From 300117822deffb3a4bec87d640540dde94cc57e5 Mon Sep 17 00:00:00 2001 From: 13orlov <13orlov@gmail.com> Date: Sun, 31 Aug 2025 00:18:46 +0100 Subject: [PATCH] feat(ci): Implement final deployment script and pipeline --- .drone.yml | 29 +++-------------------------- .env.prod.env | 10 ---------- .env.staging.env | 10 ---------- nano .env.test => .env.test | 0 .sops.yaml | 18 +++--------------- envs/common.env | 15 +++++++++++++++ envs/prod.env | 18 ++++++++++++++++++ envs/staging.env | 8 ++++++++ scripts/deploy.sh | 15 +++++++++++++++ temp.env | 4 ++++ 10 files changed, 66 insertions(+), 61 deletions(-) delete mode 100644 .env.prod.env delete mode 100644 .env.staging.env rename nano .env.test => .env.test (100%) create mode 100644 envs/common.env create mode 100644 envs/prod.env create mode 100644 envs/staging.env create mode 100755 scripts/deploy.sh create mode 100644 temp.env diff --git a/.drone.yml b/.drone.yml index 68ccf6e..01705da 100644 --- a/.drone.yml +++ b/.drone.yml @@ -9,18 +9,6 @@ trigger: - push steps: - # Шаг 1: Логинимся в Docker Hub. Это у нас работает идеально. - - name: docker-login - image: docker:latest - environment: - DOCKER_USERNAME: - from_secret: DOCKER_USERNAME - DOCKER_PASSWORD: - from_secret: DOCKER_PASSWORD - commands: - - echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin - - # Шаг 2: Запускаем тесты. Используем переменные окружения, это самый чистый способ. - name: testing image: python:3.11-slim environment: @@ -31,7 +19,6 @@ steps: - poetry install - poetry run pytest -v - # Шаг 3: Разворачиваем приложение. Это финальная, правильная версия скрипта. - name: deploy image: appleboy/drone-ssh settings: @@ -41,17 +28,7 @@ steps: key: from_secret: DEPLOY_STAG_SSH_KEY script: - # Эти команды выполняются на вашем VDS - - echo ">>> Connecting to VDS..." + # Эти команды выполняются на VDS - cd /home/orlov/apps/marquiz-metrics-staging - - echo ">>> Pulling latest changes..." - - git pull origin staging - - # КЛЮЧЕВОЙ ШАГ: Расшифровываем секреты из Git в рабочий .env.staging файл - - echo ">>> Decrypting secrets for staging..." - - sops --decrypt .env.staging.env > .env.staging - - - echo ">>> Rebuilding and restarting services with Makefile..." - # Используем нашу удобную команду из Makefile. Она выполнит правильный docker compose. - - make staging-up - - echo ">>> Deployment finished