ci: deploy dev infra [rebuild]
This commit is contained in:
Stephan D
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${AURORA_GATEWAY_ENV_NAME}"
|
||||
AURORA_GATEWAY_MONGO_SECRET_PATH="${AURORA_GATEWAY_MONGO_SECRET_PATH:?missing AURORA_GATEWAY_MONGO_SECRET_PATH}"
|
||||
AURORA_GATEWAY_NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
|
||||
|
||||
export AURORA_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export AURORA_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
export AURORA_GATEWAY_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export AURORA_GATEWAY_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${AURORA_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
NATS_SECRET_PATH="${AURORA_GATEWAY_NATS_SECRET_PATH}" load_nats_env
|
||||
|
||||
|
||||
@@ -42,13 +42,13 @@ BFF_MONGO_SECRET_PATH="${BFF_MONGO_SECRET_PATH:?missing BFF_MONGO_SECRET_PATH}"
|
||||
BFF_API_SECRET_PATH="${BFF_API_SECRET_PATH:?missing BFF_API_SECRET_PATH}"
|
||||
BFF_VAULT_SECRET_PATH="${BFF_VAULT_SECRET_PATH:?missing BFF_VAULT_SECRET_PATH}"
|
||||
|
||||
export MONGO_USER="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" user)"
|
||||
export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${BFF_MONGO_SECRET_PATH}" password)"
|
||||
export MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${BFF_MONGO_SECRET_PATH}" user)"
|
||||
export MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${BFF_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
export API_ENDPOINT_SECRET="$(./ci/vlt kv_get kv "${BFF_API_SECRET_PATH}" secret)"
|
||||
export API_ENDPOINT_SECRET="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${BFF_API_SECRET_PATH}" secret)"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export BFF_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" role_id)"
|
||||
export BFF_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${BFF_VAULT_SECRET_PATH}" secret_id)"
|
||||
export BFF_VAULT_ROLE_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${BFF_VAULT_SECRET_PATH}" role_id)"
|
||||
export BFF_VAULT_SECRET_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${BFF_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${BFF_VAULT_ROLE_ID}" ] || [ -z "${BFF_VAULT_SECRET_ID}" ]; then
|
||||
echo "[bff-deploy] vault approle creds are empty for path ${BFF_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${DOCUMENTS_ENV_NAME}"
|
||||
|
||||
DOCUMENTS_MONGO_SECRET_PATH="${DOCUMENTS_MONGO_SECRET_PATH:?missing DOCUMENTS_MONGO_SECRET_PATH}"
|
||||
|
||||
export DOCUMENTS_MONGO_USER="$(./ci/vlt kv_get kv "${DOCUMENTS_MONGO_SECRET_PATH}" user)"
|
||||
export DOCUMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${DOCUMENTS_MONGO_SECRET_PATH}" password)"
|
||||
export DOCUMENTS_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${DOCUMENTS_MONGO_SECRET_PATH}" user)"
|
||||
export DOCUMENTS_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${DOCUMENTS_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${FEES_ENV_NAME}"
|
||||
|
||||
FEES_MONGO_SECRET_PATH="${FEES_MONGO_SECRET_PATH:?missing FEES_MONGO_SECRET_PATH}"
|
||||
|
||||
export FEES_MONGO_USER="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" user)"
|
||||
export FEES_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FEES_MONGO_SECRET_PATH}" password)"
|
||||
