feat: update for ATE

incubateur-ademe · Jan 17, 2024 · c3925a5 · c3925a5
1 parent 890e668
commit c3925a5
Show file tree

Hide file tree

Showing 15 changed files with 116 additions and 658 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
diff --git a/.github/workflows/CLEVER_CLOUD.md b/.github/workflows/CLEVER_CLOUD.md
@@ -0,0 +1,47 @@
+# Clever Cloud deployment
+
+## Setup
+
+### Clever Cloud interface
+
+Create 1 Rust applications with the `XS` plan:
+* `vaultwarden`
+
+And 1 PostgreSQL databases (version 12) with any plan that you will binding to each app accordingly:
+* `vaultwarden`
+
+Add 1 FS Bucket addons:
+* `vaultwarden`
+
+_(depending on when you created those addonds, don't forget to bind them to the appropriate application)_
+
+Now set for the app these options:
+* Zero downtime deployment
+* Enable dedicated build instance: `XL`
+* Cancel ongoing deployment on new push
+* Force HTTPS
+
+Adjust the domain names as you want, and configure the environment variables as follow:
+* `CC_FS_BUCKET`: [GENERATED] _(can be retrieved from the FS Bucket addons and use `/data:` as local folder)_
+* `CC_POST_BUILD_HOOK`: `clevercloud/post_build_hook.sh`
+* `DATABASE_URL`: [GENERATED] _(provided by the interface, but you must add as query parameter `sslmode=prefer`)_
+* `ORG_GROUPS_ENABLED`: `true`
+* `ROCKET_PORT`: `8080`
+* `ADMIN_TOKEN`: [SECRET] _(for detail see the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token))_
+
+### GitHub interface
+
+#### GitHub Actions
+
+Configure the following repository secrets (not environment ones):
+
+- `CLEVER_APP_ID`: [GENERATED] _(format `app_{uuid}`, can be retrieved into the Clever Cloud interface)_
+- `CLEVER_TOKEN`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_
+- `CLEVER_SECRET`: [GENERATED] _(can be retrieved from `clever login`, but be warned it gives wide access)_
+
+## Upgrade Vaultwarden version
+
+1. Synchronize your fork with the original repository
+2. Search for the specific commit representing the wanted version
+3. Rebase your `deploy` branche to it while making sure to not take third-party files into `.github`. Makes also sure to keep local changes in `build.rs` and `Cargo.toml`
+4. Force-push the branch
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/clever-cloud.yml b/.github/workflows/clever-cloud.yml
@@ -0,0 +1,23 @@
+name: Continuous Integration
+on:
+  push:
+    branches: deploy
+jobs:
+  requirements:
+    name: Continuous Integration
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: Fetch unshallow working copy
+        with:
+          fetch-depth: 0
+
+      - uses: 47ng/[email protected]
+        name: Deploy to Clever Cloud
+        with:
+          appID: ${{ secrets.CLEVER_APP_ID }}
+          force: true
+          quiet: true # disable copying into GitHub Actions all logs from Clever Cloud
+        env:
+          CLEVER_TOKEN: ${{ secrets.CLEVER_TOKEN }}
+          CLEVER_SECRET: ${{ secrets.CLEVER_SECRET }}
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml