$(b64enc "${MAIL_USER}")" +MAIL_SECRET_B64="$(b64enc "${MAIL_SECRET}")" +API_ENDPOINT_SECRET_B64="$(b64enc "${API_ENDPOINT_SECRET}")" +NATS_USER_B64="$(b64enc "${NATS_USER}")" +NATS_PASSWORD_B64="$(b64enc "${NATS_PASSWORD}")" +NATS_URL_B64="$(b64enc "${NATS_URL}")" + +SSH_OPTS=( + -i /root/.ssh/id_rsa + -o StrictHostKeyChecking=no + -o UserKnownHostsFile=/dev/null + -o LogLevel=ERROR + -q +) +if [[ "${DEBUG_DEPLOY:-0}" = "1" ]]; then + SSH_OPTS=("${SSH_OPTS[@]/-q/}" -vv) +fi + +RSYNC_FLAGS=(-az --delete) +[[ "${DEBUG_DEPLOY:-0}" = "1" ]] && RSYNC_FLAGS=(-avz --delete) + +ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" "mkdir -p ${REMOTE_DIR}/{compose,env}" + +rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/compose/ "$REMOTE_TARGET:${REMOTE_DIR}/compose/" +rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" ci/prod/.env.runtime "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.runtime" +rsync "${RSYNC_FLAGS[@]}" -e "ssh ${SSH_OPTS[*]}" .env.version "$REMOTE_TARGET:${REMOTE_DIR}/env/.env.version" + +SERVICES_LINE="${SERVICE_NAMES}" + +ssh "${SSH_OPTS[@]}" "$REMOTE_TARGET" \ + REMOTE_DIR="$REMOTE_DIR" \ + COMPOSE_FILE="$COMPOSE_FILE" \ + COMPOSE_PROJECT="$NOTIFICATION_COMPOSE_PROJECT" \ + SERVICES_LINE="$SERVICES_LINE" \ + MONGO_USER_B64="$MONGO_USER_B64" \ + MONGO_PASSWORD_B64="$MONGO_PASSWORD_B64" \ + MAIL_USER_B64="$MAIL_USER_B64" \ + MAIL_SECRET_B64="$MAIL_SECRET_B64" \ + API_ENDPOINT_SECRET_B64="$API_ENDPOINT_SECRET_B64" \ + NATS_USER_B64="$NATS_USER_B64" \ + NATS_PASSWORD_B64="$NATS_PASSWORD_B64" \ + NATS_URL_B64="$NATS_URL_B64" \ + bash -s <<'EOSSH' +set -euo pipefail +cd "${REMOTE_DIR}/compose" +set -a +. ../env/.env.runtime +load_kv_file() { + local file="$1" + while IFS= read -r line || [ -n "$line" ]; do + case "$line" in + ''|\#*) continue ;; + esac + if printf '%s' "$line" | grep -Eq '^[[:alpha:]_][[:alnum:]_]*='; then + local key="${line%%=*}" + local value="${line#*=}" + key="$(printf '%s' "$key" | tr -d '[:space:]')" + value="${value#"${value%%[![:space:]]*}"}" + value="${value%"${value##*[![:space:]]}"}" + if [[ -n "$key" ]]; then + export "$key=$value" + fi + fi + done <"$file" +} +load_kv_file ../env/.env.version +set +a + +if base64 -d >/dev/null 2>&1 <<<'AA=='; then + BASE64_DECODE_FLAG='-d' +else + BASE64_DECODE_FLAG='--decode' +fi + +decode_b64() { + val="$1" + if [[ -z "$val" ]]; then + printf '' + return + fi + printf '%s' "$val" | base64 "${BASE64_DECODE_FLAG}" +} + +MONGO_USER="$(decode_b64 "$MONGO_USER_B64")" +MONGO_PASSWORD="$(decode_b64 "$MONGO_PASSWORD_B64")" +MAIL_USER="$(decode_b64 "$MAIL_USER_B64")" +MAIL_SECRET="$(decode_b64 "$MAIL_SECRET_B64")" +API_ENDPOINT_SECRET="$(decode_b64 "$API_ENDPOINT_SECRET_B64")" +NATS_USER="$(decode_b64 "$NATS_USER_B64")" +NATS_PASSWORD="$(decode_b64 "$NATS_PASSWORD_B64")" +NATS_URL="$(decode_b64 "$NATS_URL_B64")" + +export MONGO_USER