export FEES_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${FEES_MONGO_SECRET_PATH}" user)"
|
||||
export FEES_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${FEES_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -41,11 +41,11 @@ load_runtime_env_bundle "${CALLBACKS_ENV_NAME}"
|
||||
CALLBACKS_MONGO_SECRET_PATH="${CALLBACKS_MONGO_SECRET_PATH:?missing CALLBACKS_MONGO_SECRET_PATH}"
|
||||
CALLBACKS_VAULT_SECRET_PATH="${CALLBACKS_VAULT_SECRET_PATH:?missing CALLBACKS_VAULT_SECRET_PATH}"
|
||||
|
||||
export CALLBACKS_MONGO_USER="$(./ci/vlt kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" user)"
|
||||
export CALLBACKS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" password)"
|
||||
export CALLBACKS_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" user)"
|
||||
export CALLBACKS_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CALLBACKS_MONGO_SECRET_PATH}" password)"
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export CALLBACKS_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" role_id)"
|
||||
export CALLBACKS_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" secret_id)"
|
||||
export CALLBACKS_VAULT_ROLE_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" role_id)"
|
||||
export CALLBACKS_VAULT_SECRET_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CALLBACKS_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CALLBACKS_VAULT_ROLE_ID}" ] || [ -z "${CALLBACKS_VAULT_SECRET_ID}" ]; then
|
||||
echo "[callbacks-deploy] vault approle creds are empty for path ${CALLBACKS_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
|
||||
@@ -43,17 +43,17 @@ CHAIN_GATEWAY_RPC_SECRET_PATH="${CHAIN_GATEWAY_RPC_SECRET_PATH:?missing CHAIN_GA
|
||||
CHAIN_GATEWAY_WALLET_SECRET_PATH="${CHAIN_GATEWAY_WALLET_SECRET_PATH:?missing CHAIN_GATEWAY_WALLET_SECRET_PATH}"
|
||||
CHAIN_GATEWAY_VAULT_SECRET_PATH="${CHAIN_GATEWAY_VAULT_SECRET_PATH:?missing CHAIN_GATEWAY_VAULT_SECRET_PATH}"
|
||||
|
||||
export CHAIN_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export CHAIN_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
export CHAIN_GATEWAY_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export CHAIN_GATEWAY_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
export CHAIN_GATEWAY_RPC_URL="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_RPC_SECRET_PATH}" arbitrum_rpc_url)"
|
||||
export CHAIN_GATEWAY_RPC_URL="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_RPC_SECRET_PATH}" arbitrum_rpc_url)"
|
||||
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_KEY="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_KEY="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export CHAIN_GATEWAY_SERVICE_WALLET_ADDRESS="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export CHAIN_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export CHAIN_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
export CHAIN_GATEWAY_VAULT_ROLE_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export CHAIN_GATEWAY_VAULT_SECRET_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHAIN_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${CHAIN_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${CHAIN_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[chain-gateway-deploy] vault approle creds are empty for path ${CHAIN_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${CHSETTLE_GATEWAY_ENV_NAME}"
