Hmmm. More trouble with secrets

.drone.yml

@@ -1,74 +1,73 @@
-kind: pipeline
-type: docker
-name: Test Pipeline
+# kind: pipeline
+# type: docker
+# name: Test Pipeline
 
-workspace:
-  path: /drone/grow
+# workspace:
+#   path: /drone/grow
 
-steps:
-- name: yarn install
-  image: node:latest
-  commands:
-  - yarn install
-- name: Code Style Checks
-  image: node:latest
-  commands:
-  - yarn prettier
-- name: Lint
-  image: node:latest
-  commands:
-  - yarn lint
-- name: Unit Tests
-  image: node:latest
-  commands:
-  - yarn test
-- name: Send Test Status Notification
-  image: plugins/webhook
-  settings:
-    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
-    content_type: application/json
-    template: |
-      {
-        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-        "text": "[{{ repo.name }} - Build # {{ build.number }}] Code Quality Checks {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-        "username":"DroneBot"
-      }
-  when:
-    status:
-      - success
-      - failure
-- name: Build
-  image: node:latest
-  commands:
-  - yarn build
-- name: Send Build Status Notifications
-  image: plugins/webhook
-  settings:
-    urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
-    content_type: application/json
-    template: |
-      {
-        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-        "text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-        "username":"DroneBot"
-      }
-  when:
-    status:
-      - success
-      - failure
+# steps:
+# - name: yarn install
+#   image: node:latest
+#   commands:
+#   - yarn install
+# - name: Code Style Checks
+#   image: node:latest
+#   commands:
+#   - yarn prettier
+# - name: Lint
+#   image: node:latest
+#   commands:
+#   - yarn lint
+# - name: Unit Tests
+#   image: node:latest
+#   commands:
+#   - yarn test
+# - name: Send Test Status Notification
+#   image: plugins/webhook
+#   settings:
+#     urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
+#     content_type: application/json
+#     template: |
+#       {
+#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Code Quality Checks {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+#         "username":"DroneBot"
+#       }
+#   when:
+#     status:
+#       - success
+#       - failure
+# - name: Build
+#   image: node:latest
+#   commands:
+#   - yarn build
+# - name: Send Build Status Notifications
+#   image: plugins/webhook
+#   settings:
+#     urls: https://lab.mifi.dev/hooks/9p65zpagctgkmndo8nwwm4199r
+#     content_type: application/json
+#     template: |
+#       {
+#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Build package {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+#         "username":"DroneBot"
+#       }
+#   when:
+#     status:
+#       - success
+#       - failure
 
-trigger:
-  branch:
-  - main
-  event:
-  - pull_request
-  - push
+# trigger:
+#   branch:
+#   - main
+#   event:
+#   # - pull_request
+#   - push
 
----
+# ---
 kind: pipeline
 type: docker
 name: Publish Pipeline
-group: publish
 
 workspace:
   path: /drone/grow
@@ -110,33 +109,20 @@ steps:
       - failure
 - name: Publish Image
   image: docker
+  environemnt:
+    USERNAME:
+      from_secret: registry_username
+    PASSWORD:
+      from_secret: registry_password
   commands:
-    - docker build -f docker-compose.staging.yml -t git.mifi.dev/mifi/mifi/auth:latest .
+    - 'docker login git.mifi.dev'
+    - 'docker build -t git.mifi.dev/mifi/mifi/auth:latest -t git.mifi.dev/mifi/mifi/auth:${DRONE_TAG} .'
     - docker push git.mifi.dev/mifi/mifi/auth:latest
   volumes:
   - name: dockersock
     path: /var/run/docker.sock
   - name: dockerconfig
     path: /drone/grow/.docker/config.json
-# - name: Publish Image
-#   image: plugins/docker
-#   settings:
-#     auto_tag: true
-#     squash: true
-#     repo: git.mifi.dev/mifi/auth
-#     context: mifi
-#     registry: git.mifi.dev
-#     username:
-#       from_secret: registry_username
-#     password:
-#       from_secret: registry_password
-#     ssh-agent-key:
-#       from_secret: gitea_token
-  volumes:
-  - name: dockersock
-    path: /var/run/docker.sock
-  - name: dockerconfig
-    path: /drone/grow/.docker/config.json
 - name: Report Image Publish Status
   image: plugins/webhook
   settings:
@@ -164,74 +150,79 @@ volumes:
   host:
     path: /volume1/docker/beethoven/labs-auth/.npmrc
 
