Merge pull request #16 from scientist-softserv/deploy-oauth-config

deploy oauth config file
notch8 · Jul 26, 2024 · 1058537 · 1058537
2 parents ad4e76b + 340605a
commit 1058537
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 3 deletions.
diff --git a/.env.development b/.env.development
@@ -28,3 +28,6 @@ RAILS_DB_HOST=postgres
 RAILS_DB_PORT=5432
 RAILS_DB_NAME=manifold_production
 RAILS_REDIS_URL=redis://redis:6379
+
+CAS_CLIENT_ID=AAABBBCCCDDDEEEFFF
+CAS_CLIENT_SECRET=AAABBBCCCDDDEEEFFF
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -18,5 +18,10 @@ on:
 
 jobs:
   deploy:
-    uses: scientist-softserv/actions/.github/workflows/[email protected]
-    secrets: inherit
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Load secrets into OAuth config"
+        run: envsubst < api/config/oauth.tmpl.yml > api/config/oauth.yml;
+      - name: "Do deploy"
+        uses: scientist-softserv/actions/.github/workflows/[email protected]
+        secrets: inherit
diff --git a/Dockerfile b/Dockerfile
@@ -7,7 +7,7 @@
 FROM ruby:2.7.8 as manifold-api
 RUN apt-get -o Acquire::Check-Valid-Until=false update
 RUN apt-get install -y libicu-dev postgresql-client nano curl software-properties-common ghostscript \
-    vim less
+    vim less gettext
 
 # We need Node and Mammoth for Word text ingestion
 RUN curl -sL https://deb.nodesource.com/setup_16.x | bash -
@@ -21,6 +21,7 @@ RUN sed -i '/<policy domain="coder" rights="none" pattern="PDF" \/>/d' \
 COPY api /opt/manifold/api
 WORKDIR /opt/manifold/api
 ENV RAILS_LOG_TO_STDOUT=1
+RUN envsubst < config/oauth.tmpl.yml > config/oauth.yml
 RUN gem install bundler:2.2.19
 RUN bundle install
 COPY bin/start-and-run /opt/manifold/api/start-and-run

diff --git a/api/config/oauth.tmpl.yml b/api/config/oauth.tmpl.yml
@@ -0,0 +1,28 @@
+oauth:
+  cas:
+    client_id: $CAS_CLIENT_ID
+    client_secret: $CAS_CLIENT_SECRET
+    descriptive_name: Princeton CAS
+    host: fed.princeton.edu
+    protocol: https
+    email_key: 'mail'
+    name_key: 'displayname'
+    nickname_key: 'givenname'
+    uid_key: 'campusid'
+    # WARN: The values below are placeholders
+    endpoints:
+      authorize:
+        uri: '/cas/login'
+        method: 'GET'
+        query:
+          another: 'param'
+      token:
+        uri: '/oauth/token'
+        method: 'POST'
+        query:
+          another: 'param'
+      userinfo:
+        uri: '/api/v1/me'
+        method: 'GET'
+        query:
+          another: 'param'