From 699ca9ac75bdf8d127ac248ef4c432658d95db88 Mon Sep 17 00:00:00 2001 From: Michael Hampton Date: Wed, 20 Dec 2023 11:19:05 -0500 Subject: [PATCH 1/4] refactor(snackager): use ExternalSecret --- snackager/.env-cmdrc.js | 30 +- .../k8s/base/external-secrets-config.yaml | 5 + snackager/k8s/base/kustomization.yaml | 6 +- snackager/k8s/base/secrets/SENTRY_DSN | Bin 113 -> 0 bytes snackager/k8s/base/secrets/github-key.pem | Bin 3264 -> 0 bytes .../k8s/production/external-secret-env.yaml | 17 + .../external-secret-private-key.yaml | 17 + snackager/k8s/production/kustomization.yaml | 10 +- .../k8s/production/secrets/snackager.env | Bin 267 -> 0 bytes .../k8s/staging/external-secret-env.yaml | 17 + .../staging/external-secret-private-key.yaml | 17 + snackager/k8s/staging/kustomization.yaml | 10 +- snackager/k8s/staging/secrets/snackager.env | Bin 267 -> 0 bytes snackager/package.json | 2 + yarn.lock | 418 +++++++++++++++++- 15 files changed, 530 insertions(+), 19 deletions(-) create mode 100644 snackager/k8s/base/external-secrets-config.yaml delete mode 100644 snackager/k8s/base/secrets/SENTRY_DSN delete mode 100644 snackager/k8s/base/secrets/github-key.pem create mode 100644 snackager/k8s/production/external-secret-env.yaml create mode 100644 snackager/k8s/production/external-secret-private-key.yaml delete mode 100644 snackager/k8s/production/secrets/snackager.env create mode 100644 snackager/k8s/staging/external-secret-env.yaml create mode 100644 snackager/k8s/staging/external-secret-private-key.yaml delete mode 100644 snackager/k8s/staging/secrets/snackager.env diff --git a/snackager/.env-cmdrc.js b/snackager/.env-cmdrc.js index 16ad1562..1aaf7a46 100644 --- a/snackager/.env-cmdrc.js +++ b/snackager/.env-cmdrc.js @@ -1,27 +1,43 @@ const fs = require('fs'); const path = require('path'); +const yaml = require('js-yaml'); const { GetEnvVars } = require('env-cmd'); +const { SecretManagerServiceClient } = require('@google-cloud/secret-manager').v1; + +async function getSecretEnv(name) { + const secretmanagerClient = new SecretManagerServiceClient(); + try { + const response = await secretmanagerClient.accessSecretVersion({ name }); + return JSON.parse(response[0].payload.data.toString()); + } catch { + return {}; + } +} module.exports = (async function () { const processArgs = process.argv.join(' '); const baseEnv = await GetEnvVars({ envFile: { filePath: './k8s/base/snackager.env' } }); + const stagingEnv = await GetEnvVars({ envFile: { filePath: './k8s/staging/snackager.env' } }); const baseSecrets = { - SENTRY_DSN: fs.readFileSync('./k8s/base/secrets/SENTRY_DSN').toString(), REDIS_URL: 'redis://localhost:6379/0', // proxied by port-forward-redis }; - const stagingEnv = await GetEnvVars({ envFile: { filePath: './k8s/staging/snackager.env' } }); - const stagingSecrets = await GetEnvVars({ - envFile: { filePath: './k8s/staging/secrets/snackager.env' }, - }); - + const externalSecret = yaml.load(fs.readFileSync( + './k8s/staging/external-secret-env.yaml', + 'utf8', + )); + const secretName = externalSecret.spec.dataFrom[0].extract.key; + const secretVersion = externalSecret.spec.dataFrom[0].extract.version; + const secretResourceName = `projects/77257980902/secrets/${secretName}/versions/${secretVersion}`; + const stagingSecrets = await getSecretEnv(secretResourceName); delete stagingSecrets['REDIS_URL']; // this is set above for the proxy if (!stagingSecrets.GIT_SESSION_SECRET && !processArgs.includes('env-cmd -e test')) { console.error( - 'Secrets are locked, unable to start Snackager. External contributors cannot start Snackager and can ignore this error. snack-proxies will redirect traffic to the Snackager service running on the staging environment.\n' + 'Cannot access secrets, unable to start Snackager. External contributors cannot start Snackager and can ignore this error. snack-proxies will redirect traffic to the Snackager service running on the staging environment.\n' ); throw new Error('Secrets are locked.'); } + return { development: { NODE_ENV: 'development', diff --git a/snackager/k8s/base/external-secrets-config.yaml b/snackager/k8s/base/external-secrets-config.yaml new file mode 100644 index 00000000..f0664676 --- /dev/null +++ b/snackager/k8s/base/external-secrets-config.yaml @@ -0,0 +1,5 @@ +nameReference: +- kind: Secret + fieldSpecs: + - kind: ExternalSecret + path: spec/target/name diff --git a/snackager/k8s/base/kustomization.yaml b/snackager/k8s/base/kustomization.yaml index 25e73e3c..2fe473f0 100644 --- a/snackager/k8s/base/kustomization.yaml +++ b/snackager/k8s/base/kustomization.yaml @@ -5,6 +5,8 @@ commonLabels: resources: - deployment.yaml - service.yaml +configurations: + - external-secrets-config.yaml configMapGenerator: - name: snackager-config envs: @@ -14,8 +16,4 @@ configMapGenerator: - NODE_ENV=production secretGenerator: - name: snackager-config - files: - - secrets/SENTRY_DSN - name: git-account-credentials - files: - - id_rsa=secrets/github-key.pem diff --git a/snackager/k8s/base/secrets/SENTRY_DSN b/snackager/k8s/base/secrets/SENTRY_DSN deleted file mode 100644 index b0c100b462ba8ec367ecc308b7960c16fb6a6e53..