|
||||
CHSETTLE_GATEWAY_MONGO_SECRET_PATH="${CHSETTLE_GATEWAY_MONGO_SECRET_PATH:?missing CHSETTLE_GATEWAY_MONGO_SECRET_PATH}"
|
||||
CHSETTLE_GATEWAY_NATS_SECRET_PATH="${CHSETTLE_GATEWAY_NATS_SECRET_PATH:-sendico/nats}"
|
||||
|
||||
export CHSETTLE_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export CHSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
export CHSETTLE_GATEWAY_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export CHSETTLE_GATEWAY_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${CHSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
NATS_SECRET_PATH="${CHSETTLE_GATEWAY_NATS_SECRET_PATH}" load_nats_env
|
||||
|
||||
|
||||
9
ci/scripts/common/fetch_registry_creds.sh
Normal file
9
ci/scripts/common/fetch_registry_creds.sh
Normal file
@@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
mkdir -p secrets
|
||||
sh ci/scripts/common/runtime_kv_get.sh kv_get kv registry user > secrets/REGISTRY_USER
|
||||
sh ci/scripts/common/runtime_kv_get.sh kv_get kv registry password > secrets/REGISTRY_PASSWORD
|
||||
@@ -4,8 +4,8 @@ load_nats_env() {
|
||||
: "${NATS_PORT:?missing NATS_PORT}"
|
||||
|
||||
nats_secret_path="${NATS_SECRET_PATH:-sendico/nats}"
|
||||
export NATS_USER="$(./ci/vlt kv_get kv "${nats_secret_path}" user)"
|
||||
export NATS_PASSWORD="$(./ci/vlt kv_get kv "${nats_secret_path}" password)"
|
||||
export NATS_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${nats_secret_path}" user)"
|
||||
export NATS_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${nats_secret_path}" password)"
|
||||
|
||||
nats_url_var="${NATS_URL_VAR:-NATS_URL}"
|
||||
nats_url_scheme="${NATS_URL_SCHEME:-nats}"
|
||||
|
||||
131
ci/scripts/common/runtime_kv_get.sh
Normal file
131
ci/scripts/common/runtime_kv_get.sh
Normal file
@@ -0,0 +1,131 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
if ! set -o pipefail 2>/dev/null; then
|
||||
:
|
||||
fi
|
||||
|
||||
REPO_ROOT="$(cd "$(dirname "$0")/../../.." && pwd)"
|
||||
cd "${REPO_ROOT}"
|
||||
|
||||
usage() {
|
||||
echo "usage: runtime_kv_get.sh kv_get <mount> <path> <field>" >&2
|
||||
exit 64
|
||||
}
|
||||
|
||||
[ "${1:-}" = "kv_get" ] || usage
|
||||
[ $# -eq 4 ] || usage
|
||||
|
||||
MOUNT="$2"
|
||||
SECRET_PATH="$3"
|
||||
FIELD="$4"
|
||||
|
||||
. ci/scripts/common/runtime_env.sh
|
||||
|
||||
runtime_env_name="${CI_TARGET_ENV:-${CI_RUNTIME_ENV_NAME:-$(resolve_runtime_env_name)}}"
|
||||
vault_source="${CI_VAULT_SOURCE:-runtime}"
|
||||
|
||||
if [ "${vault_source}" = "external" ] || [ "${runtime_env_name}" != "devserver" ]; then
|
||||
exec ./ci/vlt kv_get "${MOUNT}" "${SECRET_PATH}" "${FIELD}"
|
||||
fi
|
||||
|
||||
runtime_file="$(resolve_runtime_env_file "${runtime_env_name}")"
|
||||
cleanup_runtime_file=0
|
||||
case "${runtime_file}" in
|
||||
./.runtime.*.merged.*)
|
||||
cleanup_runtime_file=1
|
||||
;;
|
||||
esac
|
||||
|
||||
cleanup() {
|
||||
if [ "${cleanup_runtime_file}" -eq 1 ]; then
|
||||
rm -f "${runtime_file}"
|
||||
fi
|
||||
}
|
||||
trap cleanup EXIT INT TERM
|
||||
|
||||
normalize_env_file "${runtime_file}"
|
||||
load_env_file "${runtime_file}"
|
||||
|
||||
: "${SSH_USER:?missing SSH_USER}"
|
||||
: "${SSH_HOST:?missing SSH_HOST}"
|
||||
: "${REMOTE_BASE:?missing REMOTE_BASE}"
|
||||
: "${VAULT_DIR:?missing VAULT_DIR}"