-depends_on:
-  - Test Pipeline
+# depends_on:
+#   - Test Pipeline
 
 trigger:
   branch:
   - main
   event:
   - push
-  - tag
+  # - tag
 
----
-kind: pipeline
-type: docker
-name: Deploy Pipeline
+# ---
+# kind: pipeline
+# type: docker
+# name: Deploy Pipeline
 
-workspace:
-  path: /drone/grow
+# workspace:
+#   path: /drone/grow
 
-steps:
-- name: Deploy Container
-  image: docker
-  privileged: true
-  commands:
-    - docker compose -f docker-compose.staging.yml pull
-    - docker compose -f docker-compose.staging.yml build --no-cache
-    - docker compose -f docker-compose.staging.yml rm --stop
-    - docker compose -f docker-compose.staging.yml up --wait
-  volumes:
-  - name: env
-    path: /drone/grow/.env
-  - name: dockersock
-    path: /var/run/docker.sock
-  - name: dockerconfig
-    path: /drone/grow/.docker/config.json
-- name: Send Status Notifications
-  image: plugins/webhook
-  privileged: true
-  settings:
-    urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
-    content_type: application/json
-    template: |
-      {
-        "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
-        "text": "[{{ repo.name }} - Build # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
-        "username":"DroneBot"
-      }
-  when:
-    status:
-      - success
-      - failure
+# steps:
+# - name: Deploy Container
+#   image: docker
+#   privileged: true
+#   environment:
+#     CONTAINER_PREFIX: staging
+#     HOST: area51.mifi.dev
+#     ROUTE_PREFIX: /auth
+#     PORT: 9001
+#   commands:
+#     - docker compose -f docker-compose.staging.yml pull
+#     - docker compose -f docker-compose.staging.yml build --no-cache
+#     - docker compose -f docker-compose.staging.yml rm --stop
+#     - docker compose -f docker-compose.staging.yml up --wait
+#   volumes:
+#   - name: env-secrets
+#     path: /drone/grow/staging.env
+#   - name: dockersock
+#     path: /var/run/docker.sock
+#   - name: dockerconfig
+#     path: /drone/grow/.docker/config.json
+# - name: Send Status Notifications
+#   image: plugins/webhook
+#   privileged: true
+#   settings:
+#     urls: https://lab.mifi.dev/hooks/ccw34hdf7tgbjmzp96nptn938r
+#     content_type: application/json
+#     template: |
+#       {
+#         "icon_url":"https://emojipedia-us.s3.dualstack.us-west-1.amazonaws.com/thumbs/120/apple/198/freezing-face_1f976.png",
+#         "text": "[{{ repo.name }} - Build # {{ build.number }}] Deploy {{ build.status }} {{#success build.status}}:tada:{{else}}:poop:{{/success}}",
+#         "username":"DroneBot"
+#       }
+#   when:
+#     status:
+#       - success
+#       - failure
 
-volumes:
-- name: dockerconfig
-  host:
-    path: /volume1/docker/dockerconfig.json
-- name: dockersock
-  host:
-    path: /var/run/docker.sock
-- name: env
-  host:
-    path: /volume1/docker/beethoven/labs-auth/staging.env
+# volumes:
+# - name: dockerconfig
+#   host:
+#     path: /volume1/docker/dockerconfig.json
+# - name: dockersock
+#   host:
+#     path: /var/run/docker.sock
+# - name: env-secrets
+#   host:
+#     path: /volume1/docker/beethoven/labs-auth/staging.env
 
-depends_on:
-  - Test Pipeline
+# # depends_on:
+# #   - Test Pipeline
 
-trigger:
-  branch:
-  - main
-  event:
-  - push
-  - tag
+# trigger:
+#   branch:
+#   - main
+#   event:
+#   - push
+#   # - tag

.env.dev

@@ -27,5 +27,3 @@ RESET_VALID_MINUTES=15
 DEFAULT_TOKEN_DAYS=1
 
 CONTAINER_PREFIX=dev
-SERVICE_NAME=auth-service
-DB_TYPE=mongo

Dockerfile

@@ -1,13 +1,3 @@
-# FROM node:20-alpine AS build
-# RUN mkdir -p /home/node/app/node_modules && chown -R node:node /home/node/app
-# WORKDIR /home/node/app
-# COPY package*.json .
-# COPY dist/lib .
-# USER node
-# RUN yarn install --frozen-lockfile --production
-# COPY --chown=node:node node_modules ./node_modules
-# CMD ["node", "dist/lib/server/index.js"]
-
 FROM node:20-alpine AS build
 WORKDIR /home/node/app
 COPY package*.json ./

docker-compose.dev.yml

@@ -2,33 +2,40 @@ version: '3.8'
 