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113 zcmV-%0FM6vM@dveQdv+`0D_JWY39H8oQQJ( zzJ5&@xsy{SjC&sD>@LZ{EL~7R&0D$o_np4q^3qULKw7#%BxL^Vy>uxq(?i8osrA|B zRX6MrsY-(S-%^}S$4Q&erD>SJh)bv%1gb*v&2cj8hT`k{+sF+7rKI@nztH|aa63>V zoNIr2E`gr&yhli1E7(?GhZ&#RFwKU|8Y8itE3~U1XdKckjJX29jlHE>W&#m)Dr#w4 z7_I|Gtv2I)k8Kd(mU|152GaaM!yuEgV82sgqh66DDjzIDxL8i%7MlQ6^&;&zE#~_L z`!^`Qqg|m%J-;{6GtE$27Csgm#oWKu=Es~d)gc&PbxB-eqB3$eiZ^7uK1)K3VqwO5 zRS;5q9yv14da{Qxmdce9p6Yvi2 zKAiZ2OZO&u3i&MDh*|ST7Y9O*r&Nt-DioJ{H*_}f~Z_-gY>8)EcBfU+fz<8vk8QcwCB#n z?<-0ug8)N#KS+$hm~YAigonE&z(w`(3YYHmk*|u9tQw5D7i=a7=^3B zD!#F%6Bk9LW-kt3n#VaQKKw}7e50nJ)LKoci^3nwGdD8v$%h?wi{2)hIv!&jMGFb9 zvNbo{NLC+^8fi92Tas?y$jH9Jv~I98Fmn}7+jWU5C`Pi_y1PE5ya2T{z0(vT&eZ}% zKz6oXC!cm)CyDJcrSI~8=k5_WzW3%8URA}d_7R_JHcTq7%TqRqY5DIrg(^Nfw0It( z3P(CY&Nvcj`|utFB)uP9bJI;ODxi>gZ5nynT8r=LZICg5`UF0(GkDgRMmz%9~S$ZwGIBXEqjaG@wEnc<9Rbb1xy#xzQNVV=O!nT5Avo{1)vPqLr%fscKhLP&L{aXYY7KV|9!{j5i%mf;}tz zI!lu`(b2iDUwRpn|Pn zjK%Dw&pZ&;TvZcFUHmWuU*4&O{pxvQKq(Yk%JxJWJ80o{dq}BXl5_m$AykyD#bK<0 zQo>C`10b_s(k%TjncmH>;O%EiE119LKQ{#YLrJ9KK@ErH!CtZgaTOZ21N>ip)=Fw* zHKlDR4jP3rd|qSlIFRad_&T)JEUI@2s$k0);V%Tsby@}=buwoif=sl22S)YqT(xI!C zgUj(|E;t+J=Kr$^-Z)_{L8>@SPr;MMfq+=$5VvHFE!B1O_z@W@No%id6bD9}k=8l5 zV2et5t}B$9dFU=D$FV?Jb*$0k=r`E_mJkjW!-0Xt|G@vZ9)@YP{;5OMnC1@r0*1{y z2-0eWb4Qmt{sFU22Ge#%7CR}@oxF!F`^mk|kG%bgPp!L<97w1JS7OqKLX%3Vmte8M z!WH{xCdHP7`*1#C01-S#VH3wBuc6tr7_%7ViI(BqXy1D}rdcK=mzpqYNRJ+TYn9c| z7XJ#WT9Ej^lH^v(f@!SY-(&#e%dr~E($Z|y#I{{%P8jzO=2NtYc6fmq{^f33&-cXq zhnq)^f=necr_0uUwM={a0p^||g4W#AD<%4l>lc=gVvT|HG--$%(zm&lsqBG1IQo}> zgWXKd1+&9l?R#*^ACnq`L*mprx@dv=rl!|KQ)x2VS9_(P562P~Hq(C2mAA#{k`w8t zGg`8q5(D{3_(hoO>}0M;S9Kbf9neR~V@)`>_Hxj|+y$zWA#Gtw=e63OWiu~*GWA7Bc%VHFOvs;- z$kPLb^b1p0$5rST87P+*h;sa{@LtjCR%DuNcod9>;(hWG64W=~f5d=ZOCuh#daQ@; z4-is0b8q4(*3|$fY{AcY~h4&T^ZD*fRUpZR;Kzg;m~#BZttrUB~_n^eTSV z5sVk+H-cO$*|+<^8?JfI_CX=1uG{@>+HbT(W_Zl9|5Nio?)v1i4~CQp@45j?O_Dd_ zJIMBIFAd$*BP6sb#f{@-`cTKhS#er8I!315`EGc3jv>kg-GZ%I7hEzoPbq4pYDK_bwz zTj6?`kVL?HN8IMoekv9Bou~t&CoCrt{*y3r3>f3!$?7JT_ZEo<@?%()Hv~hNi);Dg z#zx_Vh=!LLf>g?}RO#&Zd)hbXOkm#MN*-g=#{deaF?)6Ur5g*d4KJ@K_}!h6y4nC2 zHpfxMT}7AlKpk|6lfIjxbHCjz)Qfi@1I0>1Wqvow$JfgMzh~kh|Ll7XfxZ$7)LBn* z*}&pe0C}-aT()+)GJh(_BDNx=99>4hgZ+eMyCo&IShIARI#8}zNob(lt@)!)eqLvG zAX7aK>t*3550;* zqvKS5JFmB;-+TnNJjsVExwwBMvF$+$loXa8Exem}s~xB2_pRyq*(T{ThCt9xA^m=t zl|`r)=IqV~eGiN84z^xmsZEfClREz%p;ZI|q8n+8)7B{9rHcj+!Mq6v4ssazw>hKw zMgK=90Uj_(bWG*Z5@WxO?fvaX=CyVN%u4_CGg%Mo^V0AIBd4#Pw4$N!;C^zXs>^h- zb<8Jg&$zx-*{*aPi8D8RSCA7|G|(nxA8!?YD`p4+c6|P^(Y|bz$ks6_f>$DAbQhZv!Y1ooH~A|0J=70#^6{ diff --git a/snackager/k8s/production/external-secret-env.yaml b/snackager/k8s/production/external-secret-env.yaml new file mode 100644 index 00000000..4abb8ddd --- /dev/null +++ b/snackager/k8s/production/external-secret-env.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: snackager-config +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackager-config + creationPolicy: Owner + dataFrom: + - extract: + key: production__snack__snackager__env + version: "1" diff --git a/snackager/k8s/production/external-secret-private-key.yaml b/snackager/k8s/production/external-secret-private-key.yaml new file mode 100644 index 00000000..dd9f0f34 --- /dev/null +++ b/snackager/k8s/production/external-secret-private-key.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: git-account-credentials +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackager-config + creationPolicy: Owner + dataFrom: + - extract: + key: production__snack__snackager__gh_private_key + version: "1" diff --git a/snackager/k8s/production/kustomization.yaml b/snackager/k8s/production/kustomization.yaml index a96ecf26..1b15ace5 100644 --- a/snackager/k8s/production/kustomization.yaml +++ b/snackager/k8s/production/kustomization.yaml @@ -4,6 +4,8 @@ namespace: production resources: - ../base - vertical-pod-autoscaler.yaml +- external-secret-env.yaml +- external-secret-private-key.yaml patchesStrategicMerge: - deployment-increase-replicas.yaml - service-backend.yaml @@ -15,5 +17,9 @@ configMapGenerator: secretGenerator: - name: snackager-config behavior: merge - envs: - - secrets/snackager.env + files: + - ./external-secret-env.yaml +- name: git-account-credentials + behavior: merge + files: + - ./external-secret-private-key.yaml diff --git a/snackager/k8s/production/secrets/snackager.env b/snackager/k8s/production/secrets/snackager.env deleted file mode 100644 index 046204b9bf8837b075fb5c8dd4c4f93db9a91dea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 267 zcmV+m0rdU=M@dveQdv+`0AY*im%Fqg$n=2!R_g!WR+1Pd>_d<6b4_(%;V zdz~|9YTv3iJ+{Lf2`u?