Update search service env

.github/workflows/project-automation.yml

@@ -0,0 +1,32 @@
+name: Project automation
+on:
+  workflow_call:
+    inputs:
+      resource_node_id:
+        required: true
+        type: string
+      status_value:
+        required: true
+        type: string
+    secrets:
+      AUTOMATION_APP_ID:
+        required: true
+      AUTOMATION_APP_INSTALLATION_ID:
+        required: true
+      AUTOMATION_APP_PRIVATE_KEY:
+        required: true
+
+jobs:
+  workflow_call:
+    name: Set status
+    runs-on: ubuntu-latest
+    steps:
+      - uses: leonsteinhaeuser/project-beta-automations@v2.1.0
+        with:
+          gh_app_ID: ${{ secrets.AUTOMATION_APP_ID }}
+          gh_app_installation_ID: ${{ secrets.AUTOMATION_APP_INSTALLATION_ID }}
+          gh_app_secret_key: ${{ secrets.AUTOMATION_APP_PRIVATE_KEY }}
+          organization: OpenSlides
+          project_id: 2
+          resource_node_id: ${{ inputs.resource_node_id }}
+          status_value: ${{ inputs.status_value }}

.github/workflows/project-issue-closed.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - closed
+
+jobs:
+  issue_closed:
+    name: Issue closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Done"

.github/workflows/project-issue-opened.yml

@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  issues:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  issue_opened:
+    name: Issue opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.issue.node_id }}
+      status_value: "Backlog"

.github/workflows/project-pull-request-closed.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - closed
+
+jobs:
+  pull_request_closed:
+    name: Pull request closed
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Done"

.github/workflows/project-pull-request-opened.yml

@@ -0,0 +1,15 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  pull_request_opened:
+    name: Pull request opened
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Work in progress"

.github/workflows/project-pull-request-review-requested.yml

@@ -0,0 +1,14 @@
+name: Project automation
+on:
+  pull_request_target:
+    types:
+      - review_requested
+
+jobs:
+  pull_request_review_requested:
+    name: Pull request review requested
+    uses: ./.github/workflows/project-automation.yml
+    secrets: inherit
+    with:
+      resource_node_id: ${{ github.event.pull_request.node_id }}
+      status_value: "Review in progress"

pkg/config/default-config.yml

@@ -29,71 +29,58 @@ defaultEnvironment:
   DATASTORE_READER_PORT: 9010
   DATASTORE_WRITER_HOST: datastoreWriter
   DATASTORE_WRITER_PORT: 9011
-  DATASTORE_DATABASE_HOST: postgres
-  DATASTORE_DATABASE_PORT: 5432
-  DATASTORE_DATABASE_NAME: openslides
-  DATASTORE_DATABASE_USER: openslides
-  DATASTORE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
 
   AUTOUPDATE_HOST: autoupdate
   AUTOUPDATE_PORT: 9012
 
   AUTH_HOST: auth
   AUTH_PORT: 9004
 
-  SECRETS_PATH: /run/secrets
-
-  OPENSLIDES_DB_HOST: postgres
-  OPENSLIDES_DB_USER: openslides
-  OPENSLIDES_DB_PASSWORD: secret:postgres_password
-  OPENSLIDES_DB: openslides
-
-  SEARCH_SERVICE_HOST: search
-  OPENSLIDES_SEARCH_PORT: 9050
-  OPENSLIDES_RESTRICTER: http://autoupdate:9012/internal/autoupdate/restrict_fqids
+  SEARCH_HOST: search
+  SEARCH_PORT: 9050
+  RESTRICTER_URL: http://autoupdate:9012/internal/autoupdate
 
   VOTE_HOST: vote
   VOTE_PORT: 9013
-  VOTE_DATABASE_HOST: postgres
-  VOTE_DATABASE_PORT: 5432
-  VOTE_DATABASE_NAME: openslides
-  VOTE_DATABASE_USER: openslides
-  VOTE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
-  VOTE_REDIS_HOST: redis
-  VOTE_REDIS_PORT: 6379
 