|
||||
|
||||
SSH_KEY_FILE="${SSH_KEY_FILE:-}"
|
||||
if [ -z "${SSH_KEY_FILE}" ] || [ ! -f "${SSH_KEY_FILE}" ]; then
|
||||
for candidate in /root/.ssh/id_rsa secrets/SSH_KEY; do
|
||||
if [ -f "${candidate}" ]; then
|
||||
SSH_KEY_FILE="${candidate}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ -z "${SSH_KEY_FILE}" ] || [ ! -f "${SSH_KEY_FILE}" ]; then
|
||||
echo "[runtime-kv-get] ssh key not found; expected /root/.ssh/id_rsa or secrets/SSH_KEY" >&2
|
||||
exit 65
|
||||
fi
|
||||
|
||||
b64enc() {
|
||||
printf '%s' "$1" | base64 | tr -d '\n'
|
||||
}
|
||||
|
||||
MOUNT_B64="$(b64enc "${MOUNT}")"
|
||||
SECRET_PATH_B64="$(b64enc "${SECRET_PATH}")"
|
||||
FIELD_B64="$(b64enc "${FIELD}")"
|
||||
REMOTE_TARGET="${SSH_USER}@${SSH_HOST}"
|
||||
|
||||
SSH_OPTS="
|
||||
-i ${SSH_KEY_FILE}
|
||||
-o StrictHostKeyChecking=no
|
||||
-o UserKnownHostsFile=/dev/null
|
||||
-o LogLevel=ERROR
|
||||
-o BatchMode=yes
|
||||
-o PreferredAuthentications=publickey
|
||||
-o ConnectTimeout=10
|
||||
"
|
||||
|
||||
ssh ${SSH_OPTS} "${REMOTE_TARGET}" \
|
||||
REMOTE_BASE="${REMOTE_BASE}" \
|
||||
VAULT_DIR="${VAULT_DIR}" \
|
||||
MOUNT_B64="${MOUNT_B64}" \
|
||||
SECRET_PATH_B64="${SECRET_PATH_B64}" \
|
||||
FIELD_B64="${FIELD_B64}" \
|
||||
sh -s <<'EOSSH'
|
||||
set -eu
|
||||
|
||||
if printf 'AA==' | base64 -d >/dev/null 2>&1; then
|
||||
BASE64_DECODE_FLAG='-d'
|
||||
else
|
||||
BASE64_DECODE_FLAG='--decode'
|
||||
fi
|
||||
|
||||
decode_b64() {
|
||||
printf '%s' "$1" | base64 "${BASE64_DECODE_FLAG}"
|
||||
}
|
||||
|
||||
MOUNT="$(decode_b64 "${MOUNT_B64}")"
|
||||
SECRET_PATH="$(decode_b64 "${SECRET_PATH_B64}")"
|
||||
FIELD="$(decode_b64 "${FIELD_B64}")"
|
||||
INIT_FILE="${REMOTE_BASE%/}/${VAULT_DIR}/env/vault-init.json"
|
||||
|
||||
if [ ! -s "${INIT_FILE}" ]; then
|
||||
echo "[runtime-kv-get] dev vault init file not found: ${INIT_FILE}" >&2
|
||||
exit 66
|
||||
fi
|
||||
|
||||
INIT_JSON_COMPACT="$(tr -d '\r\n\t ' <"${INIT_FILE}")"
|
||||
ROOT_TOKEN="$(printf '%s' "${INIT_JSON_COMPACT}" | sed -n 's/.*"root_token":"\([^"]*\)".*/\1/p')"
|
||||
|
||||
if [ -z "${ROOT_TOKEN}" ]; then
|
||||
echo "[runtime-kv-get] failed to extract dev vault root token from ${INIT_FILE}" >&2
|
||||
exit 67
|
||||
fi
|
||||
|
||||
docker exec \
|
||||
-e VAULT_ADDR=http://127.0.0.1:8200 \
|
||||
-e VAULT_TOKEN="${ROOT_TOKEN}" \
|
||||
dev-vault \
|
||||
vault kv get -mount="${MOUNT}" -field="${FIELD}" "${SECRET_PATH}"
|
||||
EOSSH
|
||||
@@ -49,8 +49,8 @@ if [ -z "${FX_NEEDS_NATS}" ]; then
|
||||
esac
|
||||
fi
|
||||
|
||||
export FX_MONGO_USER="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" user)"
|
||||
export FX_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${FX_MONGO_SECRET_PATH}" password)"
|
||||
export FX_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${FX_MONGO_SECRET_PATH}" user)"
|
||||
export FX_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${FX_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
if [ "${FX_NEEDS_NATS}" = "true" ]; then
|
||||
NATS_URL_VAR=FX_NATS_URL load_nats_env
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${LEDGER_ENV_NAME}"
|
||||
|
||||
LEDGER_MONGO_SECRET_PATH="${LEDGER_MONGO_SECRET_PATH:?missing LEDGER_MONGO_SECRET_PATH}"
|
||||
|
||||
export LEDGER_MONGO_USER="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}" user)"
