-
Notifications
You must be signed in to change notification settings - Fork 432
Expand file tree
/
Copy pathdeploy.template.yaml
More file actions
196 lines (183 loc) · 5.62 KB
/
deploy.template.yaml
File metadata and controls
196 lines (183 loc) · 5.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
# DigitalOcean App Platform deploy template (Deploy to DO button).
# App spec reference: https://docs.digitalocean.com/products/app-platform/reference/app-spec/
# Full PWP__ options: docker-compose.yml and https://docs.pwpush.com/docs/self-hosted-configuration/
#
# Security: Replace SECRET placeholders in the DO UI after deploy—never commit real keys.
spec:
name: passwordpusher
region: nyc
features:
- buildpack-stack=ubuntu-22
alerts:
- rule: DEPLOYMENT_FAILED
- rule: DOMAIN_FAILED
databases:
- name: pwpush-db
engine: PG
version: "16"
production: true
services:
- name: pwpush
environment_slug: ruby-on-rails
github:
branch: master
deploy_on_push: true
repo: pglombardo/PasswordPusher
# Match Procfile web process; thrust runs Puma bound to PORT.
run_command: bundle exec bin/thrust bin/rails server
instance_count: 1
instance_size_slug: apps-s-1vcpu-1gb
http_port: 8080
envs:
# --- Build / runtime ---
- key: RAILS_ENV
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: production
- key: RACK_ENV
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: production
- key: BUNDLE_WITHOUT
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: "development:test"
- key: RAILS_LOG_TO_STDOUT
scope: RUN_TIME
type: GENERAL
value: "true"
- key: RAILS_SERVE_STATIC_FILES
scope: RUN_TIME
type: GENERAL
value: "true"
# --- Secrets (set in App Platform UI; placeholders avoid committing real values) ---
- key: SECRET_KEY_BASE
scope: RUN_TIME
type: SECRET
value: "REPLACE_ME_run_rails_secret"
- key: PWPUSH_MASTER_KEY
scope: RUN_TIME
type: SECRET
value: "REPLACE_ME_run_rails_runner_puts_Lockbox_generate_key"
# --- Concurrency ---
- key: WEB_CONCURRENCY
scope: RUN_TIME
type: GENERAL
value: "2"
# --- URL / host (set to your app hostname after first deploy) ---
- key: PWP__HOST_PROTOCOL
scope: RUN_TIME
type: GENERAL
value: https
# - key: PWP__HOST_DOMAIN
# scope: RUN_TIME
# type: GENERAL
# value: your-app.ondigitalocean.app
# - key: PWP__ALLOWED_HOSTS
# scope: RUN_TIME
# type: GENERAL
# value: your-app.ondigitalocean.app
# --- Feature toggles (2.0 defaults) ---
- key: PWP__ALLOW_ANONYMOUS
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__DISABLE_SIGNUPS
scope: RUN_TIME
type: GENERAL
value: "false"
- key: PWP__DISABLE_LOGINS
scope: RUN_TIME
type: GENERAL
value: "false"
- key: PWP__ENABLE_USER_ACCOUNT_EMAILS
scope: RUN_TIME
type: GENERAL
value: "false"
- key: PWP__ENABLE_FILE_PUSHES
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__ENABLE_URL_PUSHES
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__ENABLE_QR_PUSHES
scope: RUN_TIME
type: GENERAL
value: "true"
# --- File storage: local is ephemeral on App Platform; use s3 for durable file pushes ---
- key: PWP__FILES__STORAGE
scope: RUN_TIME
type: GENERAL
value: local
# --- Password push (pw) limits & defaults ---
- key: PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT
scope: RUN_TIME
type: GENERAL
value: "7"
- key: PWP__PW__EXPIRE_AFTER_DAYS_MIN
scope: RUN_TIME
type: GENERAL
value: "1"
- key: PWP__PW__EXPIRE_AFTER_DAYS_MAX
scope: RUN_TIME
type: GENERAL
value: "90"
- key: PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT
scope: RUN_TIME
type: GENERAL
value: "5"
- key: PWP__PW__EXPIRE_AFTER_VIEWS_MIN
scope: RUN_TIME
type: GENERAL
value: "1"
- key: PWP__PW__EXPIRE_AFTER_VIEWS_MAX
scope: RUN_TIME
type: GENERAL
value: "100"
- key: PWP__PW__ENABLE_DELETABLE_PUSHES
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__PW__DELETABLE_PUSHES_DEFAULT
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__PW__ENABLE_RETRIEVAL_STEP
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__PW__RETRIEVAL_STEP_DEFAULT
scope: RUN_TIME
type: GENERAL
value: "true"
- key: PWP__THEME
scope: RUN_TIME
type: GENERAL
value: default
jobs:
# Runs after each deploy: creates DB if needed and migrates.
- name: db-prepare-after-deploy
kind: POST_DEPLOY
environment_slug: ruby-on-rails
github:
branch: master
deploy_on_push: true
repo: pglombardo/PasswordPusher
run_command: bundle exec rails db:prepare
instance_count: 1
instance_size_slug: apps-s-1vcpu-0.5gb
envs:
- key: RAILS_ENV
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: production
- key: RACK_ENV
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: production
- key: BUNDLE_WITHOUT
scope: RUN_AND_BUILD_TIME
type: GENERAL
value: "development:test"