   CACHE_HOST: redis
   CACHE_PORT: 6379
-
   MESSAGE_BUS_HOST: redis
   MESSAGE_BUS_PORT: 6379
 
   MEDIA_HOST: media
   MEDIA_PORT: 9006
-  MEDIA_DATABASE_HOST: postgres
-  MEDIA_DATABASE_PORT: 5432
-  MEDIA_DATABASE_NAME: openslides
-  MEDIA_DATABASE_USER: openslides
-  MEDIA_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
-  MEDIA_BLOCK_SIZE: 4096
-  MEDIA_PRESENTER_HOST: backendPresenter
-  MEDIA_PRESENTER_PORT: 9003
 
   ICC_HOST: icc
   ICC_PORT: 9007
-  ICC_REDIS_HOST: redis
-  ICC_REDIS_PORT: 6379
 
   MANAGE_HOST: manage
   MANAGE_PORT: 9008
-  MANAGE_AUTH_PASSWORD_FILE: /run/secrets/manage_auth_password
-  MANAGE_ACTION_HOST: backendManage
+
+  DATABASE_HOST: postgres
+  DATABASE_PORT: 5432
+  DATABASE_NAME: openslides
+  DATABASE_USER: openslides
+  DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
+  MEDIA_DATABASE_HOST: postgres
+  MEDIA_DATABASE_PORT: 5432
+  MEDIA_DATABASE_NAME: openslides
+  MEDIA_DATABASE_USER: openslides
+  MEDIA_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
+  VOTE_DATABASE_HOST: postgres
+  VOTE_DATABASE_PORT: 5432
+  VOTE_DATABASE_NAME: openslides
+  VOTE_DATABASE_USER: openslides
+  VOTE_DATABASE_PASSWORD_FILE: /run/secrets/postgres_password
 
   INTERNAL_AUTH_PASSWORD_FILE: /run/secrets/internal_auth_password
+  MANAGE_AUTH_PASSWORD_FILE: /run/secrets/manage_auth_password
+  AUTH_TOKEN_KEY_FILE: /run/secrets/auth_token_key
+  AUTH_COOKIE_KEY_FILE: /run/secrets/auth_cookie_key
+  SUPERADMIN_PASSWORD_FILE: /run/secrets/superadmin
 
   OPENSLIDES_LOGLEVEL: info
   OPENSLIDES_DEVELOPMENT: "false"
-
   SYSTEM_URL: localhost:8000
 
 # You can extend or replace parts of the defaultEnvironment.
@@ -108,6 +95,9 @@ services:
   datastoreReader:
     environment:
       NUM_WORKERS: 8
+  manage:
+    environment:
+      ACTION_HOST: backendManage
 
 # All properties from the "defaults" section are available here.
 #

pkg/config/default-docker-compose.yml

@@ -93,6 +93,7 @@ services:
     secrets:
       - auth_token_key
       - auth_cookie_key
+      - internal_auth_password
       - postgres_password
     {{- with .AdditionalContent }}{{ marshalContent 4 . }}{{- end }}
   {{- end }}
@@ -271,6 +272,7 @@ services:
     secrets:
       - auth_token_key
       - auth_cookie_key
+      - internal_auth_password
     {{- with .AdditionalContent }}{{ marshalContent 4 . }}{{- end }}
   {{- end }}
 
@@ -301,7 +303,7 @@ services:
   {{- with .Services.redis }}
 
   redis:
-    image: redis:latest
+    image: redis:alpine
     command: redis-server --save ""
     environment:
       << : *default-environment

pkg/initialdata/initialdata.go

@@ -5,13 +5,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path"
 	"strings"
 
 	"github.com/OpenSlides/openslides-manage-service/pkg/connection"
 	"github.com/OpenSlides/openslides-manage-service/pkg/fehler"
 	"github.com/OpenSlides/openslides-manage-service/pkg/setpassword"
-	"github.com/OpenSlides/openslides-manage-service/pkg/setup"
 	"github.com/OpenSlides/openslides-manage-service/pkg/shared"
 	"github.com/OpenSlides/openslides-manage-service/proto"
 	"github.com/spf13/cobra"
@@ -103,7 +101,7 @@ type backendAction interface {
 }
 
 // InitialData sets initial data in the datastore.
-func InitialData(ctx context.Context, in *proto.InitialDataRequest, runPath string, ba backendAction) (*proto.InitialDataResponse, error) {
+func InitialData(ctx context.Context, in *proto.InitialDataRequest, superadminSecretFile string, ba backendAction) (*proto.InitialDataResponse, error) {
 	initialData := in.Data
 	if initialData == nil {
 		// The backend expects at least an empty object.
@@ -133,8 +131,7 @@ func InitialData(ctx context.Context, in *proto.InitialDataRequest, runPath stri
 		return nil, fmt.Errorf("requesting backend action %q: %w", name, err)
 	}
 
