há 3 anos atrás · 3ac8d3a1a7
--- a/api/server/shared/config/env/envconfs.go
+++ b/api/server/shared/config/env/envconfs.go
@@ -46,7 +46,10 @@ type ServerConf struct {
 
				 	GithubAppWebhookSecret string `env:"GITHUB_APP_WEBHOOK_SECRET"`
			
 
				 	GithubAppID            string `env:"GITHUB_APP_ID"`
			
 
				 	GithubAppSecretPath    string `env:"GITHUB_APP_SECRET_PATH"`
			
 
				-	GithubAppSecret        []byte
			
 
				+	// GithubAppSecretBase64 is a base64 encoded version of the GithubAppSecret. This can be used instead of GithubAppSecretPath to pass in a key, allowing for support in systems where mounting the secret is not possible.
			
 
				+	// If GithubAppSecretBase64 is set, it will check for a file at GithubAppSecretPath. If a file is found, the file will NOT be overwritten. If no file it found, then GithubAppSecretBase64 will be decoded and written to GithubAppSecretPath.
			
 
				+	GithubAppSecretBase64 string `env:"GITHUB_APP_SECRET_BASE64"`
			
 
				+	GithubAppSecret       []byte
			
 
				 
			
 
				 	GoogleClientID         string `env:"GOOGLE_CLIENT_ID"`
			
 
				 	GoogleClientSecret     string `env:"GOOGLE_CLIENT_SECRET"`
			
--- a/api/server/shared/config/loader/loader.go
+++ b/api/server/shared/config/loader/loader.go
@@ -1,8 +1,10 @@
 
				 package loader
			
 
				 
			
 
				 import (
			
 
				+	"encoding/base64"
			
 
				 	"errors"
			
 
				 	"fmt"
			
 
				+	"io/ioutil"
			
 
				 	"net/http"
			
 
				 	"os"
			
 
				 	"path/filepath"
			
@@ -184,22 +186,51 @@ func (e *EnvConfigLoader) LoadConfig() (res *config.Config, err error) {
 
				 		res.Logger.Info().Msg("Created Github client")
			
 
				 	}
			
 
				 
			
 
				+	if sc.GithubAppSecretBase64 != "" {
			
 
				+		if sc.GithubAppSecretPath == "" {
			
 
				+			sc.GithubAppSecretPath = "github-app-secret-key"
			
 
				+		}
			
 
				+		_, err := os.Stat(sc.GithubAppSecretPath)
			
 
				+		if err != nil {
			
 
				+			if !errors.Is(err, os.ErrNotExist) {
			
 
				+				return nil, fmt.Errorf("GITHUB_APP_SECRET_BASE64 provided, but error checking if GITHUB_APP_SECRET_PATH exists: %w", err)
			
 
				+			}
			
 
				+			secret, err := base64.StdEncoding.DecodeString(sc.GithubAppSecretBase64)
			
 
				+			if err != nil {
			
 
				+				return nil, fmt.Errorf("GITHUB_APP_SECRET_BASE64 provided, but error decoding: %w", err)
			
 
				+			}
			
 
				+			_, err = createDirectoryRecursively(sc.GithubAppSecretPath)
			
 
				+			if err != nil {
			
 
				+				return nil, fmt.Errorf("GITHUB_APP_SECRET_BASE64 provided, but error creating directory for GITHUB_APP_SECRET_PATH: %w", err)
			
 
				+			}
			
 
				+			err = os.WriteFile(sc.GithubAppSecretPath, secret, os.ModePerm)
			
 
				+			if err != nil {
			
 
				+				return nil, fmt.Errorf("GITHUB_APP_SECRET_BASE64 provided, but error writing to GITHUB_APP_SECRET_PATH: %w", err)
			
 
				+			}
			
 
				+		}
			
 
				+	}
			
 
				+
			
 
				 	if sc.GithubAppClientID != "" &&
			
 
				 		sc.GithubAppClientSecret != "" &&
			
 
				 		sc.GithubAppName != "" &&
			
 
				 		sc.GithubAppWebhookSecret != "" &&
			
 
				 		sc.GithubAppSecretPath != "" &&
			
 
				 		sc.GithubAppID != "" {
			
 
				-		AppID, err := strconv.Atoi(sc.GithubAppID)
			
 
				+		if AppID, err := strconv.ParseInt(sc.GithubAppID, 10, 64); err == nil {
			
 
				+			res.GithubAppConf = oauth.NewGithubAppClient(&oauth.Config{
			
 
				+				ClientID:     sc.GithubAppClientID,
			
 
				+				ClientSecret: sc.GithubAppClientSecret,
			
 
				+				Scopes:       []string{"read:user"},
			
 
				+				BaseURL:      sc.ServerURL,
			
 
				+			}, sc.GithubAppName, sc.GithubAppWebhookSecret, sc.GithubAppSecretPath, AppID)
			
