diff --git a/.github/workflows/cleanup-demo.yaml b/.github/workflows/cleanup-demo.yaml new file mode 100644 index 0000000000..3e8e0a3e5c --- /dev/null +++ b/.github/workflows/cleanup-demo.yaml @@ -0,0 +1,20 @@ +name: Demo Cleanup +on: + pull_request: + types: + - closed +permissions: + pull-requests: write + packages: write + +jobs: + cleanup: + name: Cleanup Demo + uses: canonical/webteam-devops/.github/workflows/cleanup-demo.yaml@demos + with: + juju-model-name: "795798e4-922f-49c7-9169-004ffc17df90@serviceaccount/k8s-marketplace-demos-default" + secrets: + demos_juju_client_id: ${{ secrets.DEMOS_JUJU_CLIENT_ID }} + demos_juju_client_secret: ${{ secrets.DEMOS_JUJU_CLIENT_SECRET }} + demos_s3_access_key_id: ${{ secrets.DEMOS_S3_ACCESS_KEY_ID }} + demos_s3_secret_access_key: ${{ secrets.DEMOS_S3_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/demo.yaml b/.github/workflows/demo.yaml new file mode 100644 index 0000000000..0f588660ff --- /dev/null +++ b/.github/workflows/demo.yaml @@ -0,0 +1,28 @@ +name: Demo +on: + pull_request: + types: + - opened + - reopened + - synchronize +permissions: + pull-requests: write + packages: write + +# Ensure only one demo runs at a time. +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + deploy: + name: Deploy Demo + uses: canonical/webteam-devops/.github/workflows/start-demo.yaml@demos + with: + juju-model-name: "795798e4-922f-49c7-9169-004ffc17df90@serviceaccount/k8s-marketplace-demos-default" + juju-model-uuid: "b765a126-883d-440b-847d-0bd30a4f8318" + secrets: + demos_juju_client_id: ${{ secrets.DEMOS_JUJU_CLIENT_ID }} + demos_juju_client_secret: ${{ secrets.DEMOS_JUJU_CLIENT_SECRET }} + demos_s3_access_key_id: ${{ secrets.DEMOS_S3_ACCESS_KEY_ID }} + demos_s3_secret_access_key: ${{ secrets.DEMOS_S3_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/deploy-staging-api.yaml b/.github/workflows/deploy-staging-api.yaml new file mode 100644 index 0000000000..c4b285ba16 --- /dev/null +++ b/.github/workflows/deploy-staging-api.yaml @@ -0,0 +1,21 @@ +name: Pack and Deploy Staging API + +on: + push: + branches: + - main + +jobs: + deploy-staging-api-env-on-merge-into-main: + # dispatch another copy of the deploy.yaml workflow that deploys the Staging API env + uses: ./.github/workflows/deploy.yaml + permissions: + contents: read + deployments: write + packages: write + with: + environment: Staging API + secrets: + VAULT_APPROLE_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }} + VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + CHARMHUB_TOKEN: ${{ secrets.CHARMHUB_TOKEN }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 0000000000..65c3062d9d --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,64 @@ +name: Pack and Deploy + +on: + push: + branches: + - main + - staging + workflow_call: + inputs: + environment: + description: 'Environment (Production, Staging or Staging API)' + required: true + type: string + workflow_dispatch: + inputs: + environment: + description: 'Environment (Production, Staging or Staging API)' + required: true + type: choice + options: + - Production + - Staging + - Staging API + +jobs: + setup: + runs-on: ubuntu-latest + permissions: + contents: read + environment: ${{ github.event.inputs.environment != '' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Production' || 'Staging') }} + outputs: + charm_name: ${{ steps.setup-vars.outputs.charm_name }} + channel: ${{ steps.setup-vars.outputs.channel }} + juju_controller_name: ${{ steps.setup-vars.outputs.juju_controller_name }} + juju_model_name: ${{ steps.setup-vars.outputs.juju_model_name }} + environment: ${{ steps.setup-vars.outputs.environment }} + steps: + - name: setup vars + id: setup-vars + run: | + echo "charm_name=${{ vars.CHARM_NAME }}" >> $GITHUB_OUTPUT + echo "channel=${{ vars.CHANNEL }}" >> $GITHUB_OUTPUT + echo "juju_controller_name=${{ vars.JUJU_CONTROLLER_NAME }}" >> $GITHUB_OUTPUT + echo "juju_model_name=${{ vars.JUJU_MODEL_NAME }}" >> $GITHUB_OUTPUT + echo "environment=${{ github.event.inputs.environment != '' && github.event.inputs.environment || (github.ref == 'refs/heads/main' && 'Production' || 'Staging') }}" >> $GITHUB_OUTPUT + + deploy: + needs: setup + name: Deploy + uses: canonical/webteam-devops/.github/workflows/deploy.yaml@main + permissions: + contents: read + deployments: write + packages: write + with: + environment: ${{ needs.setup.outputs.environment }} + charm_name: ${{ needs.setup.outputs.charm_name }} + channel: ${{ needs.setup.outputs.channel }} + juju_controller_name: ${{ needs.setup.outputs.juju_controller_name }} + juju_model_name: ${{ needs.setup.outputs.juju_model_name }} + secrets: + VAULT_APPROLE_ROLE_ID: ${{ secrets.VAULT_APPROLE_ROLE_ID }} + VAULT_APPROLE_SECRET_ID: ${{ secrets.VAULT_APPROLE_SECRET_ID }} + CHARMHUB_TOKEN: ${{ secrets.CHARMHUB_TOKEN }} diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3846b26850..e61eeb42eb 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -109,6 +109,22 @@ jobs: - 'package.json' - 'yarn.lock' + pack-rock: + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - uses: actions/checkout@v6 + + - name: Setup LXD + uses: canonical/setup-lxd@main + + - name: Setup rockcraft + run: sudo snap install rockcraft --classic + + - name: Pack rock + run: rockcraft pack + lint-python: needs: changes if: ${{ needs.changes.outputs.py == 'true' }} diff --git a/.gitignore b/.gitignore index 0528c369f5..ed3a53bf4f 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,7 @@ coverage/ .webcache_blog/ .coverage cypress/screenshots/ + +# Charming artifacts +*.charm +*.rock diff --git a/app.py b/app.py new file mode 100644 index 0000000000..4ffb8f4f21 --- /dev/null +++ b/app.py @@ -0,0 +1,15 @@ +# This file serves as an entry point for the rock image. It is required by the PaaS app charmer. +# The flask application must be defined in this file under the variable name `app`. +# See - https://documentation.ubuntu.com/rockcraft/en/latest/reference/extensions/flask-framework/ +import os +import logging + +# canonicalwebteam.flask-base requires SECRET_KEY to be set, this must be done before importing the app +os.environ["SECRET_KEY"] = os.environ["FLASK_SECRET_KEY"] + +# disable talisker logger, as it is not used in this application and clutters logs +logging.getLogger("talisker.context").disabled = True + +from webapp.app import create_app + +app = create_app() \ No newline at end of file diff --git a/charm/.gitignore b/charm/.gitignore new file mode 100644 index 0000000000..4b851d2e2d --- /dev/null +++ b/charm/.gitignore @@ -0,0 +1,10 @@ +venv/ +build/ +*.charm +.tox/ +.coverage +__pycache__/ +*.py[cod] +.idea +.vscode/ +lib/ \ No newline at end of file diff --git a/charm/README.md b/charm/README.md new file mode 100644 index 0000000000..140c0e8c7b --- /dev/null +++ b/charm/README.md @@ -0,0 +1,55 @@ +# The Charm for the snapcraft.io website + +This charm was created using the [PaaS App Charmer](https://canonical-12-factor-app-support.readthedocs-hosted.com/latest/) + +## Local development + +To work on this charm locally, you first need to set up an environment, follow [this section](https://juju.is/docs/sdk/write-your-first-kubernetes-charm-for-a-flask-app#heading--set-things-up) of the tutorial. + +Then, you can run the following command to pack and upload the rock: + +```bash +rockcraft pack +rockcraft.skopeo --insecure-policy copy --dest-tls-verify=false oci-archive:snapcraft-io*.rock docker://localhost:32000/snapcraft-io:1 +``` + +This will pack the application into a [rock](https://documentation.ubuntu.com/rockcraft/en/latest/explanation/rocks/) (OCI image) and upload it to the local registry. + +You can deploy the charm locally with: + +```bash +cd charm +charmcraft fetch-libs +charmcraft pack +juju deploy ./*.charm --resource flask-app-image=localhost:32000/snapcraft-io:1 +``` + +This will deploy the charm with the rock image you just uploaded attached as a resource. + +Once `juju status` reports the charm as `active`, you can test the webserver: + +```bash +curl {IP_OF_SNAPCRAFT_IO_UNIT}:8000 +``` + +To connect using a browser, the easiest way is to integrate with `nginx-ingress-integrator`: + +```bash +juju deploy nginx-ingress-integrator --trust +juju config nginx-ingress-integrator service-hostname=snapcraft.local path-routes=/ +juju integrate nginx-ingress-integrator snapcraft-io +``` + +You can then add `snapcraft.local` to your `/etc/hosts` file with the IP of the multipass vm: + +```bash +multipass ls # Get the IP of the VM +echo "{IP_OF_VM} snapcraft.local" | sudo tee -a /etc/hosts +``` + +> Note: login will not work using this setup, if you'd like to access publisher pages, change the domain to `staging.snapcraft.io`, but make sure to remove the line from `/etc/hosts` after you're done. + + +## Design Decisions: +- To keep the codebase clean and charm libraries updated, they are only fetched before packing the charm in the [GitHub Actions workflow](https://github.com/canonical/webteam-devops/blob/7041da8810758715a73e1f8be67b2e68f0e1d58f/.github/workflows/deploy.yaml#L97). +- As all our work is open source, the charm is publicly available on [snapcraft](https://charmhub.io/snapcraft-io), the rock image is also included as a resource. This significantly simplifies deployment. diff --git a/charm/charmcraft.yaml b/charm/charmcraft.yaml new file mode 100644 index 0000000000..ae58b6f5d1 --- /dev/null +++ b/charm/charmcraft.yaml @@ -0,0 +1,131 @@ +name: snapcraft-io + +type: charm + +bases: + - build-on: + - name: ubuntu + channel: "22.04" + run-on: + - name: ubuntu + channel: "22.04" + +summary: The charm for the snapcraft.io website + +description: The charm for the snapcraft.io website, built with the PaaS app charmer + +extensions: + - flask-framework + +requires: + redis: + interface: redis + optional: true + limit: 1 + +config: + options: + sentry-dsn: + description: "Sentry Data Source Name for the project" + type: string + + environment: + description: "Environment in which the application is running, mostly useless for the charmed version of the app" + default: "production" + type: string + + marketo-client-id: + description: "Marketo API client ID" + type: secret + + marketo-client-secret: + description: "Marketo API client secret" + type: secret + + github-client-id: + description: "GitHub OAuth application ID for prompting users for access to their repositories" + type: string + + github-client-secret: + description: "GitHub OAuth application client secret for prompting users for access to their repositories" + type: secret + + github-snapcraft-user-token: + description: "GitHub application token for automated builds" + type: secret + + github-snapcraft-bot-user-token: + description: "GitHub application token for CVE data" + type: secret + + github-webhook-secret: + description: "Secret salt used for signing automated build webhooks" + type: secret + + github-webhook-host-url: + description: "URL of the automated build webhooks' host" + type: string + + lp-api-username: + description: "Launchpad API username" + type: string + + lp-api-token: + description: "Launchpad API token" + type: secret + + lp-api-token-secret: + description: "Launchpad API secret" + type: secret + + youtube-api-key: + description: "API key used to access the YouTube Data API for retrieving and displaying YouTube video content on