-	p := path.Join(runPath, setup.SecretsDirName, setup.SuperadminFileName)
-	if err := SetSuperadminPassword(ctx, p, ba); err != nil {
+	if err := SetSuperadminPassword(ctx, superadminSecretFile, ba); err != nil {
 		return nil, fmt.Errorf("setting superadmin password: %w", err)
 	}
 

pkg/initialdata/initialdata_test.go

@@ -114,7 +114,8 @@ func TestInitialDataServerAll(t *testing.T) {
 
 	// Run tests
 	t.Run("running the first time", func(t *testing.T) {
-		resp, err := initialdata.InitialData(ctx, in, testDir, ma)
+		p := path.Join(testDir, setup.SecretsDirName, setup.SuperadminFileName)
+		resp, err := initialdata.InitialData(ctx, in, p, ma)
 		if err != nil {
 			t.Fatalf("running InitialData() failed: %v", err)
 		}

pkg/server/server.go

@@ -29,8 +29,6 @@ import (
 	"google.golang.org/grpc/metadata"
 )
 
-const runDir = "/run"
-
 // Run starts the manage server.
 func Run(cfg *Config) error {
 	logger, err := shared.NewLogger(cfg.OpenSlidesLoglevel)
@@ -105,7 +103,7 @@ func (s *srv) InitialData(ctx context.Context, in *proto.InitialDataRequest) (*p
 		return nil, fmt.Errorf("getting internal auth password from file: %w", err)
 	}
 	a := backendaction.New(s.config.manageBackendActionURL(), pw, backendaction.ActionRoute)
-	return initialdata.InitialData(ctx, in, runDir, a)
+	return initialdata.InitialData(ctx, in, s.config.SuperadminPasswordFile, a)
 
 }
 
@@ -208,23 +206,19 @@ type Config struct {
 	// variables. The first value is the name of the environment variable. After
 	// a comma the default value can be given. If no default value is given, then
 	// an empty string is used. The type of a env field has to be string.
-	Port                   string `env:"MANAGE_PORT,9008"`
-	ManageAuthPasswordFile string `env:"MANAGE_AUTH_PASSWORD_FILE,/run/secrets/manage_auth_password"`
+	Port                     string `env:"MANAGE_PORT,9008"`
+	ManageAuthPasswordFile   string `env:"MANAGE_AUTH_PASSWORD_FILE,/run/secrets/manage_auth_password"`
+	InternalAuthPasswordFile string `env:"INTERNAL_AUTH_PASSWORD_FILE,/run/secrets/internal_auth_password"`
+	SuperadminPasswordFile   string `env:"SUPERADMIN_PASSWORD_FILE,/run/secrets/superadmin"`
 
-	// Hint: The env var for the host is MANAGE_ACTION_HOST but the env vars for
-	// protocol and port don't have the MANAGE_ prefix because the backend
-	// itself does not distiguish between an common backend container and a
-	// manage backend container. So protocol and port are the same for all backend containers.
 	ManageActionProtocol string `env:"ACTION_PROTOCOL,http"`
-	ManageActionHost     string `env:"MANAGE_ACTION_HOST,backendManage"`
+	ManageActionHost     string `env:"ACTION_HOST,backendManage"`
 	ManageActionPort     string `env:"ACTION_PORT,9002"`
 
 	DatastoreReaderProtocol string `env:"DATASTORE_READER_PROTOCOL,http"`
 	DatastoreReaderHost     string `env:"DATASTORE_READER_HOST,datastore-reader"`
 	DatastoreReaderPort     string `env:"DATASTORE_READER_PORT,9010"`
 
-	InternalAuthPasswordFile string `env:"INTERNAL_AUTH_PASSWORD_FILE,/run/secrets/internal_auth_password"`
-
 	OpenSlidesDevelopment string `env:"OPENSLIDES_DEVELOPMENT,0"`
 	OpenSlidesLoglevel    string `env:"OPENSLIDES_LOGLEVEL,info"`
 }