From 3cc30a9ea5240e99557bd3e5d1594480637bc0ac Mon Sep 17 00:00:00 2001
From: Dan Sahagian <45240763+dansahagian@users.noreply.github.com>
Date: Mon, 19 Aug 2024 16:36:52 -0700
Subject: [PATCH] Use 1P CLI for secrets

---
 .env.template          | 25 -------------------------
 .gitignore             |  1 -
 bin/deploy             |  6 ++++--
 bin/deploy_on_server   | 13 ++++++-------
 fbsurvivor/settings.py |  2 +-
 prod.env               | 17 +++++++++++++++++
 6 files changed, 28 insertions(+), 36 deletions(-)
 delete mode 100644 .env.template
 create mode 100644 prod.env

diff --git a/.env.template b/.env.template
deleted file mode 100644
index b0cba09..0000000
--- a/.env.template
+++ /dev/null
@@ -1,25 +0,0 @@
-DOMAIN=
-CONTACT=
-VENMO=
-
-ENV=
-
-SECRET_KEY=
-
-DJANGO_SETTINGS_MODULE=fbsurvivor.settings
-
-DATABASE=
-PG_USER=
-PG_PASSWORD=
-PG_HOST=
-PG_PORT=
-
-SMTP_SERVER=
-SMTP_SENDER=
-SMTP_USER=
-SMTP_PASSWORD=
-SMTP_PORT=
-
-TWILIO_SID=
-TWILIO_KEY=
-TWILIO_NUM=
diff --git a/.gitignore b/.gitignore
index 146cd28..1f55879 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,7 +3,6 @@ __pycache__
 .idea/
 
 .env
-.env.prod
 
 venv
 .venv
diff --git a/bin/deploy b/bin/deploy
index ec6d6eb..53c418b 100755
--- a/bin/deploy
+++ b/bin/deploy
@@ -25,8 +25,10 @@ rsync -a ./fbsurvivor dan@linode:/opt/fbsurvivor
 rsync -a ./requirements dan@linode:/opt/fbsurvivor
 rsync -a ./manage.py dan@linode:/opt/fbsurvivor
 rsync -a ./bin dan@linode:/opt/fbsurvivor
-rsync -a ./.env.prod dan@linode:/opt/fbsurvivor/.env
+rsync -a ./prod.env dan@linode:/opt/fbsurvivor/prod.env
 
-ssh linode "/opt/fbsurvivor/bin/deploy_on_server"
+ssh linode /opt/fbsurvivor/bin/deploy_on_server $OP_SERVICE_ACCOUNT_TOKEN
+
+sleep 2
 
 curl -X GET -I https://fbsurvivor.com
diff --git a/bin/deploy_on_server b/bin/deploy_on_server
index 4ae31b8..fc54323 100755
--- a/bin/deploy_on_server
+++ b/bin/deploy_on_server
@@ -8,13 +8,12 @@ cd /opt/fbsurvivor
 echo "\nStopping services...\n"
 sudo systemctl stop wsgi-server-fbsurvivor.service
 
-.venv/bin/python manage.py migrate
-.venv/bin/python manage.py collectstatic --no-input
-.venv/bin/python manage.py check --deploy
+export OP_SERVICE_ACCOUNT_TOKEN="$1"
+export ENV=prod
+
+op run --env-file="./prod.env" -- .venv/bin/python manage.py migrate
+op run --env-file="./prod.env" -- .venv/bin/python manage.py collectstatic --no-input
+op run --env-file="./prod.env" -- .venv/bin/python manage.py check --deploy
 
 echo "\nStarting services...\n"
 sudo systemctl start wsgi-server-fbsurvivor.service
-
-sleep 2
-
-rm .env
diff --git a/fbsurvivor/settings.py b/fbsurvivor/settings.py
index ab9a975..51da2c1 100644
--- a/fbsurvivor/settings.py
+++ b/fbsurvivor/settings.py
@@ -138,7 +138,7 @@
 SMTP_SENDER = config("SMTP_SENDER", "")
 SMTP_USER = config("SMTP_USER", "")
 SMTP_PASSWORD = config("SMTP_PASSWORD", "")
-SMTP_PORT = config("SMTP_PORT", "")
+SMTP_PORT = config("SMTP_PORT", 465)
 
 if ENV == "dev":
     DEBUG = True
diff --git a/prod.env b/prod.env
new file mode 100644
index 0000000..900ed42
--- /dev/null
+++ b/prod.env
@@ -0,0 +1,17 @@
+DOMAIN="op://fbsurvivor/prod/domain"
+SECRET_KEY="op://fbsurvivor/prod/secret_key"
+
+CONTACT="op://fbsurvivor/prod/smtp_sender"
+VENMO="op://fbsurvivor/prod/venmo"
+
+PGHOST="op://fbsurvivor/prod/pghost"
+PGDATABASE="op://fbsurvivor/prod/pgdatabase"
+PGUSER="op://fbsurvivor/prod/pguser"
+PGPASSWORD="op://fbsurvivor/prod/pgpassword"
+
+SMTP_SERVER="op://fbsurvivor/prod/smtp_server"
+SMTP_SENDER="op://fbsurvivor/prod/smtp_sender"
+SMTP_USER="op://fbsurvivor/prod/smtp_user"
+SMTP_PASSWORD="op://fbsurvivor/prod/smtp_password"
+
+SENTRY_DSN="op://fbsurvivor/prod/sentry_dsn"