successfully!" \ No newline at end of file + - git pull + - ./scripts/deploy.sh # Просто запускаем наш умный скрипт \ No newline at end of file diff --git a/.env.prod.env b/.env.prod.env deleted file mode 100644 index 4452589..0000000 --- a/.env.prod.env +++ /dev/null @@ -1,10 +0,0 @@ -YANDEX_CLIENT_ID=ENC[AES256_GCM,data:a/kKuBDWvndXqf4=,iv:aQ/gfghiYCsylZfYbsAu6fBnNQT1/+Hz4xBj7bNJSRw=,tag:j7Y6/yaXh1mb/uUv2e4uFA==,type:str] -YANDEX_CLIENT_SECRET=ENC[AES256_GCM,data:ELHT6NwJj0MErGTgXruR2u3N12z1,iv:iDY/G0orHgTBWLOIgEZW5gvXpoYm2r2G7bYSmgVlWb8=,tag:MxkEF+bAws/d8Xs/KPIgTQ==,type:str] -YANDEX_METRIKA_API_URL=ENC[AES256_GCM,data:P38k+JploOkJ3GWMLvhh3Ay+Hzff4J+wT+g95LggR5o=,iv:KD5Zi8z6kvww106DvgY5yyAuOwwh50b1hDlkFlPgeMY=,tag:IEmrqY7eMRwqB+3lYZSKLw==,type:str] -LOG_LEVEL=ENC[AES256_GCM,data:ILlX87s+MQ==,iv:RnltAR/19gGatKbAvLZuQ1/KkBMopnlN1GTKPvyumwY=,tag:DZVzlACtQySZsgsosOXKJg==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYjVNamNpbHYzWDFIeUIz\nYlFYYWhsWjVoUHF3enZuU1Rpc09PdlJKSTFvCmlMQ3hLTFZxTXV2SjBWaDdPSEhi\nYlZxMFJvcU00d0c0bC85d1NENWpxNGcKLS0tIHVrL3RJMWpmamZrYTBDRUw1S3BT\nUmVHNk1PUEdHalR5TXhvVklkb1ljL1kKBhHCopFNlUNXzjaTBKs0Hi8vbHUtagv6\n8P4u1Lotw2h7Or+HZMFqAtuMF4pvXbPFauMo810vrVrenHUtSBjr1A==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 -sops_lastmodified=2025-08-23T20:03:27Z -sops_mac=ENC[AES256_GCM,data:d8zNr/5sZyQyyX5ifByE0E6qF/idpHlA2kJXz7i9MA6wVjuWBy2OOm9u83ZAnmzrPhpMcDJVtkKTnl5XbhSXDhRVnRM9AzWTtxn30K3L1lTkmifGgZDKycW4GrmIV3klcHXZm9mYOmMnbCkcoS7n19Yf57GU3FJ5rWPwPizmqVw=,iv:JOkSU2YZtirIJlgz+ZpnG5fq+nMFihMljI7w95Y/Hhk=,tag:DbRYnHaKYimwvEch5ODWng==,type:str] -sops_unencrypted_suffix=_unencrypted -sops_version=3.8.1 diff --git a/.env.staging.env b/.env.staging.env deleted file mode 100644 index b834ba1..0000000 --- a/.env.staging.env +++ /dev/null @@ -1,10 +0,0 @@ -YANDEX_CLIENT_ID=ENC[AES256_GCM,data:ovOPy03Xty7s+P6pk/8eFU3pn/m4B/saMbJriVnngay8zQ==,iv:r+1esLnobc5Yo5fbT7R6QkrzIOatq3u6DO4esSqrvtM=,tag:rMi7Zm6hV/Woxn36+TwRBw==,type:str] -YANDEX_CLIENT_SECRET=ENC[AES256_GCM,data:buJMbhkW9SyA4+T5vTY3hWQbW86K9XdNPjOK7VvNW0mJPw==,iv:3D1X2UvluoVAaIOgwREhsjHljapBaZFbw0PjzACyagc=,tag:EN0vPFcT6pAa7HdwBUmXgg==,type:str] -YANDEX_METRIKA_API_URL=ENC[AES256_GCM,data:zFDYokZP/nYqAQSaWyXt4WnKYncA8NgklPwP6PwF3Rs=,iv:5oMQWjfhI/2fX9VJF0LZPTxrsGkypmrDvm3zwFVSXB0=,tag:wq7ObvZFi0ywjhjo8hyfMw==,type:str] -LOG_LEVEL=ENC[AES256_GCM,data:inqZnyEL,iv:lqj+YjpEJNzIN02HogmDCdpyBBtPlm1e8NJrCytfYh8=,tag:ooEestVYQEnQ8WrXynHTpw==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArY2FoS29pcmR4QjVyMFEr\nVGpCMnVMU2FaVG4zSTAwc2l1YWxSLy9pVDJzCm9RaUhlK2VWZDkxbDN0QmkrY05J\nTDRpWG92WnhLSGgxNHVQZGZkZE40OFUKLS0tIEpjNXJEdTl0SGxldTE0UWZXdUVy\nRzNFd0NyeUg0S3lkSkFHczlYVzU0dmcK8sGbrTKytUVWhp7IAtKhZPj/36xW86sN\nUuuc37C7hVCyen2bKX8oba7pceq6Ww7Nci1Gq40xfQj2+hHgNvjSqQ==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 -sops_lastmodified=2025-08-27T21:06:14Z -sops_mac=ENC[AES256_GCM,data:Vcsso7SI85vwxKBOmNNrEjaNQXNjtFK5YASy4GfirhBW2Q8jENH2l+jFOqNwZEFdghUDlrKyj38yZFlReWL+d3KwRdvptksfekY/xdz1hbunTpjyOXbxD15NeYYuw9uq2ds3iaDfkw86CfJsS64axvmzFzPIH7usRfEUSJ/8+x4=,iv:lCXBWG9MnbSmNVDTNqia/wt4U00HVyFU0i8Lns0RHTs=,tag:c2qWCRjYxOBOaKxkOEtdOw==,type:str] -sops_unencrypted_suffix=_unencrypted -sops_version=3.8.1 diff --git a/nano .env.test b/.env.test similarity index 100% rename from nano .env.test rename to .env.test diff --git a/.sops.yaml b/.sops.yaml index 6072dde..546c837 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,16 +1,4 @@ -# Этот файл - инструкция для SOPS creation_rules: - # Правило №1: - # Для всех файлов, которые заканчиваются на '.staging.env' - - path_regex: .*\.staging\.env$ - # ...использовать вот этот публичный ключ для шифрования. - age: >- - age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 - - # Правило №2 (на будущее): - # Для всех файлов, которые заканчиваются на '.prod.env' - - path_regex: .*\.prod\.env$ - # ...тоже использовать этот ключ. - # В реальном проекте здесь мог бы быть другой ключ, для Production. - age: >- - age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 + - path_regex: ^envs/.*\.env$ + # Ключи перечисляются ОДНОЙ СТРОКОЙ через запятую + age: age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9,age1p69rx76d4dqpf5a54m66lptad5qks8r98vxyyd59hh7rwz203szq3hzgyz \ No newline at end of file diff --git a/envs/common.env b/envs/common.env new file mode 100644 index 0000000..ef5f8a8 --- /dev/null +++ b/envs/common.env @@ -0,0 +1,15 @@ +LOG_LEVEL=ENC[AES256_GCM,data:R59OlRM/LuM2hPe+VyKM2R1uFKXpdKNhW2vVxDt6KT0TtZi+2TeT6drdPF2LcbZAb3X+EhcIeUxtz5Oj92fZrOyg6XvAaL8DDGeiNAuDbZXFE5NmwFvZaWxzCLNU05mgqzUZyR4LQ/OdsdZMCxipqPiLwA==,iv:/2BPMjk3DL5kvdHlZVGHt4uizI1Yl3lzHP4DBPRltQA=,tag:iEK8xtHbHRRdtFKVDfuVpA==,type:str] +sops_age__list_0__map_enc=ENC[AES256_GCM,data:mm6uXby/45UsTQ0b+uupVOesKHi6euQkdcc0wPbxnZUpi34t1wVGmvdLL+3eyT3SCwuxdEvTX0MRwt2Os14ZoOju9p+t5CuPtY4xs3BZDhY1hulQen4YAI6WoGmi7C78qnvCHAlG5Hx6FhuxUBRg2aWRysDw5oM9pGYvn6ZThGOmkqVRO3K3kyJtvtGqdGvBDbcRYZYWwiYmdQGya077fBbPjdt+Uxp/9fozO+VI1OSZjzm6x6LE54aGVR7daeWALaQox2w5L3AuSbIQWLSu29Y36dd7rZVfSjhHvR0oIeDyUDJzi8LN5ZVnhjbfj3MFMWom6k+EIRbjf6WcDC43xinF6gwcLc1cZVzMGQN8PMnYtRnrRbTCDm2lHjM4EdcjtOe+iXib8e07H4H/iG2YqGobJ/IyWvVYtDLu5z6hKeGAHQvZKb08uV2xJYvM1bYGo3Lb/csiDnPraap5lqQhC+DJFVWrqP3qARygGfj2wAn5v3LOBh30YrPVWbKr056Dkg==,iv:ez9TNQD9dKm74p7dYiow1Z31oVGeYewNkHZPzkXD66o=,tag:Qxhucs+DfBJRgwepdUlS7g==,type:str] +sops_age__list_0__map_recipient=ENC[AES256_GCM,data:l00qJdRIiDLqnk2kv4t79WwFWPiApZyKYznymSFN7yc3E0miwKoBz1EjW2vBotUtjDWNoCl6znvYWuCD+30=,iv:5bloc1OmQhaa6/M9EhgiSFqfGrlpuuP1KDS4DKkwi7s=,tag:U5TseVWRc3tCCZ7OjEGsmQ==,type:str] +sops_lastmodified=ENC[AES256_GCM,data:Ffg2V80yCFiwWZvQZNTYyp+lRY8=,iv:DfDQKOcvBFqSp+1DNJGcjGy9OvPxqU6EYM4siA/TaxY=,tag:v5XPlQRPhAzoMkbNeu8fAA==,type:str] +sops_mac=ENC[AES256_GCM,data:ywjx4M5fFyw8Y4Uz5u90wzuHRw99vivLxU5nujSzF7yZ4qLspeCe8cUVOB/5YSWYV+cbvugg+XdY0NmojOdeNkq0P1NEo1W9QSgi5Io1tVZkA9bVxTUHHubAeKWWA1NtrfgYbUKe6VCQT2hDNgc1NnNBRPYAjhamL5bzWKsSUPR+uZ7K+yYGYYs3kzjK1gEBvMazgEqh2Xdh4iXpQ0gBQZoBAaqG0n32T8mYwOTK2whjn6SpkVqbRK7gEIg4mNBSGFRSWwxiiDfUDKatu+RLCvM78ly6kWeBdW84wmSgD+sIQJAB603AA+q0HykSL22VHUcz6HYbnYmHuLf9Ol+4qWW6YkgS7FwW3aYxSjodaBnlLLctl0+k,iv:cZaXmUiAKHobBNt0UMRZdGDZ+GNmaeqSlE9cug2R+PM=,tag:vbcJ8pyCYtw/VbjZMLyaQQ==,type:str] +sops_unencrypted_suffix=ENC[AES256_GCM,data:ReWZB540wQGZNYX+,iv://KzuYFWPvs2nXR6lMhGq4NWT8m/G4wX0i93DiF2Twc=,tag:wLhBiYsJmMFDvUsD+/lnGw==,type:str] +sops_version=ENC[AES256_GCM,data:Ebn/Rx0=,iv:2UDVo4zHMWNtqUavqH7kUEo5u81EjTZj047ws6Acf5Q=,tag:zx6w5g1TOlQ2qFSswVvt1A==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBSW9NcHNoUHpuK2dqVUg5\nQnNYalFUS0pLbTNUSmcwZFR6Q2VSZEhJR1JBClJJdjU0OU9zOGszWjN3UGJlNG1n\nSFhLMWFKYWZoamMwTEthdk51QlR2bUUKLS0tIEF1MWd0ekR6KzFtTVRPaFZ1Q2Zu\neWJjNUF2S2FEcWJOaDFPVDFSSUxoRFUK5Gytp10jWi4FvkvKQ3E82vtVlZIYtps0\nLQLjsWMiKD5HDxXE33fshXtv/oDvRDDO5jYf2MRS0yuIPiITD7odCA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNy9NQ2R6bUVjdVlWOVln\ndWtOdCsyVW9UUlJCM3R6Y0JlYmg1VjhyaERZCjNoVzhBbXEyUzZkVjRwZUlsWFQ2\nSWlJRzJsUk9RMmRMRWh5bVoxZEdOY2MKLS0tIFZzWWZLdVJnSXl2OFZOamlKS3pP\nOW0vWEtjbXI3cVFqemgxLzJaa0pmSkkKQwTfc9gIVkAz1DWpDyH4I8uz17Wb4ooU\n2fZCz1webjLTnfr+xOJ83dmC4wCxZIYBVMm9a0/Bn+TBK9wPSdZagw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1p69rx76d4dqpf5a54m66lptad5qks8r98vxyyd59hh7rwz203szq3hzgyz +sops_lastmodified=2025-08-30T23:15:03Z +sops_mac=ENC[AES256_GCM,data:LHMmHvmf/BVyZP5AVb7MkApOxefiMlhUKDSEliJY6xTVpvmtQDWh/jGqmpUIRXJmxcAYY7IXfhp8FVre2jcumP8SjL3eWACP/Kp/VMSttUVvQ4ooFXgchv/RRTlMkT1GJM6ob8OTU25XBUnkpANenahEKCKR0QWNMxPgjctmBMU=,iv:THajxUmRolL6fYWeZR1qRa+iSHABykZ0i1hSyjotfW8=,tag:RHtYRxoa3r9BclN1LfFFzg==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/envs/prod.env b/envs/prod.env new file mode 100644 index 0000000..ad1f507 --- /dev/null +++ b/envs/prod.env @@ -0,0 +1,18 @@ +YANDEX_CLIENT_ID=ENC[AES256_GCM,data:G8smrkkafjLVyfzdJSqMGx+QNfDvS4NeJHV6+CwQe69o7r5hZIPnwZenZ25ize+SIHsvLk5fbgqZDD/8OJ/dsfYvqJ40Ae7eZESBw0a7aG17c2Pcz7OAmkgwdjf8EKLxvRt+qGbplZkAqJGJWmJUhRHs4e4dOgQJIsnh,iv:aiQUhVbfXWkSaGl4b1Yl6LQzeED0mMyyUkcvB4d+dBU=,tag:jZoNwCEjTsISVTxsr2kdvQ==,type:str] +YANDEX_CLIENT_SECRET=ENC[AES256_GCM,data:0BYtJwZD1dQEn1VbTsmAnBSqSDEGz1MufF8xZjBoiTB4WCQyMeF7YRDqfY3rMce79u9auiZgYV9n1R2aikij16DX0I8r22b2/g3HyDMb/65kJSGxBkZfewWgk7tzcKfge1wsZdx1WZn7rRFIFhYdivnRi9Y3P0/znrxfWWqh8HXu/uvmkX+i,iv:Oq2WwClHFMv6ytMDx9WdLd9niM3SpcwzuSEIQHeA1H8=,tag:Ahfizwm+WEr4IMlgIfnuQw==,type:str] +YANDEX_METRIKA_API_URL=ENC[AES256_GCM,data:1Kd3ROu+GDsZdilegH1Gqs1e+NESIsIK2PWKk43ahnH7uwhdmkmdqbRg35HKdCW0WaqZqkDCSzdXf7+bOgYo4gTdI3c4jV4xrsMKA9EBukWI4wunlaVtTjR9KLbKjqBo6fCuk/4O/e8sYaTrHZ8QmY/KfSZzZb6ox1539mfxlAX1S3S4RJSVQhhY7uvWvOQrCxhpk+nyvw==,iv:HYG6eC1P+XcxnqrJwlYzTsCCKUT2ZIsfB9ymO05yaek=,tag:8viowQ3D1LrdU6z5KbpSKg==,type:str] +LOG_LEVEL=ENC[AES256_GCM,data:Hl8Zv3FhBcGoQFKhsD1ONiSPvV+KT/Awyt1b4sHi73+Ww5nbcMbejBF7MUiFj81HWofW6wj8dfD0ApVi0MgbqKo+uQoqZFOUJM3YTDIcQDwelCAcpIaq/MYRwif4SqIv4GEz6oBr2SCLlOjkazWAiadaGxPMQQg=,iv:PCKselsF6i+NFss1lyzJaBlv6JrAZXEIBAI6190SjTk=,tag:EQhz5/jEoEbHIhses7cEGA==,type:str] +sops_age__list_0__map_enc=ENC[AES256_GCM,data:u+xDli0Ctu3zL4qZJ34252FWL+xw9QIIiynbLd+vMlVfhKvGPmYilPB2BiN3lgxp9rftHm7VZhzbSeQdvHkBtBGtOgRBzHLA99hPePsqh/m7cX3nDe2HqiRHQYHPs6M546nSlbHRYgz9kjiIfctutsBVX0e9AISE/zWHv4p8CiCdZ8Vf7aDBqFuLf855gjAZnv4/nqNFO0MX2Wzi3gYLmpO6teEk+HqXb1tmX8+sODFbp16Zq3C6AmbF/YwtNE1kIl7my25DxHRPamfKBECAK2i9aFe9RyJVB6fuVh+VzEu2S/7YFmpGO0Y5eUbh11UcBLRySQ8fo2RQiMiFjD8HDFwlWGxtk++9CCodTzNGicQqy9LQNPzNfvINhRoSBJzF8WALXlBTNxdtqbb0/5wS4Af1VV/HoxlmDtYDVAb0nDMCSrgtjuhDu/M690+0hf7wfi5MvF4hKzGMwVuSUlEaehewU/18ldGG7uqGP0OSHRq1eUmjsL8lwxoJrTnhSfSmwg==,iv:A5AEMJurgzKY2UGCDqLvzt4MFRoKwNMvxi+mwbPToLA=,tag:NQu7UmO+zKuJlX6OCxDq9Q==,type:str] +sops_age__list_0__map_recipient=ENC[AES256_GCM,data:8jOuKSKu7VNR7y/E2lUfi0gu+iUIzhdSuf6L4p8O32MvEDxGNQXkxXCgTaOLVWP+vxT6LATuall+3uX9Tsw=,iv:0cNNtYfS0/R6YQyQfP5JVYQCwShm5Z0gY81Fe+aUID0=,tag:de8NZaYt5Fp494d/ajiYWw==,type:str] +sops_lastmodified=ENC[AES256_GCM,data:pg71o8BKwoYAgd4fWz830N3UyHo=,iv:+GRqE7mNconcksmcHcX0yC7I+UVY+a11OXitEV8zohs=,tag:emzSiW30YKw/B6n0sNNFWg==,type:str] +sops_mac=ENC[AES256_GCM,data:8jFWmHXXttv04Xkbu9PEP9NFDXdpWHBDwid37PWaDv64QMKMcVAM6vwFTlnrK0pQuS2jwTzalyz+RCzY5ZyQje6IjgY5WcWnmuPpp/4BIfROeOARkE82zc7bzv2M5un3qwP8ma3fGPWJtrHlajX6yNIJljS6DBWHAdPwT2VKqESociKIh3aC1AWCyijXcG1TZjfgy5+xPr2k4Jfq2xLuI5FdPMa2LLKALF+p20KUObaEQfUoVplKQS7JQXd5a7xjZAauZ4DYaR2c5r0EHDTX/X6R8jnxuwcgaTucxmEoQNapTD8Q2q5B59uqMfDrMCgQ94+dGXjHspBxdWCOLg+ZHQ4C2L2f9/+buuRXizJBF+W1enBtGl7z,iv:dtEa7Ey9/Idts6sh83s2E8f61VluRbxX7PniBgH+yhw=,tag:TrgkUijOQfr/RTOSMkaROw==,type:str] +sops_unencrypted_suffix=ENC[AES256_GCM,data:vCoK0jafFTBflRtO,iv:oPw69EkgRVVUu6xsjTp9xyMZ9/3/ri0NNqENKOp5VJM=,tag:RroV50ogze0or6T+/TjcQg==,type:str] +sops_version=ENC[AES256_GCM,data:mJLDZhk=,iv:Y5wmiNYBuU73vp1KgfgAEd7Og4o6EIO/GDNnry2zvQk=,tag:7c/1zPCxD+iX1Kw2YRX7Zg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Q2lKalBYQnV1NC9OL1Mz\nZzVJanFka1dpTlpyUEg5dW9TWlFzMXlqbEJFClFQV21zYU1IQnZ0UXQ4WXU4bUg2\nSTZPeEwxODl3cHNCcjByUzlnZEZFeTgKLS0tIHdUWTJUbWdjTER3TjI4cXduMGRr\nd29QRGZkdDVBY3BZMGozRU1pcmc0ZXcKyNfJXo7D2Awdda18MUjydRSdUeExK4Yt\nw01aPVJCDikJxDXwNKCOZtdze+EaqZxiYbZJAWSFMCKP7yPdnzPGaw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVbU5WdFMxV21OQkFUZmsz\nMmE0OU9Ialk5b2FpQ1lXOXRsTVhTK0k0RkVVCnVEb3pxKzJyM3YzNWs1VWRJTkI3\nSU5McWNSMDgwRUtnL0pOeHY4NDRqOUUKLS0tIHBXRCsvdU9DV25iMjhEQjRQUWsr\nVHU5WDVwbXF4dmxGenQ5VEdwdkYvNjAKZuOIKg86VwdMo0F8qK5GqEJR3hc5SZ1R\ngbB+WYqC5P8k6+b85Hujetq2EjkXTS2S4lnt1ovQ5vRhA+tafBZtmQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1p69rx76d4dqpf5a54m66lptad5qks8r98vxyyd59hh7rwz203szq3hzgyz +sops_lastmodified=2025-08-30T23:15:03Z +sops_mac=ENC[AES256_GCM,data:bsjOCv92sKN6X1KFpRHZw5De9mVf54iNL6A5JRhP31sw1mH4S5d9utGzq13URFHOIJ0h427WdWpqPZE5h866Pb1bxog6YuJNRns9JprCZ0sx6AFPtSD4DpEwoE+mQrDBvbbpqz783s5zf07ZNRDt9sHU8ax6FzzAgPevdSbT12M=,iv:Lo+XXOCfFuUQ3rvjEd8VTka+0oxkqjUdCjN4wLgPjkE=,tag:xGWZK0JEmK85FOtXYJCGoQ==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/envs/staging.env