|
||||
export LEDGER_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${LEDGER_MONGO_SECRET_PATH}" password)"
|
||||
export LEDGER_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${LEDGER_MONGO_SECRET_PATH}" user)"
|
||||
export LEDGER_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${LEDGER_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -43,18 +43,18 @@ NOTIFICATION_MAIL_SECRET_PATH="${NOTIFICATION_MAIL_SECRET_PATH:?missing NOTIFICA
|
||||
NOTIFICATION_API_SECRET_PATH="${NOTIFICATION_API_SECRET_PATH:?missing NOTIFICATION_API_SECRET_PATH}"
|
||||
NOTIFICATION_TELEGRAM_SECRET_PATH="${NOTIFICATION_TELEGRAM_SECRET_PATH:?missing NOTIFICATION_TELEGRAM_SECRET_PATH}"
|
||||
|
||||
export MONGO_USER="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" user)"
|
||||
export MONGO_PASSWORD="$(./ci/vlt kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" password)"
|
||||
export MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" user)"
|
||||
export MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
export MAIL_USER="$(./ci/vlt kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" user)"
|
||||
export MAIL_SECRET="$(./ci/vlt kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" password)"
|
||||
export MAIL_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" user)"
|
||||
export MAIL_SECRET="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_MAIL_SECRET_PATH}" password)"
|
||||
|
||||
export API_ENDPOINT_SECRET="$(./ci/vlt kv_get kv "${NOTIFICATION_API_SECRET_PATH}" secret)"
|
||||
export API_ENDPOINT_SECRET="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_API_SECRET_PATH}" secret)"
|
||||
|
||||
export TELEGRAM_BOT_TOKEN="$(./ci/vlt kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" bot_token)"
|
||||
export TELEGRAM_CHAT_ID="$(./ci/vlt kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" chat_id)"
|
||||
export TELEGRAM_BOT_TOKEN="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" bot_token)"
|
||||
export TELEGRAM_CHAT_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" chat_id)"
|
||||
TELEGRAM_THREAD_ID=""
|
||||
if TELEGRAM_THREAD_ID_VALUE="$(./ci/vlt kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" thread_id 2>/dev/null)"; then
|
||||
if TELEGRAM_THREAD_ID_VALUE="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${NOTIFICATION_TELEGRAM_SECRET_PATH}" thread_id 2>/dev/null)"; then
|
||||
TELEGRAM_THREAD_ID="$TELEGRAM_THREAD_ID_VALUE"
|
||||
fi
|
||||
export TELEGRAM_THREAD_ID
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${PAYMENTS_METHODS_ENV_NAME}"
|
||||
|
||||
PAYMENTS_METHODS_MONGO_SECRET_PATH="${PAYMENTS_METHODS_MONGO_SECRET_PATH:?missing PAYMENTS_METHODS_MONGO_SECRET_PATH}"
|
||||
|
||||
export PAYMENTS_MONGO_USER="$(./ci/vlt kv_get kv "${PAYMENTS_METHODS_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_METHODS_MONGO_SECRET_PATH}" password)"
|
||||
export PAYMENTS_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_METHODS_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_METHODS_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${PAYMENTS_ENV_NAME}"
|
||||
|
||||
PAYMENTS_MONGO_SECRET_PATH="${PAYMENTS_MONGO_SECRET_PATH:?missing PAYMENTS_MONGO_SECRET_PATH}"
|
||||
|
||||
export PAYMENTS_MONGO_USER="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" password)"
|
||||
export PAYMENTS_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${PAYMENTS_QUOTATION_ENV_NAME}"
|
||||
|
||||
PAYMENTS_QUOTATION_MONGO_SECRET_PATH="${PAYMENTS_QUOTATION_MONGO_SECRET_PATH:?missing PAYMENTS_QUOTATION_MONGO_SECRET_PATH}"
|
||||
|
||||
export PAYMENTS_MONGO_USER="$(./ci/vlt kv_get kv "${PAYMENTS_QUOTATION_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${PAYMENTS_QUOTATION_MONGO_SECRET_PATH}" password)"
|
||||
export PAYMENTS_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_QUOTATION_MONGO_SECRET_PATH}" user)"
|
||||
export PAYMENTS_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${PAYMENTS_QUOTATION_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -40,8 +40,8 @@ load_runtime_env_bundle "${TGSETTLE_GATEWAY_ENV_NAME}"
|
||||
|
||||
TGSETTLE_GATEWAY_MONGO_SECRET_PATH="${TGSETTLE_GATEWAY_MONGO_SECRET_PATH:?missing TGSETTLE_GATEWAY_MONGO_SECRET_PATH}"
|
||||
|
||||
export TGSETTLE_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export TGSETTLE_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
export TGSETTLE_GATEWAY_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export TGSETTLE_GATEWAY_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TGSETTLE_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
load_nats_env
|
||||
|
||||
|
||||
@@ -43,19 +43,19 @@ TRON_GATEWAY_RPC_SECRET_PATH="${TRON_GATEWAY_RPC_SECRET_PATH:?missing TRON_GATEW
|
||||
TRON_GATEWAY_WALLET_SECRET_PATH="${TRON_GATEWAY_WALLET_SECRET_PATH:?missing TRON_GATEWAY_WALLET_SECRET_PATH}"
|
||||
TRON_GATEWAY_VAULT_SECRET_PATH="${TRON_GATEWAY_VAULT_SECRET_PATH:?missing TRON_GATEWAY_VAULT_SECRET_PATH}"
|
||||
|
||||
export TRON_GATEWAY_MONGO_USER="$(./ci/vlt kv_get kv "${TRON_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export TRON_GATEWAY_MONGO_PASSWORD="$(./ci/vlt kv_get kv "${TRON_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
export TRON_GATEWAY_MONGO_USER="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_MONGO_SECRET_PATH}" user)"
|
||||
export TRON_GATEWAY_MONGO_PASSWORD="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_MONGO_SECRET_PATH}" password)"
|
||||
|
||||
export TRON_GATEWAY_RPC_URL="$(./ci/vlt kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" rpc_url)"
|
||||
export TRON_GATEWAY_GRPC_URL="$(./ci/vlt kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" grpc_url || true)"
|
||||
export TRON_GATEWAY_GRPC_TOKEN="$(./ci/vlt kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" grpc_token || true)"
|
||||
export TRON_GATEWAY_RPC_URL="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" rpc_url)"
|
||||
export TRON_GATEWAY_GRPC_URL="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" grpc_url || true)"
|
||||
export TRON_GATEWAY_GRPC_TOKEN="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_RPC_SECRET_PATH}" grpc_token || true)"
|
||||
|
||||
export TRON_GATEWAY_SERVICE_WALLET_KEY="$(./ci/vlt kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export TRON_GATEWAY_SERVICE_WALLET_ADDRESS="$(./ci/vlt kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
export TRON_GATEWAY_SERVICE_WALLET_KEY="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" private_key)"
|
||||
export TRON_GATEWAY_SERVICE_WALLET_ADDRESS="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_WALLET_SECRET_PATH}" address || true)"
|
||||
|
||||
if [ "${CI_RUNTIME_ENV_NAME:-prod}" != "devserver" ]; then