MONGO_PASSWORD +export MAIL_USER MAIL_SECRET API_ENDPOINT_SECRET +export NATS_USER NATS_PASSWORD NATS_URL +COMPOSE_PROJECT_NAME="$COMPOSE_PROJECT" +export COMPOSE_PROJECT_NAME +read -r -a SERVICES <<<"${SERVICES_LINE}" + +pull_cmd=(docker compose -f "$COMPOSE_FILE" pull) +up_cmd=(docker compose -f "$COMPOSE_FILE" up -d --remove-orphans) +ps_cmd=(docker compose -f "$COMPOSE_FILE" ps) +if [[ "${#SERVICES[@]}" -gt 0 ]]; then + pull_cmd+=("${SERVICES[@]}") + up_cmd+=("${SERVICES[@]}") + ps_cmd+=("${SERVICES[@]}") +fi + +"${pull_cmd[@]}" +"${up_cmd[@]}" +"${ps_cmd[@]}" + +date -Is > .last_deploy +logger -t "deploy-${COMPOSE_PROJECT_NAME}" "${COMPOSE_PROJECT_NAME} deployed at $(date -Is) in ${REMOTE_DIR}" +EOSSH diff --git a/ci/scripts/notification/build-image.sh b/ci/scripts/notification/build-image.sh new file mode 100755 index 0000000..31a3ccf --- /dev/null +++ b/ci/scripts/notification/build-image.sh @@ -0,0 +1,85 @@ +#!/bin/sh +set -eu + +if ! set -o pipefail 2>/dev/null; then + : +fi + +REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)" +cd "${REPO_ROOT}" + +sh ci/scripts/common/ensure_env_version.sh + +normalize_env_file() { + file="$1" + tmp="${file}.tmp.$$" + tr -d '\r' <"$file" >"$tmp" + mv "$tmp" "$file" +} + +load_env_file() { + file="$1" + while IFS= read -r line || [ -n "$line" ]; do + case "$line" in + ''|\#*) continue ;; + esac + key="${line%%=*}" + value="${line#*=}" + key="$(printf '%s' "$key" | tr -d '[:space:]')" + value="${value#"${value%%[![:space:]]*}"}" + value="${value%"${value##*[![:space:]]}"}" + export "$key=$value" + done <"$file" +} + +NOTIFICATION_ENV_NAME="${NOTIFICATION_ENV:-prod}" +RUNTIME_ENV_FILE="./ci/${NOTIFICATION_ENV_NAME}/.env.runtime" + +if [ ! -f "${RUNTIME_ENV_FILE}" ]; then + echo "[notification-build] runtime env file not found: ${RUNTIME_ENV_FILE}" >&2 + exit 1 +fi + +normalize_env_file "${RUNTIME_ENV_FILE}" +normalize_env_file ./.env.version + +load_env_file "${RUNTIME_ENV_FILE}" +load_env_file ./.env.version + +REGISTRY_URL="${REGISTRY_URL:?missing REGISTRY_URL}" +APP_V="${APP_V:?missing APP_V}" +NOTIFICATION_DOCKERFILE="${NOTIFICATION_DOCKERFILE:?missing NOTIFICATION_DOCKERFILE}" +NOTIFICATION_IMAGE_PATH="${NOTIFICATION_IMAGE_PATH:?missing NOTIFICATION_IMAGE_PATH}" + +REGISTRY_HOST="${REGISTRY_URL#http://}" +REGISTRY_HOST="${REGISTRY_HOST#https://}" +REGISTRY_USER="$(cat secrets/REGISTRY_USER)" +REGISTRY_PASSWORD="$(cat secrets/REGISTRY_PASSWORD)" +: "${REGISTRY_USER:?missing registry user}" +: "${REGISTRY_PASSWORD:?missing registry password}" + +mkdir -p /kaniko/.docker +AUTH_B64="$(printf '%s:%s' "$REGISTRY_USER" "$REGISTRY_PASSWORD" | base64 | tr -d '\n')" +cat </kaniko/.docker/config.json +{ + "auths": { + "https://${REGISTRY_HOST}": { "auth": "${AUTH_B64}" } + } +} +EOF + +BUILD_CONTEXT="${NOTIFICATION_BUILD_CONTEXT:-${WOODPECKER_WORKSPACE:-${CI_WORKSPACE:-${PWD:-/workspace}}}}" +if [ ! -d "${BUILD_CONTEXT}" ]; then + BUILD_CONTEXT="/workspace" +fi + +/kaniko/executor \ + --context "${BUILD_CONTEXT}" \ + --dockerfile "${NOTIFICATION_DOCKERFILE}" \ + --destination "${REGISTRY_URL}/${NOTIFICATION_IMAGE_PATH}:${APP_V}" \ + --build-arg APP_VERSION="${APP_V}" \ + --build-arg GIT_REV="${GIT_REV}" \ + --build-arg BUILD_BRANCH="${BUILD_BRANCH}" \ + --build-arg BUILD_DATE="${BUILD_DATE}" \ + --build-arg BUILD_USER="${BUILD_USER}" \ + --single-snapshot diff --git a/ci/scripts/notification/deploy.sh b/ci/scripts/notification/deploy.sh new file mode 100755 index 0000000..4b97613 --- /dev/null +++ b/ci/scripts/notification/deploy.sh @@ -0,0 +1,68 @@ +#!/bin/sh +set -eu + +if ! set -o pipefail 2>/dev/null; then + : +fi + +REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)" +cd "${REPO_ROOT}" + +sh ci/scripts/common/ensure_env_version.sh + +normalize_env_file() { + file="$1" + tmp="${file}.tmp.$$" + tr -d '\r' <"$file" >"$tmp" + mv "$tmp" "$file" +} + +load_env_file() { + file="$1" + while IFS= read -r line || [ -n "$line" ]; do + case "$line" in + ''|\#*) continue ;; + esac + key="${line%%=*}" + value="${line#*=}" + key="$(printf '%s' "$key" | tr -d '[:space:]')" + value="${value#"${value%%[![:space:]]*}"}" + value="${value%"${value##*[![:space:]]}"}" + export "$key=$value" + done <"$file" +} + +NOTIFICATION_ENV_NAME="${NOTIFICATION_ENV:-prod}" +RUNTIME_ENV_FILE="./ci/${NOTIFICATION_ENV_NAME}/.env.runtime" + +if [ ! -f "${RUNTIME_ENV_FILE}" ]; then + echo "[notification-deploy] runtime env file not found: ${RUNTIME_ENV_FILE}" >&2 + exit 1 +fi + +normalize_env_file "${RUNTIME_ENV_FILE}" +normalize_env_file ./.env.version + +load_env_file "${RUNTIME_ENV_FILE}" +load_env_file ./.env.version + +NOTIFICATION_MONGO_SECRET_PATH="${NOTIFICATION_MONGO_SECRET_PATH:?missing NOTIFICATION_MONGO_SECRET_PATH}" +NOTIFICATION_MAIL_SECRET_PATH="${NOTIFICATION_MAIL_SECRET_PATH:?missing NOTIFICATION_MAIL_SECRET_PATH}" +NOTIFICATION_API_SECRET_PATH="${NOTIFICATION_API_SECRET_PATH:?missing NOTIFICATION_API_SECRET_PATH}" +: "${NATS_HOST:?missing NATS_HOST}" +: "${NATS_PORT:?missing NATS_PORT}" + +export MONGO_USER="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" user)" +export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" password)" + +export MAIL_USER="$(./ci/vlt kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" user)" +export MAIL_SECRET="$(./ci/vlt kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" password)" + +export API_ENDPOINT_SECRET="$(./ci/vlt kv_get kv "${NOTIFICATION_API_SECRET_PATH}" secret)" + +export NATS_USER="$(./ci/vlt kv_get kv sendico/nats user)" +export NATS_PASSWORD="$(./ci/vlt kv_get kv sendico/nats password)" +export NATS_URL="nats://${NATS_USER}:${NATS_PASSWORD}@${NATS_HOST}:${NATS_PORT}" + +bash ci/prod/scripts/bootstrap/network.sh +bash ci/prod/scripts/deploy/notification.sh