b/envs/staging.env new file mode 100644 index 0000000..607a505 --- /dev/null +++ b/envs/staging.env @@ -0,0 +1,8 @@ +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SzlpKzlYelZpdFlWWCsr\nbllvQ096dCthQkdJSDBwbjNxM25XME13V0IwCnNLcmp4a1Iwa3hYUmdzdkQ3UFhl\nWDlCUW5oRU1lL3Y5Z2Z1eWZCMTdPSGcKLS0tIG95dUlDWnpMMGdpYnFVaFMzem1O\nUHY0bVM2YnYyck5obUNvbEZFOTB3RW8K5KYvi4RcvROkjB+XrEZMZwIHB3MVL8Ig\nankKBG4O1qTLmWoEljAHl8BHMvN44O3lgyKBo98VExE/6TSZtMkWww==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age12dkajmj2n7cgqplt325aw89c63v9dq7e833rt4ceqwlh87xs6fcsz6xfc9 +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacDBOTkpBc3libXBMazZU\ncGZ1cFJmWDV1SDdROGhwRzNqK1MrOTdXN3hnCjZqZFZIZUFHSG9sQjFhcXViNk9x\ncVJreElUSGU5Mm1sTWdMaytZQzNRSmMKLS0tIDM2ZDRDb1htMHlvb0xMUXlUYUU3\nM1VpUTg4U2VTYVhweTI4aHRlQXlGMU0KekAS7FBqJ+xA8aTjShzKBbezu8GGzMi1\nddz1iB07zDEz3sEu9WgIXotsnWQY2oT+Cle4cT3YsgYXjVqbCZOYVQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1p69rx76d4dqpf5a54m66lptad5qks8r98vxyyd59hh7rwz203szq3hzgyz +sops_lastmodified=2025-08-30T23:14:51Z +sops_mac=ENC[AES256_GCM,data:a01uBkne2Fat/uwyXZLmWo/as2Ontt2Jf5Bt433HKIihPBPB5rYjFt9Kli2bL7O0ZAl+zQ4VBG7Cq/OTHdJAZ+MjUBDQ8eK2mpx1mtVV07V2FFYaYQwS8chN1RSfLARN2kblC4acjjDZxAsXMR7UOv6d8vP64pG7G8D9aZ6/gAU=,iv:Su0DCkPeTUkCToZYfFyu+sfpfvqA7jqYS4THvOciIy8=,tag:hB4dSI6mfSui9EO8/5X7RA==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.8.1 diff --git a/scripts/deploy.sh b/scripts/deploy.sh new file mode 100755 index 0000000..9586bcc --- /dev/null +++ b/scripts/deploy.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash +set -euo pipefail + +echo ">>> Decrypting secrets for staging..." + +sops -d envs/common.env > .env.common +sops -d envs/staging.env > .env.staging.decrypted +cat .env.common .env.staging.decrypted > .env.staging +rm -f .env.common .env.staging.decrypted + +echo ">>> Secrets decrypted. Restarting services..." + +make staging-up + +echo ">>> Deployment to staging finished!" \ No newline at end of file diff --git a/temp.env b/temp.env new file mode 100644 index 0000000..ca25da1 --- /dev/null +++ b/temp.env @@ -0,0 +1,4 @@ +YANDEX_CLIENT_ID="f06d9cced3c54c2486a6255f8339146d" +YANDEX_CLIENT_SECRET="c998eeb615ab4b27b08e0c371ebee99c" +YANDEX_METRIKA_API_URL="https://api-metrika.yandex.net" +LOG_LEVEL="INFO"