snapcraft.io" + type: secret + + discourse-api-key: + description: "API key used by the application to authenticate with the configured Discourse forum" + type: secret + + discourse-api-username: + description: "Discourse username to associate with API requests to the Discourse forum" + type: string + + dns-verification-salt: + description: "Secret salt used when generating DNS verification tokens to confirm domain ownership" + type: secret + + login-url: + description: "Base URL for SSO login redirects" + default: "https://login.ubuntu.com" + type: string + + bsi-url: + description: "Base URL for the Build Snapcraft IO service used for automated builds" + default: "https://build.snapcraft.io" + type: string + + snapstore-dashboard-api-url: + description: "Base URL for SCA backend" + default: "https://dashboard.snapcraft.io/" + type: string + + publishergw-url: + description: "Base URL for Publisher Gateway API" + default: "https://api.charmhub.io" + type: string + + devicegw-url: + description: "Base URL for Device Gateway API" + default: "https://api.snapcraft.io/" + type: string + + report-sheet-url: + description: "URL for the reported snaps spreadsheet on Google docs" + type: string + + +# requires: +# tracing: +# interface: tracing +# optional: true +# limit: 1 diff --git a/charm/requirements.txt b/charm/requirements.txt new file mode 100644 index 0000000000..d58a30c218 --- /dev/null +++ b/charm/requirements.txt @@ -0,0 +1,2 @@ +ops ~= 2.17 +paas-charm>=1.0,<2 diff --git a/charm/src/charm.py b/charm/src/charm.py new file mode 100755 index 0000000000..0694563ff8 --- /dev/null +++ b/charm/src/charm.py @@ -0,0 +1,29 @@ +#!/usr/bin/env python3 + +"""Flask Charm entrypoint.""" + +import logging +import typing + +import ops + +import paas_charm.flask + +logger = logging.getLogger(__name__) + + +class SnapcraftCharm(paas_charm.flask.Charm): + """Flask Charm service.""" + + def __init__(self, *args: typing.Any) -> None: + """Initialize the instance. + + Args: + args: passthrough to CharmBase. + """ + super().__init__(*args) + + +if __name__ == "__main__": + ops.main(SnapcraftCharm) + diff --git a/konf/site.yaml b/konf/site.yaml index 5f7b63ce08..64da4277fc 100644 --- a/konf/site.yaml +++ b/konf/site.yaml @@ -21,11 +21,6 @@ env: &env key: marketo_client_secret name: snapcraft-io - - name: SEARCH_API_KEY - secretKeyRef: - key: google-custom-search-key - name: google-api - - name: GITHUB_CLIENT_ID secretKeyRef: key: github-client-id diff --git a/konf/staging-api.snapcraft.io.yaml b/konf/staging-api.snapcraft.io.yaml index d11d145abc..999073e9fb 100644 --- a/konf/staging-api.snapcraft.io.yaml +++ b/konf/staging-api.snapcraft.io.yaml @@ -33,11 +33,6 @@ env: key: marketo_client_secret name: snapcraft-io - - name: SEARCH_API_KEY - secretKeyRef: - key: google-custom-search-key - name: google-api - - name: LP_API_USERNAME secretKeyRef: key: lp-api-username diff --git a/rockcraft.yaml b/rockcraft.yaml new file mode 100644 index 0000000000..fae1d624dc --- /dev/null +++ b/rockcraft.yaml @@ -0,0 +1,44 @@ +name: snapcraft-io +base: bare +build-base: ubuntu@22.04 +version: "0.1" +summary: Rocked snapcraft.io +description: | + This is the rockcraft for the snapcraft.io website. +platforms: + amd64: + arm64: + +extensions: + - flask-framework + +parts: + build-ui: + plugin: nil + source: . + source-type: local + build-snaps: + - node/22/stable + override-build: | + set -eux + # install dependencies + npm install -g yarn + yarn install --immutable + # build the UI + yarn run build + mkdir -p "$CRAFT_PART_INSTALL/flask/app" + cp -r static "$CRAFT_PART_INSTALL/flask/app/" + flask-framework/install-app: + after: + - build-ui + prime: + - flask/app/.env + - flask/app/app.py + - flask/app/cache + - flask/app/webapp + - flask/app/templates + # - flask/app/static # it already gets copied in the build-ui step + - flask/app/deleted.yaml + - flask/app/redirects.yaml + - flask/app/security.md + - flask/app/robots.txt diff --git a/terraform/demo/demo.tf b/terraform/demo/demo.tf new file mode 100644 index 0000000000..3bf4a0f1fa --- /dev/null +++ b/terraform/demo/demo.tf @@ -0,0 +1,75 @@ +resource "juju_application" "demo" { + name = var.demo_id + model_uuid = data.juju_model.demos.uuid + + charm { + name = "snapcraft-io" + } + + config = { + bsi-url = "https://build.snapcraft.io" + devicegw-url = "https://api.snapcraft.io/" + discourse-api-key = "secret:${data.juju_secret.snapcraft_io-discourse_api_key.secret_id}" + discourse-api-username = "system" + dns-verification-salt = "secret:${data.juju_secret.snapcraft_io-dns_verification_salt.secret_id}" + environment = "production" + flask-preferred-url-scheme = "HTTPS" + flask-secret-key = "secret:${data.juju_secret.snapcraft_io-flask_secret_key.secret_id}" + github-client-id = "029a65c1d9dc821b0227" + github-client-secret = "secret:${data.juju_secret.snapcraft_io-github_client_secret.secret_id}" + github-snapcraft-bot-user-token = "secret:${data.juju_secret.snapcraft_io-github_snapcraft_bot_user_token.secret_id}" + github-snapcraft-user-token = "secret:${data.juju_secret.snapcraft_io-github_snapcraft_user_token.secret_id}" + github-webhook-host-url = "https://snapcraft.io/" + github-webhook-secret = "secret:${data.juju_secret.snapcraft_io-github_webhook_secret.secret_id}" + login-url = "https://login.ubuntu.com" + lp-api-token = "secret:${data.juju_secret.snapcraft_io-lp_api_token.secret_id}" + lp-api-token-secret = "secret:${data.juju_secret.snapcraft_io-lp_api_token_secret.secret_id}" + lp-api-username = "build.snapcraft.io" + marketo-client-id = "secret:${data.juju_secret.snapcraft_io-marketo_client_id.secret_id}" + marketo-client-secret = "secret:${data.juju_secret.snapcraft_io-marketo_client_secret.secret_id}" + publishergw-url = "https://api.charmhub.io" + report-sheet-url = "https://script.google.com/macros/s/AKfycbywNDNVeD4_xnE36HP7gJUbbLHNrrcxgy0yVuwr0poPfGoDnH0Vl1oOWjnRXNtLkrcmlQ/exec" + snapstore-dashboard-api-url = "https://dashboard.snapcraft.io/" + youtube-api-key = "secret:${data.juju_secret.snapcraft_io-youtube_api_key.secret_id}" + } +} + +resource "juju_integration" "demo_ingress" { + model_uuid = data.juju_model.demos.uuid + + application { + name = juju_application.demo.name + endpoint = "ingress" + } + + application { + name = "subdomain-integrator" + endpoint = "ingress" + } +} + +// Redis instance and relation + +resource "juju_application" "redis" { + name = "${var.demo_id}-redis" + model_uuid = data.juju_model.demos.uuid + + charm { + name = "redis-k8s" + channel = "latest/edge" + } +} + +resource "juju_integration" "demo_redis" { + model_uuid = data.juju_model.demos.uuid + + application { + name = juju_application.demo.name + endpoint = "redis" + } + + application { + name = juju_application.redis.name + endpoint = "redis" + } +} diff --git a/terraform/demo/secrets.tf b/terraform/demo/secrets.tf new file mode 100644 index 0000000000..5bc0b13025 --- /dev/null +++ b/terraform/demo/secrets.tf @@ -0,0 +1,191 @@ +// discourse-api-key +data "juju_secret" "snapcraft_io-discourse_api_key" { + name = "snapcraft_io-discourse_api_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "discourse_api_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-discourse_api_key.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// dns-verification-salt +data "juju_secret" "snapcraft_io-dns_verification_salt" { + name = "snapcraft_io-dns_verification_salt" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "dns_verification_salt-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-dns_verification_salt.