|
||||
export TRON_GATEWAY_VAULT_ROLE_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export TRON_GATEWAY_VAULT_SECRET_ID="$(./ci/vlt kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
export TRON_GATEWAY_VAULT_ROLE_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" role_id)"
|
||||
export TRON_GATEWAY_VAULT_SECRET_ID="$(sh ci/scripts/common/runtime_kv_get.sh kv_get kv "${TRON_GATEWAY_VAULT_SECRET_PATH}" secret_id)"
|
||||
if [ -z "${TRON_GATEWAY_VAULT_ROLE_ID}" ] || [ -z "${TRON_GATEWAY_VAULT_SECRET_ID}" ]; then
|
||||
echo "[tron-gateway-deploy] vault approle creds are empty for path ${TRON_GATEWAY_VAULT_SECRET_PATH}" >&2
|
||||
exit 1
|
||||
|
||||
@@ -35,4 +35,53 @@ load_env_file() {
|
||||
VAULT_ENV_NAME="${VAULT_ENV:-$(resolve_runtime_env_name)}"
|
||||
load_runtime_env_bundle "${VAULT_ENV_NAME}"
|
||||
|
||||
SEED_FILE=".dev-vault-seed.env"
|
||||
|
||||
cleanup() {
|
||||
rm -f "${SEED_FILE}"
|
||||
}
|
||||
trap cleanup EXIT INT TERM
|
||||
|
||||
seed_field() {
|
||||
var_name="$1"
|
||||
secret_path="$2"
|
||||
field_name="$3"
|
||||
optional="${4:-0}"
|
||||
|
||||
if [ "${optional}" = "1" ]; then
|
||||
value="$(CI_VAULT_SOURCE=external ./ci/vlt kv_get kv "${secret_path}" "${field_name}" 2>/dev/null || true)"
|
||||
else
|
||||
value="$(CI_VAULT_SOURCE=external ./ci/vlt kv_get kv "${secret_path}" "${field_name}")"
|
||||
fi
|
||||
|
||||
printf '%s=%s\n' "${var_name}" "$(printf '%s' "${value}" | base64 | tr -d '\n')" >> "${SEED_FILE}"
|
||||
}
|
||||
|
||||
: > "${SEED_FILE}"
|
||||
chmod 600 "${SEED_FILE}"
|
||||
|
||||
seed_field REGISTRY_USER_B64 registry user
|
||||
seed_field REGISTRY_PASSWORD_B64 registry password
|
||||
seed_field SENDICO_DB_USER_B64 sendico/db user
|
||||
seed_field SENDICO_DB_PASSWORD_B64 sendico/db password
|
||||
seed_field SENDICO_DB_KEY_B64 sendico/db key
|
||||
seed_field SENDICO_NATS_USER_B64 sendico/nats user
|
||||
seed_field SENDICO_NATS_PASSWORD_B64 sendico/nats password
|
||||
seed_field SENDICO_API_ENDPOINT_SECRET_B64 sendico/api/endpoint secret
|
||||
seed_field NOTIFICATION_MAIL_USER_B64 sendico/notification/mail user
|
||||
seed_field NOTIFICATION_MAIL_PASSWORD_B64 sendico/notification/mail password
|
||||
seed_field NOTIFICATION_TELEGRAM_BOT_TOKEN_B64 sendico/notification/telegram bot_token
|
||||
seed_field NOTIFICATION_TELEGRAM_CHAT_ID_B64 sendico/notification/telegram chat_id
|
||||
seed_field NOTIFICATION_TELEGRAM_THREAD_ID_B64 sendico/notification/telegram thread_id 1
|
||||
seed_field CHAIN_GATEWAY_RPC_URL_B64 sendico/gateway/chain arbitrum_rpc_url
|
||||
seed_field CHAIN_GATEWAY_WALLET_PRIVATE_KEY_B64 sendico/gateway/chain/wallet private_key
|
||||
seed_field CHAIN_GATEWAY_WALLET_ADDRESS_B64 sendico/gateway/chain/wallet address 1
|
||||
seed_field TRON_GATEWAY_RPC_URL_B64 sendico/gateway/tron rpc_url
|
||||
seed_field TRON_GATEWAY_GRPC_URL_B64 sendico/gateway/tron grpc_url 1
|
||||
seed_field TRON_GATEWAY_GRPC_TOKEN_B64 sendico/gateway/tron grpc_token 1
|
||||
seed_field TRON_GATEWAY_WALLET_PRIVATE_KEY_B64 sendico/gateway/tron/wallet private_key
|
||||
seed_field TRON_GATEWAY_WALLET_ADDRESS_B64 sendico/gateway/tron/wallet address 1
|
||||
|
||||
export DEV_VAULT_SEED_FILE="${SEED_FILE}"
|
||||
|
||||
bash ci/prod/scripts/deploy/vault.sh
|
||||
|
||||
Reference in New Issue
Block a user