 
				+		}
			
 
				+
			
 
				+		secret, err := ioutil.ReadFile(sc.GithubAppSecretPath)
			
 
				 		if err != nil {
			
 
				-			return nil, fmt.Errorf("could not read github App ID: %s", err)
			
 
				+			return nil, fmt.Errorf("could not read github app secret: %s", err)
			
 
				 		}
			
 
				-		res.GithubAppConf = oauth.NewGithubAppClient(&oauth.Config{
			
 
				-			ClientID:     sc.GithubAppClientID,
			
 
				-			ClientSecret: sc.GithubAppClientSecret,
			
 
				-			Scopes:       []string{"read:user"},
			
 
				-			BaseURL:      sc.ServerURL,
			
 
				-		}, sc.GithubAppName, sc.GithubAppWebhookSecret, sc.GithubAppSecretPath, int64(AppID))
			
 
				+
			
 
				+		sc.GithubAppSecret = append(sc.GithubAppSecret, secret...)
			
 
				 	}
			
 
				 
			
 
				 	if sc.SlackClientID != "" && sc.SlackClientSecret != "" {
			
--- a/dashboard/src/main/home/cluster-dashboard/preview-environments/components/PreviewEnvironmentsHeader.tsx
+++ b/dashboard/src/main/home/cluster-dashboard/preview-environments/components/PreviewEnvironmentsHeader.tsx
@@ -4,6 +4,7 @@ import DashboardHeader from "../../DashboardHeader";
 
				 import PullRequestIcon from "assets/pull_request_icon.svg";
			
 
				 import api from "shared/api";
			
 
				 import Banner from "components/Banner";
			
 
				+import Spacer from "components/porter/Spacer";
			
 
				 
			
 
				 export const PreviewEnvironmentsHeader = () => {
			
 
				   const [githubStatus, setGithubStatus] = useState<string>(
			
@@ -31,12 +32,15 @@ export const PreviewEnvironmentsHeader = () => {
 
				         capitalize={false}
			
 
				       />
			
 
				       {githubStatus != "no active incidents" ? (
			
 
				-        <Banner type="error">
			
 
				-          GitHub has an ongoing incident.
			
 
				-          <StyledLink href={`${githubStatus}`} target="_blank">
			
 
				-            View details
			
 
				-          </StyledLink>
			
 
				-        </Banner>
			
 
				+        <>
			
 
				+          <Banner type="error">
			
 
				+            GitHub has an ongoing incident.
			
 
				+            <StyledLink href={`${githubStatus}`} target="_blank">
			
 
				+              View details
			
 
				+            </StyledLink>
			
 
				+          </Banner>
			
 
				+          <Spacer y={1} />
			
 
				+        </>
			
 
				       ) : null}
			
 
				     </>
			
 
				   );
			
--- a/dashboard/src/main/home/modals/EnvEditorModal.tsx
+++ b/dashboard/src/main/home/modals/EnvEditorModal.tsx
@@ -44,10 +44,6 @@ export default class EnvEditorModal extends Component<PropsType, StateType> {
 
				   render() {
			
 
				     return (
			
 
				       <StyledLoadEnvGroupModal>
			
 
				-        <CloseButton onClick={this.props.closeModal}>
			
 
				-          <CloseButtonImg src={close} />
			
 
				-        </CloseButton>
			
 
				-
			
 
				         <ModalTitle>Load from Environment Group</ModalTitle>
			
 
				         <Subtitle>Copy paste your environment file in .env format:</Subtitle>
			
 
				 
			
--- a/dashboard/src/main/home/provisioner/AWSFormSection.tsx
+++ b/dashboard/src/main/home/provisioner/AWSFormSection.tsx
@@ -62,6 +62,12 @@ const machineTypeOptions = [
 
				   { value: "t3.medium", label: "t3.medium" },
			
 
				   { value: "t3.xlarge", label: "t3.xlarge" },
			
 
				   { value: "t3.2xlarge", label: "t3.2xlarge" },
			
 
				+  { value: "c5.large", label: "c5.large" },
			
 
				+  { value: "c5.xlarge", label: "c5.xlarge" },
			
 
				+  { value: "c5.2xlarge", label: "c5.2xlarge" },
			
 
				+  { value: "m6a.large", label: "m6a.large" },
			
 
				+  { value: "m6a.xlarge", label: "m6a.xlarge" },
			
 
				+  { value: "m6a.2xlarge", label: "m6a.2xlarge" },
			
 
				 ];
			
 
				 
			
 
				 const costMapping: Record<string, number> = {
			
--- a/dashboard/src/main/home/sidebar/ClusterSection.tsx
+++ b/dashboard/src/main/home/sidebar/ClusterSection.tsx
@@ -106,7 +106,7 @@ export const ClusterSection: React.FC<Props> = ({
 
				               Stacks
			
 
				             </NavButton>
			
 
				           ) : null}
			
 
				-          {currentCluster?.preview_envs_enabled && (
			
 
				+          {cluster?.preview_envs_enabled && (
			
 
				             <NavButton
			
 
				               path="/preview-environments"
			
 
				               targetClusterName={cluster?.name}