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// flask-secret-key +data "juju_secret" "snapcraft_io-flask_secret_key" { + name = "snapcraft_io-flask_secret_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "flask_secret_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-flask_secret_key.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-client-secret +data "juju_secret" "snapcraft_io-github_client_secret" { + name = "snapcraft_io-github_client_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_client_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_client_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-snapcraft-bot-user-token +data "juju_secret" "snapcraft_io-github_snapcraft_bot_user_token" { + name = "snapcraft_io-github_snapcraft_bot_user_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_snapcraft_bot_user_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_snapcraft_bot_user_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-snapcraft-user-token +data "juju_secret" "snapcraft_io-github_snapcraft_user_token" { + name = "snapcraft_io-github_snapcraft_user_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_snapcraft_user_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_snapcraft_user_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// github-webhook-secret +data "juju_secret" "snapcraft_io-github_webhook_secret" { + name = "snapcraft_io-github_webhook_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "github_webhook_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-github_webhook_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// lp-api-token +data "juju_secret" "snapcraft_io-lp_api_token" { + name = "snapcraft_io-lp_api_token" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "lp_api_token-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-lp_api_token.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// lp-api-token-secret +data "juju_secret" "snapcraft_io-lp_api_token_secret" { + name = "snapcraft_io-lp_api_token_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "lp_api_token_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-lp_api_token_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// marketo-client-id +data "juju_secret" "snapcraft_io-marketo_client_id" { + name = "snapcraft_io-marketo_client_id" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "marketo_client_id-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-marketo_client_id.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// marketo-client-secret +data "juju_secret" "snapcraft_io-marketo_client_secret" { + name = "snapcraft_io-marketo_client_secret" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "marketo_client_secret-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-marketo_client_secret.secret_id + + applications = [ + juju_application.demo.name + ] +} + +// youtube-api-key +data "juju_secret" "snapcraft_io-youtube_api_key" { + name = "snapcraft_io-youtube_api_key" + model_uuid = data.juju_model.demos.uuid +} + +resource "juju_access_secret" "youtube_api_key-access" { + model_uuid = data.juju_model.demos.uuid + + secret_id = data.juju_secret.snapcraft_io-youtube_api_key.secret_id + + applications = [ + juju_application.demo.name + ] +} diff --git a/webapp/config.py b/webapp/config.py index a0975bc7bc..c798161fab 100644 --- a/webapp/config.py +++ b/webapp/config.py @@ -43,11 +43,6 @@ class ConfigurationError(Exception): CONTENT_DIRECTORY = {"PUBLISHER_PAGES": "store/content/publishers/"} -# Docs search -SEARCH_API_KEY = os.getenv("SEARCH_API_KEY") -SEARCH_API_URL = "https://www.googleapis.com/customsearch/v1" -SEARCH_CUSTOM_ID = "009048213575199080868:i3zoqdwqk8o" - APP_NAME = "snapcraft" REPORT_SHEET_URL = os.getenv("REPORT_SHEET_URL", "").strip()