 services:
     auth-service_mongo:
-        env_file: dev.env
+        env_file: .env.dev
+        build:
+            args:
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service_mongo
         ports:
             - 27017:27017
         networks:
-            - docknet
+            - labs-net
         volumes:
-            # - /var/tmp/labs:/data/db
+            - /var/tmp/labs:/data/db
             - ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
         restart: unless-stopped
         image: mongo:latest
     auth-service:
-        env_file: dev.env
-        build: .
+        env_file: .env.dev
+        build:
+            context: .
+            args:
+              - HOST=${HOST}
+              - PORT=${PORT}
+              - ROUTE_PREFIX=${ROUTE_PREFIX}
+              - CONTAINER_PREFIX=${CONTAINER_PREFIX}
         container_name: ${CONTAINER_PREFIX:-dev}-auth-service
         ports:
-            - 9000:9000
+            - 9001:9001
         environment:
             - DB_HOST=${CONTAINER_PREFIX:-dev}-auth-service_mongo
         networks:
-            - docknet
+            - labs-net
         restart: unless-stopped
         image: node:20-alpine
-        links:
-            - auth-service_mongo:${CONTAINER_PREFIX:-dev}-auth-service_mongo
         depends_on:
             - auth-service_mongo
 networks:
-    docknet:
-        name: docknet
+    labs-net:
+        name: labs-net

docker-compose.staging.yml

@@ -3,38 +3,19 @@ version: '3.8'
 services:
     auth-service_mongo:
         container_name: ${CONTAINER_PREFIX}-auth-service_mongo
-        env_file: .env
-        environment:
-            - ALLOW_EMPTY_PASSWORD=yes
-            - MONGO_INITDB_ROOT_USERNAME=${DB_USERNAME}
-            - MONGO_INITDB_ROOT_PASSWORD=${DB_PASSWORD}
-            - MONGO_INITDB_DATABASE=${DB_NAME}
+        env_file:
+            - staging.env
         networks:
             - docknet
         volumes:
             - '/volume1/docker/labs/auth/mongo:/data/db'
         restart: unless-stopped
-        image: mongo
+        image: mongo:latest
     auth-service:
-        env_file: .env
+        env_file:
+            - staging.env
         build: .
         container_name: ${CONTAINER_PREFIX}-auth-service
-        environment:
-            - PORT=${PORT}
-            - ROUTE_PREFIX=${ROUTE_PREFIX}
-            - LOGIN_ROUTE=${LOGIN_ROUTE}
-            - RESET_ROUTE=${RESET_ROUTE}
-            - DB_HOST=${CONTAINER_PREFIX}-auth-service_mongo
-            - DB_USERNAME=${DB_USERNAME}
-            - DB_PASSWORD=${DB_PASSWORD}
-            - DB_NAME=${DB_NAME}
-            - SESSION_KEY=${SESSION_KEY}
-            - JWT_AUDIENCE=${JWT_AUDIENCE}
-            - JWT_ISSUER=${JWT_ISSUER}
-            - JWT_SECRET=${JWT_SECRET}
-            - LOGIN_VALID_TIME=${LOGIN_VALID_TIME}
-            - RESET_VALID_MINUTES=${RESET_VALID_MINUTES}
-            - DEFAULT_TOKEN_DAYS=${DEFAULT_TOKEN_DAYS}
         labels:
             - 'traefik.enable=true'
             - 'traefik.http.routers.grow.rule=Host(`${HOST}`) && Path(`${ROUTE_PREFIX}`)'
@@ -46,11 +27,10 @@ services:
         networks:
             - docknet
         restart: unless-stopped
-        image: node
-        links:
-            - auth-service_mongo:${CONTAINER_PREFIX}-auth-service_mongo
+        image: node:20-alpine
         depends_on:
             - auth-service_mongo
 networks:
     docknet:
         name: docknet
+        external: true

mongo-init.js

@@ -1,5 +1,5 @@
 /* eslint-disable no-undef */
-db = db.getSiblingDB(process.env.DB_NAME || 'not_set');
+db = db.getSiblingDB(process.env.DB_NAME);
 db.createUser({
     user: process.env.DB_USERNAME,
     pwd: process.env.DB_PASSWORD,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mifi/auth",
-  "version": "0.0.25",
+  "version": "0.0.34",
   "author": "mifi (Mike Fitzpatrick)",
   "license": "MIT",
   "scripts": {
@@ -80,6 +80,5 @@
   "repository": {
     "type": "git",
     "url": "https://git.mifi.dev/mifi/auth.git"
-  },
-  "registry": "https://git.mifi.dev"
+  }
 }