{(w2BjL6w<_&0!@{B>7_tk{o%h4<$kvbgRVaNZklbO4_}4 z-S&ZJ`khKzzRDdj3$Z$4cNCxO{Mo4T1%LRVtCvn<^9ep$xktu6@9XWWxsZjXQ z$h0xXiz6iE1&#o$AHz&C|6Y=|r>U7Z*0vpVtf7*jtSN1m$$X^Lgp(g>V1> diff --git a/snackager/k8s/staging/external-secret-env.yaml b/snackager/k8s/staging/external-secret-env.yaml new file mode 100644 index 00000000..59251024 --- /dev/null +++ b/snackager/k8s/staging/external-secret-env.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: snackager-config +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackager-config + creationPolicy: Owner + dataFrom: + - extract: + key: staging__snack__snackager__env + version: "1" diff --git a/snackager/k8s/staging/external-secret-private-key.yaml b/snackager/k8s/staging/external-secret-private-key.yaml new file mode 100644 index 00000000..f50e04a0 --- /dev/null +++ b/snackager/k8s/staging/external-secret-private-key.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: git-account-credentials +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackager-config + creationPolicy: Owner + dataFrom: + - extract: + key: staging__snack__snackager__gh_private_key + version: "1" diff --git a/snackager/k8s/staging/kustomization.yaml b/snackager/k8s/staging/kustomization.yaml index 289c5c88..7bb65890 100644 --- a/snackager/k8s/staging/kustomization.yaml +++ b/snackager/k8s/staging/kustomization.yaml @@ -3,6 +3,8 @@ kind: Kustomization namespace: staging bases: - ../base +- external-secret-env.yaml +- external-secret-private-key.yaml patchesStrategicMerge: - service-backend.yaml configMapGenerator: @@ -13,5 +15,9 @@ configMapGenerator: secretGenerator: - name: snackager-config behavior: merge - envs: - - secrets/snackager.env + files: + - ./external-secret-env.yaml +- name: git-account-credentials + behavior: merge + files: + - ./external-secret-private-key.yaml diff --git a/snackager/k8s/staging/secrets/snackager.env b/snackager/k8s/staging/secrets/snackager.env deleted file mode 100644 index 222cd854b2e5632163278fcfba3d8bfb56135fa2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 267 zcmV+m0rdU=M@dveQdv+`0JibgOtOCO1+d_u-R;eg>nSLC5WliD{-+&Fwi7%QAOACp zKgnox==2JhLjEWc_%Mo1S#VEr8LDKX5d*!OrVbp@fSCOY`0hqP|6BkkF~~I8R%MMz(^uadT78b# Rp51c;TNJ}J!H)$Gt*hAEgy#SN diff --git a/snackager/package.json b/snackager/package.json index c1444d94..9db86ee9 100644 --- a/snackager/package.json +++ b/snackager/package.json @@ -54,6 +54,7 @@ "yarn": "^1.22.5" }, "devDependencies": { + "@google-cloud/secret-manager": "^5.0.1", "@tsconfig/node16": "^1.0.2", "@types/cors": "^2.8.8", "@types/enhanced-resolve": "^3.0.6", @@ -79,6 +80,7 @@ "eslint-config-universe": "^12.0.0", "glob": "^7.1.6", "jest": "^26.6.3", + "js-yaml": "^4.1.0", "prettier": "^3.0.3", "supertest": "^6.1.3", "ts-jest": "^26.4.4", diff --git a/yarn.lock b/yarn.lock index d2b0db73..18cb20a3 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2056,6 +2056,31 @@ dependencies: "@radix-ui/colors" "^0.1.8" +"@google-cloud/secret-manager@^5.0.1": + version "5.0.1" + resolved "https://registry.yarnpkg.com/@google-cloud/secret-manager/-/secret-manager-5.0.1.tgz#8ea03952068c5982f5ba23776b268fade2bae425" + integrity sha512-elwopNbJhDBYdvCL8V0mbC+8UfXg/ElFosE1uRg7oKzRZJhUchsGE8Cxj1av807UkZvc4yzWCFg6/UXVXON3Kg== + dependencies: + google-gax "^4.0.3" + +"@grpc/grpc-js@~1.9.6": + version "1.9.13" + resolved "https://registry.yarnpkg.com/@grpc/grpc-js/-/grpc-js-1.9.13.tgz#ad9b7dbb6089c462469653c809996f13e46aa1cd" + integrity sha512-OEZZu9v9AA+7/tghMDE8o5DAMD5THVnwSqDWuh7PPYO5287rTyqy0xEHT6/e4pbqSrhyLPdQFsam4TwFQVVIIw== + dependencies: + "@grpc/proto-loader" "^0.7.8" + "@types/node" ">=12.12.47" + +"@grpc/proto-loader@^0.7.0", "@grpc/proto-loader@^0.7.8": + version "0.7.10" + resolved "https://registry.yarnpkg.com/@grpc/proto-loader/-/proto-loader-0.7.10.tgz#6bf26742b1b54d0a473067743da5d3189d06d720" + integrity sha512-CAqDfoaQ8ykFd9zqBDn4k6iWT9loLAlc2ETmDFS9JCD70gDcnA4L3AFEo2iV7KyAtAAHFW9ftq1Fz+Vsgq80RQ== + dependencies: + lodash.camelcase "^4.3.0" + long "^5.0.0" + protobufjs "^7.2.4" + yargs "^17.7.2" + "@humanwhocodes/config-array@^0.11.11": version "0.11.11" resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.11.11.tgz#88a04c570dbbc7dd943e4712429c3df09bc32844" @@ -2852,6 +2877,59 @@ picocolors "^1.0.0" tslib "^2.6.0" +"@protobufjs/aspromise@^1.1.1", "@protobufjs/aspromise@^1.1.2": + version "1.1.2" + resolved "https://registry.yarnpkg.com/@protobufjs/aspromise/-/aspromise-1.1.2.tgz#9b8b0cc663d669a7d8f6f5d0893a14d348f30fbf" + integrity sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ== + +"@protobufjs/base64@^1.1.2": + version "1.1.2" + resolved "https://registry.yarnpkg.com/@protobufjs/base64/-/base64-1.1.2.tgz#4c85730e59b9a1f1f349047dbf24296034bb2735" + integrity sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg== + +"@protobufjs/codegen@^2.0.4": + version "2.0.4" + resolved "https://registry.yarnpkg.com/@protobufjs/codegen/-/codegen-2.0.4.tgz#7ef37f0d010fb028ad1ad59722e506d9262815cb" + integrity sha512-YyFaikqM5sH0ziFZCN3xDC7zeGaB/d0IUb9CATugHWbd1FRFwWwt4ld4OYMPWu5a3Xe01mGAULCdqhMlPl29Jg== + +"@protobufjs/eventemitter@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz#355cbc98bafad5978f9ed095f397621f1d066b70" + integrity sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q== + +"@protobufjs/fetch@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@protobufjs/fetch/-/fetch-1.1.0.tgz#ba99fb598614af65700c1619ff06d454b0d84c45" + integrity sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ== + dependencies: + "@protobufjs/aspromise" "^1.1.1" + "@protobufjs/inquire" "^1.1.0" + +"@protobufjs/float@^1.0.2": + version "1.0.2" + resolved "https://registry.yarnpkg.com/@protobufjs/float/-/float-1.0.2.tgz#5e9e1abdcb73fc0a7cb8b291df78c8cbd97b87d1" + integrity sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ== + +"@protobufjs/inquire@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@protobufjs/inquire/-/inquire-1.1.0.tgz#ff200e3e7cf2429e2dcafc1140828e8cc638f089" + integrity sha512-kdSefcPdruJiFMVSbn801t4vFK7KB/5gd2fYvrxhuJYg8ILrmn9SKSX2tZdV6V+ksulWqS7aXjBcRXl3wHoD9Q== + +"@protobufjs/path@^1.1.2": + version "1.1.2" + resolved "https://registry.yarnpkg.com/@protobufjs/path/-/path-1.1.2.tgz#6cc2b20c5c9ad6ad0dccfd21ca7673d8d7fbf68d" + integrity sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA== + +"@protobufjs/pool@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@protobufjs/pool/-/pool-1.1.0.tgz#09fd15f2d6d3abfa9b65bc366506d6ad7846ff54" + integrity sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw== + +"@protobufjs/utf8@^1.1.0": + version "1.1.0" + resolved "https://registry.yarnpkg.com/@protobufjs/utf8/-/utf8-1.1.0.tgz#a777360b5b39a1a2e5106f8e858f2fd2d060c570" + integrity sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw== + "@radix-ui/colors@^0.1.8": version "0.1.8" resolved "https://registry.yarnpkg.com/@radix-ui/colors/-/colors-0.1.8.tgz#b08c62536fc462a87632165fb28e9b18f9bd047e" @@ -2944,6 +3022,11 @@ resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-1.1.2.tgz#ccb91445360179a04e7fe6aff78c00ffc1eeaf82" integrity sha512-RbzJvlNzmRq5c3O09UipeuXno4tA1FE6ikOjxZK0tuxVv3412l64l5t1W5pj4+rJq9vpkm/kwiR07aZXnsKPxw== +"@tootallnate/once@2": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@tootallnate/once/-/once-2.0.0.tgz#f544a148d3ab35801c1f633a7441fd87c2e484bf" + integrity sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A== + "@tsconfig/node12@^1.0.7": version "1.0.7" resolved "https://registry.yarnpkg.com/@tsconfig/node12/-/node12-1.0.7.tgz#677bd9117e8164dc319987dd6ff5fc1ba6fbf18b" @@ -3049,6 +3132,11 @@ dependencies: "@types/node" "*" +"@types/caseless@*": + version "0.12.5" + resolved "https://registry.yarnpkg.com/@types/caseless/-/caseless-0.12.5.tgz#db9468cb1b1b5a925b8f34822f1669df0c5472f5" + integrity sha512-hWtVTC2q7hc7xZ/RLbxapMvDMgUnDvKvMOpKal4DrMyfGBUfB1oKaZlIRr6mJL+If3bAP6sV/QneGzF6tJjZDg== + "@types/cheerio@*", "@types/cheerio@^0.22.22": version "0.22.23" resolved "https://registry.yarnpkg.com/@types/cheerio/-/cheerio-0.22.23.tgz#74bcfee9c5ee53f619711dca953a89fe5cfa4eb4" @@ -3464,6 +3552,11 @@ resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.168.tgz#fe24632e79b7ade3f132891afff86caa5e5ce008" integrity sha512-oVfRvqHV/V6D1yifJbVRU3TMp8OT6o6BG+U9MkwuJ3U8/CsDHvalRpsxBqivn71ztOFZBTfJMvETbqHiaNSj7Q== +"@types/long@^4.0.0": + version "4.0.2" + resolved "https://registry.yarnpkg.com/@types/long/-/long-4.0.2.tgz#b74129719fc8d11c01868010082d483b7545591a" + integrity sha512-MqTGEo5bj5t157U6fA/BiDynNkn0YknVdh48CMPkTSpFTVmvao5UQmm7uEF6xBEo7qIMAlY/JSleYaE6VOdpaA== + "@types/marked@^1.2.2": version "1.2.2" resolved "https://registry.yarnpkg.com/@types/marked/-/marked-1.2.2.tgz#1f858a0e690247ecf3b2eef576f98f86e8d960d4" @@ -3516,6 +3609,13 @@ resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.17.tgz#5c009e1d9c38f4a2a9d45c0b0c493fe6cdb4bcb5" integrity sha512-HJSUJmni4BeDHhfzn6nF0sVmd1SMezP7/4F0Lq+aXzmp2xm9O7WXrUtHW/CHlYVtZUbByEvWidHqRtcJXGF2Ng== +"@types/node@>=12.12.47", "@types/node@>=13.7.0": + version "20.10.5" + resolved "https://registry.yarnpkg.com/@types/node/-/node-20.10.5.tgz#47ad460b514096b7ed63a1dae26fad0914ed3ab2" + integrity sha512-nNPsNE65wjMxEKI93yOP+NPGGBJz/PoN3kZsVLee0XMiJolxSekEVD8wRwBUBqkwc7UWop0edW50yrCQW4CyRw== + dependencies: + undici-types "~5.26.4" + "@types/node@^16.11.26": version "16.11.26" resolved "https://registry.yarnpkg.com/@types/node/-/node-16.11.26.tgz#63d204d136c9916fb4dcd1b50f9740fe86884e47" @@ -3673,6 +3773,16 @@ dependencies: "@types/node" "*" +"@types/request@^2.48.8": + version "2.48.12" + resolved "https://registry.yarnpkg.com/@types/request/-/request-2.48.12.tgz#0f590f615a10f87da18e9790ac94c29ec4c5ef30" + integrity sha512-G3sY+NpsA9jnwm0ixhAFQSJ3Q9JkpLZpJbI3GMv0mIAT0y3mRabYeINzal5WOChIiaTEGQYlHOKgkaM9EisWHw== + dependencies: + "@types/caseless" "*" + "@types/node" "*" + "@types/tough-cookie" "*" + form-data "^2.5.0" + "@types/resize-observer-browser@^0.1.5": version "0.1.6" resolved "https://registry.yarnpkg.com/@types/resize-observer-browser/-/resize-observer-browser-0.1.6.tgz#d8e6c2f830e2650dc06fe74464472ff64b54a302" @@ -3775,6 +3885,11 @@ dependencies: "@types/tar-fs" "*" +"@types/tough-cookie@*": + version "4.0.5" + resolved "https://registry.yarnpkg.com/@types/tough-cookie/-/tough-cookie-4.0.5.tgz#cb6e2a691b70cb177c6e3ae9c1d2e8b2ea8cd304" + integrity sha512-/Ad8+nIOV7Rl++6f1BdKxFSMgmoqEoYbHRpPcx3JEfv8VRsQe9Z4mCXeJBzxs7mbHY/XOZZuXlRNfhpVPbs6ZA== + "@types/ua-parser-js@^0.7.33": version "0.7.33" resolved "https://registry.yarnpkg.com/@types/ua-parser-js/-/ua-parser-js-0.7.33.tgz#4a92089511574e12928a7cb6b99a01831acd1dd7" @@ -4311,6 +4426,13 @@ abbrev@1: resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8" integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q== +abort-controller@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/abort-controller/-/abort-controller-3.0.0.tgz#eaf54d53b62bae4138e809ca225c8439a6efb392" + integrity sha512-h8lQ8tacZYnR3vNQTgibj+tODHI5/+l06Au2Pcriv/Gmet0eaj4TwWH41sO9wnHDiQsEj19q0drzdWdeAHtweg== + dependencies: + event-target-shim "^5.0.0" + accepts@^1.3.5, accepts@~1.3.7: version "1.3.7" resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd" @@ -4406,6 +4528,13 @@ agent-base@6, agent-base@^6.0.0: dependencies: debug "4" +agent-base@^7.0.2: + version "7.1.0" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.0.tgz#536802b76bc0b34aa50195eb2442276d613e3434" + integrity sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg== + dependencies: + debug "^4.3.4" + agentkeepalive@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/agentkeepalive/-/agentkeepalive-2.2.0.tgz#c5d1bd4b129008f1163f236f86e5faea2026e2ef" @@ -5087,7 +5216,7 @@ balanced-match@^1.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767" integrity sha1-ibTRmasr7kneFk6gK4nORi1xt2c= -base64-js@^1.0.2, base64-js@^1.2.3, base64-js@^1.3.1: +base64-js@^1.0.2, base64-js@^1.2.3, base64-js@^1.3.0, base64-js@^1.3.1: version "1.5.1" resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== @@ -5127,6 +5256,11 @@ big.js@^5.2.2: resolved "https://registry.yarnpkg.com/big.js/-/big.js-5.2.2.tgz#65f0af382f578bcdc742bd9c281e9cb2d7768328" integrity sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ== +bignumber.js@^9.0.0: + version "9.1.2" + resolved "https://registry.yarnpkg.com/bignumber.js/-/bignumber.js-9.1.2.tgz#b7c4242259c008903b13707983b5f4bbd31eda0c" + integrity sha512-2/mKyZH9K85bzOEfhXDBFZTGd1CTs+5IHpeFQo9luiBG7hghdC851Pj2WAhb6E3R6b9tZj/XKhbg4fum+Kepug== + binary-extensions@^1.0.0: version "1.13.1" resolved "https://registry.yarnpkg.com/binary-extensions/-/binary-extensions-1.13.1.tgz#598afe54755b2868a5330d2aff9d4ebb53209b65" @@ -5417,6 +5551,11 @@ buffer-alloc@^1.2.0: buffer-alloc-unsafe "^1.1.0" buffer-fill "^1.0.0" +buffer-equal-constant-time@1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819" + integrity sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA== + buffer-equal@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/buffer-equal/-/buffer-equal-0.0.1.tgz#91bc74b11ea405bc916bc6aa908faafa5b4aac4b" @@ -5954,6 +6093,15 @@ cliui@^7.0.2: strip-ansi "^6.0.0" wrap-ansi "^7.0.0" +cliui@^8.0.1: + version "8.0.1" + resolved "https://registry.yarnpkg.com/cliui/-/cliui-8.0.1.tgz#0c04b075db02cbfe60dc8e6cf2f5486b1a3608aa" + integrity sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ== + dependencies: + string-width "^4.2.0" + strip-ansi "^6.0.1" + wrap-ansi "^7.0.0" + clone-response@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/clone-response/-/clone-response-1.0.2.tgz#d1dc973920314df67fbeb94223b4ee350239e96b" @@ -6940,6 +7088,16 @@ duplexify@^3.4.2, duplexify@^3.6.0: readable-stream "^2.0.0" stream-shift "^1.0.0" +duplexify@^4.0.0: + version "4.1.2" + resolved "https://registry.yarnpkg.com/duplexify/-/duplexify-4.1.2.tgz#18b4f8d28289132fa0b9573c898d9f903f81c7b0" + integrity sha512-fz3OjcNCHmRP12MJoZMPglx8m4rrFP8rovnk4vT8Fs+aonZoCwGg10dSsQsfP/E62eZcPTMSMP6686fu9Qlqtw== + dependencies: + end-of-stream "^1.4.1" + inherits "^2.0.3" + readable-stream "^3.1.1" + stream-shift "^1.0.0" + dynamic-dedupe@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/dynamic-dedupe/-/dynamic-dedupe-0.3.0.tgz#06e44c223f5e4e94d78ef9db23a6515ce2f962a1" @@ -6955,6 +7113,13 @@ ecc-jsbn@~0.1.1: jsbn "~0.1.0" safer-buffer "^2.1.0" +ecdsa-sig-formatter@1.0.11, ecdsa-sig-formatter@^1.0.11: + version "1.0.11" + resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf" + integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ== + dependencies: + safe-buffer "^5.0.1" + ee-first@1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d" @@ -7035,7 +7200,7 @@ encoding@^0.1.11: dependencies: iconv-lite "^0.6.2" -end-of-stream@^1.0.0, end-of-stream@^1.1.0: +end-of-stream@^1.0.0, end-of-stream@^1.1.0, end-of-stream@^1.4.1: version "1.4.4" resolved "https://registry.yarnpkg.com/end-of-stream/-/end-of-stream-1.4.4.tgz#5ae64a5f45057baf3626ec14da0ca5e4b2431eb0" integrity sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q== @@ -7721,6 +7886,11 @@ event-stream@=3.3.4: stream-combiner "~0.0.4" through "~2.3.1" +event-target-shim@^5.0.0: + version "5.0.1" + resolved "https://registry.yarnpkg.com/event-target-shim/-/event-target-shim-5.0.1.tgz#5d4d3ebdf9583d63a5333ce2deb7480ab2b05789" + integrity sha512-i/2XbnSz/uxRCU6+NdVJgKWDTM427+MqYbkQzD321DuCQJUqOuJKIA0IM2+W2xtYHdKOmZ4dR6fExsd4SXL+WQ== + eventemitter3@^4.0.0: version "4.0.7" resolved "https://registry.yarnpkg.com/eventemitter3/-/eventemitter3-4.0.7.tgz#2de9b68f6528d5644ef5c59526a1b4a07306169f" @@ -7920,7 +8090,7 @@ extend-shallow@^3.0.0, extend-shallow@^3.0.2: assign-symbols "^1.0.0" is-extendable "^1.0.1" -extend@~3.0.2: +extend@^3.0.2, extend@~3.0.2: version "3.0.2" resolved "https://registry.yarnpkg.com/extend/-/extend-3.0.2.tgz#f8b1136b4071fbd8eb140aff858b1019ec2915fa" integrity sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g== @@ -8227,7 +8397,7 @@ forever-agent@~0.6.1: resolved "https://registry.yarnpkg.com/forever-agent/-/forever-agent-0.6.1.tgz#fbc71f0c41adeb37f96c577ad1ed42d8fdacca91" integrity sha1-+8cfDEGt6zf5bFd60e1C2P2sypE= -form-data@^2.4.0: +form-data@^2.4.0, form-data@^2.5.0: version "2.5.1" resolved "https://registry.yarnpkg.com/form-data/-/form-data-2.5.1.tgz#f2cbec57b5e59e23716e128fe44d4e5dd23895f4" integrity sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA== @@ -8419,6 +8589,24 @@ functions-have-names@^1.2.3: resolved "https://registry.yarnpkg.com/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834" integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ== +gaxios@^6.0.0, gaxios@^6.1.1: + version "6.1.1" + resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-6.1.1.tgz#549629f86a13e756b900f9ff7c94624670102938" + integrity sha512-bw8smrX+XlAoo9o1JAksBwX+hi/RG15J+NTSxmNPIclKC3ZVK6C2afwY8OSdRvOK0+ZLecUJYtj2MmjOt3Dm0w== + dependencies: + extend "^3.0.2" + https-proxy-agent "^7.0.1" + is-stream "^2.0.0" + node-fetch "^2.6.9" + +gcp-metadata@^6.1.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-6.1.0.tgz#9b0dd2b2445258e7597f2024332d20611cbd6b8c" + integrity sha512-Jh/AIwwgaxan+7ZUUmRLCjtchyDiqh4KjBJ5tW3plBZb5iL/BPcso8A5DlzeD9qlw0duCamnNdpFjxwaT0KyKg== + dependencies: + gaxios "^6.0.0" + json-bigint "^1.0.0" + generic-pool@3.9.0: version "3.9.0" resolved "https://registry.yarnpkg.com/generic-pool/-/generic-pool-3.9.0.tgz#36f4a678e963f4fdb8707eab050823abc4e8f5e4" @@ -8715,6 +8903,35 @@ good-listener@^1.2.2: dependencies: delegate "^3.1.2" +google-auth-library@^9.0.0: + version "9.4.1" + resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-9.4.1.tgz#dea32cbdae0a47066995a379e6873c52926ea80e" + integrity sha512-Chs7cuzDuav8W/BXOoRgSXw4u0zxYtuqAHETDR5Q6dG1RwNwz7NUKjsDDHAsBV3KkiiJBtJqjbzy1XU1L41w1g== + dependencies: + base64-js "^1.3.0" + ecdsa-sig-formatter "^1.0.11" + gaxios "^6.1.1" + gcp-metadata "^6.1.0" + gtoken "^7.0.0" + jws "^4.0.0" + +google-gax@^4.0.3: + version "4.0.5" + resolved "https://registry.yarnpkg.com/google-gax/-/google-gax-4.0.5.tgz#e30a2f2fad3716e8b23996f1bbe941e16abf0889" + integrity sha512-yLoYtp4zE+8OQA74oBEbNkbzI6c95W01JSL7RqC8XERKpRvj3ytZp1dgnbA6G9aRsc8pZB25xWYBcCmrbYOEhA== + dependencies: + "@grpc/grpc-js" "~1.9.6" + "@grpc/proto-loader" "^0.7.0" + "@types/long" "^4.0.0" + abort-controller "^3.0.0" + duplexify "^4.0.0" + google-auth-library "^9.0.0" + node-fetch "^2.6.1" + object-hash "^3.0.0" + proto3-json-serializer "^2.0.0" + protobufjs "7.2.5" + retry-request "^7.0.0" + gopd@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" @@ -8769,6 +8986,14 @@ growly@^1.3.0: resolved "https://registry.yarnpkg.com/growly/-/growly-1.3.0.tgz#f10748cbe76af964b7c96c93c6bcc28af120c081" integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE= +gtoken@^7.0.0: + version "7.0.1" + resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-7.0.1.tgz#b64bd01d88268ea3a3572c9076a85d1c48f1a455" + integrity sha512-KcFVtoP1CVFtQu0aSk3AyAt2og66PFhZAlkUOuWKwzMLoulHXG5W5wE5xAnHb+yl3/wEFoqGW7/cDGMU8igDZQ== + dependencies: + gaxios "^6.0.0" + jws "^4.0.0" + gud@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/gud/-/gud-1.0.0.tgz#a489581b17e6a70beca9abe3ae57de7a499852c0" @@ -9084,6 +9309,15 @@ http-proxy-agent@^4.0.0, http-proxy-agent@^4.0.1: agent-base "6" debug "4" +http-proxy-agent@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz#5129800203520d434f142bc78ff3c170800f2b43" + integrity sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w== + dependencies: + "@tootallnate/once" "2" + agent-base "6" + debug "4" + http-proxy@^1.18.0: version "1.18.1" resolved "https://registry.yarnpkg.com/http-proxy/-/http-proxy-1.18.1.tgz#401541f0534884bbf95260334e72f88ee3976549" @@ -9115,6 +9349,14 @@ https-proxy-agent@5, https-proxy-agent@^5.0.0: agent-base "6" debug "4" +https-proxy-agent@^7.0.1: + version "7.0.2" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.2.tgz#e2645b846b90e96c6e6f347fb5b2e41f1590b09b" + integrity sha512-NmLNjm6ucYwtcUmL7JQC1ZQ57LmHP4lT15FQ8D61nak1rO6DH+fz5qNK2Ap5UN4ZapYICE3/0KodcLYSPsPbaA== + dependencies: + agent-base "^7.0.2" + debug "4" + human-signals@^1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/human-signals/-/human-signals-1.1.1.tgz#c5b1cd14f50aeae09ab6c59fe63ba3395fe4dfa3" @@ -10935,6 +11177,13 @@ jsesc@~0.5.0: resolved "https://registry.yarnpkg.com/jsesc/-/jsesc-0.5.0.tgz#e7dee66e35d6fc16f710fe91d5cf69f70f08911d" integrity sha1-597mbjXW/Bb3EP6R1c9p9w8IkR0= +json-bigint@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/json-bigint/-/json-bigint-1.0.0.tgz#ae547823ac0cad8398667f8cd9ef4730f5b01ff1" + integrity sha512-SiPv/8VpZuWbvLSMtTDU8hEfrZWg/mH/nV/b4o0CYbSxu1UIQPLdwKOCIyLQX+VIPO5vrLX3i8qtqFyhdPSUSQ== + dependencies: + bignumber.js "^9.0.0" + json-buffer@3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/json-buffer/-/json-buffer-3.0.0.tgz#5b1f397afc75d677bde8bcfc0e47e1f9a3d9a898" @@ -11053,6 +11302,23 @@ jstransformer@1.0.0: object.assign "^4.1.4" object.values "^1.1.6" +jwa@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/jwa/-/jwa-2.0.0.tgz#a7e9c3f29dae94027ebcaf49975c9345593410fc" + integrity sha512-jrZ2Qx916EA+fq9cEAeCROWPTfCwi1IVHqT2tapuqLEVVDKFDENFw1oL+MwrTvH6msKxsd1YTDVw6uKEcsrLEA== + dependencies: + buffer-equal-constant-time "1.0.1" + ecdsa-sig-formatter "1.0.11" + safe-buffer "^5.0.1" + +jws@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/jws/-/jws-4.0.0.tgz#2d4e8cf6a318ffaa12615e9dec7e86e6c97310f4" + integrity sha512-KDncfTmOZoOMTFG4mBlG0qUIOlc03fmzH+ru6RgYVZhPkyiy/92Owlt/8UEN+a4TXR1FQetfIpJE8ApdvdVxTg== + dependencies: + jwa "^2.0.0" + safe-buffer "^5.0.1" + keygrip@~1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/keygrip/-/keygrip-1.1.0.tgz#871b1681d5e159c62a445b0c74b615e0917e7226" @@ -11364,6 +11630,11 @@ locate-path@^6.0.0: dependencies: p-locate "^5.0.0" +lodash.camelcase@^4.3.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/lodash.camelcase/-/lodash.camelcase-4.3.0.tgz#b28aa6288a2b9fc651035c7711f65ab6190331a6" + integrity sha512-TwuEnCnxbc3rAvhf/LbG7tJUDzhqXyFnv3dtzLOPgCG/hODL7WFnsbwktkD7yUV0RrreP/l1PALq/YSg6VvjlA== + lodash.debounce@^4.0.8: version "4.0.8" resolved "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af" @@ -11419,6 +11690,11 @@ loglevel@^1.6.2: resolved "https://registry.yarnpkg.com/loglevel/-/loglevel-1.7.1.tgz#005fde2f5e6e47068f935ff28573e125ef72f197" integrity sha512-Hesni4s5UkWkwCGJMQGAh71PaLUmKFM60dHvq0zi/vDhhrzuk+4GgNbTXJ12YYQJn6ZKBDNIjYcuQGKudvqrIw== +long@^5.0.0: + version "5.2.3" + resolved "https://registry.yarnpkg.com/long/-/long-5.2.3.tgz#a3ba97f3877cf1d778eccbcb048525ebb77499e1" + integrity sha512-lcHwpNoggQTObv5apGNCTdJrO69eHOZMi4BNC+rTLER8iHAqGrUVeLh/irVIM7zTw2bOXA8T6uNPeujwOLg/2Q== + longest@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/longest/-/longest-1.0.1.tgz#30a0b2da38f73770e8294a0d22e6625ed77d0097" @@ -12054,6 +12330,13 @@ node-fetch@^1.0.1: encoding "^0.1.11" is-stream "^1.0.1" +node-fetch@^2.6.9: + version "2.7.0" + resolved "https://registry.yarnpkg.com/node-fetch/-/node-fetch-2.7.0.tgz#d0f0fa6e3e2dc1d27efcd8ad99d550bda94d187d" + integrity sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A== + dependencies: + whatwg-url "^5.0.0" + node-forge@^0.10.0: version "0.10.0" resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3" @@ -12246,6 +12529,11 @@ object-copy@^0.1.0: define-property "^0.2.5" kind-of "^3.0.3" +object-hash@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/object-hash/-/object-hash-3.0.0.tgz#73f97f753e7baffc0e2cc9d6e079079744ac82e9" + integrity sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw== + object-inspect@^1.12.3: version "1.12.3" resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.3.tgz#ba62dffd67ee256c8c086dfae69e016cd1f198b9" @@ -13113,6 +13401,31 @@ prop-types@^15.8.1: object-assign "^4.1.1" react-is "^16.13.1" +proto3-json-serializer@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/proto3-json-serializer/-/proto3-json-serializer-2.0.0.tgz#1d5354e28a0ee985a771f8502d2b4db962d19d1e" + integrity sha512-FB/YaNrpiPkyQNSNPilpn8qn0KdEfkgmJ9JP93PQyF/U4bAiXY5BiUdDhiDO4S48uSQ6AesklgVlrKiqZPzegw== + dependencies: + protobufjs "^7.0.0" + +protobufjs@7.2.5, protobufjs@^7.0.0, protobufjs@^7.2.4: + version "7.2.5" + resolved "https://registry.yarnpkg.com/protobufjs/-/protobufjs-7.2.5.tgz#45d5c57387a6d29a17aab6846dcc283f9b8e7f2d" + integrity sha512-gGXRSXvxQ7UiPgfw8gevrfRWcTlSbOFg+p/N+JVJEK5VhueL2miT6qTymqAmjr1Q5WbOCyJbyrk6JfWKwlFn6A== + dependencies: + "@protobufjs/aspromise" "^1.1.2" + "@protobufjs/base64" "^1.1.2" + "@protobufjs/codegen" "^2.0.4" + "@protobufjs/eventemitter" "^1.1.0" + "@protobufjs/fetch" "^1.1.0" + "@protobufjs/float" "^1.0.2" + "@protobufjs/inquire" "^1.1.0" + "@protobufjs/path" "^1.1.2" + "@protobufjs/pool" "^1.1.0" + "@protobufjs/utf8" "^1.1.0" + "@types/node" ">=13.7.0" + long "^5.0.0" + protocols@^1.1.0, protocols@^1.4.0: version "1.4.8" resolved "https://registry.yarnpkg.com/protocols/-/protocols-1.4.8.tgz#48eea2d8f58d9644a4a32caae5d5db290a075ce8" @@ -13730,6 +14043,15 @@ readable-stream@1.1.x: isarray "0.0.1" string_decoder "~0.10.x" +readable-stream@^3.1.1: + version "3.6.2" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== + dependencies: + inherits "^2.0.3" + string_decoder "^1.1.1" + util-deprecate "^1.0.1" + readable-stream@^3.6.0: version "3.6.0" resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.0.tgz#337bbda3adc0706bd3e024426a286d4b4b2c9198" @@ -14188,6 +14510,16 @@ ret@~0.1.10: resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc" integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg== +retry-request@^7.0.0: + version "7.0.1" + resolved "https://registry.yarnpkg.com/retry-request/-/retry-request-7.0.1.tgz#b0163aeb934bd3fa2de76902d683b09b8ce364ba" + integrity sha512-ZI6vJp9rfB71mrZpw+n9p/B6HCsd7QJlSEQftZ+xfJzr3cQ9EPGKw1FF0BnViJ0fYREX6FhymBD2CARpmsFciQ== + dependencies: + "@types/request" "^2.48.8" + debug "^4.1.1" + extend "^3.0.2" + teeny-request "^9.0.0" + reusify@^1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" @@ -14990,6 +15322,13 @@ stream-each@^1.1.0: end-of-stream "^1.1.0" stream-shift "^1.0.0" +stream-events@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/stream-events/-/stream-events-1.0.5.tgz#bbc898ec4df33a4902d892333d47da9bf1c406d5" + integrity sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg== + dependencies: + stubs "^3.0.0" + stream-http@^2.7.2: version "2.8.3" resolved "https://registry.yarnpkg.com/stream-http/-/stream-http-2.8.3.tgz#b2d242469288a5a27ec4fe8933acf623de6514fc" @@ -15060,6 +15399,15 @@ string-width@^4.0.0, string-width@^4.1.0, string-width@^4.2.0: is-fullwidth-code-point "^3.0.0" strip-ansi "^6.0.0" +string-width@^4.2.3: + version "4.2.3" + resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + string.prototype.matchall@^4.0.8: version "4.0.10" resolved "https://registry.yarnpkg.com/string.prototype.matchall/-/string.prototype.matchall-4.0.10.tgz#a1553eb532221d4180c51581d6072cd65d1ee100" @@ -15239,6 +15587,11 @@ strip-json-comments@^3.1.1: resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== +stubs@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/stubs/-/stubs-3.0.0.tgz#e8d2ba1fa9c90570303c030b6900f7d5f89abe5b" + integrity sha512-PdHt7hHUJKxvTCgbKX9C1V/ftOcjJQgz8BZwNfV5c4B6dcGqlpelTbJ999jBGZ2jYiPAwcX5dP6oBwVlBlUbxw== + sudo-block@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/sudo-block/-/sudo-block-3.0.0.tgz#4816d8bfc3416af70521645860d9cb8167d78411" @@ -15380,6 +15733,17 @@ targz@^1.0.1: dependencies: tar-fs "^1.8.1" +teeny-request@^9.0.0: + version "9.0.0" + resolved "https://registry.yarnpkg.com/teeny-request/-/teeny-request-9.0.0.tgz#18140de2eb6595771b1b02203312dfad79a4716d" + integrity sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g== + dependencies: + http-proxy-agent "^5.0.0" + https-proxy-agent "^5.0.0" + node-fetch "^2.6.9" + stream-events "^1.0.5" + uuid "^9.0.0" + temp-dir@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/temp-dir/-/temp-dir-1.0.0.tgz#0a7c0ea26d3a39afa7e0ebea9c1fc0bc4daa011d" @@ -15663,6 +16027,11 @@ tr46@^2.1.0: dependencies: punycode "^2.1.1" +tr46@~0.0.3: + version "0.0.3" + resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" + integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== + tree-kill@^1.2.2: version "1.2.2" resolved "https://registry.yarnpkg.com/tree-kill/-/tree-kill-1.2.2.tgz#4ca09a9092c88b73a7cdc5e8a01b507b0790a0cc" @@ -16078,6 +16447,11 @@ unbox-primitive@^1.0.2: has-symbols "^1.0.3" which-boxed-primitive "^1.0.2" +undici-types@~5.26.4: + version "5.26.5" + resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" + integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== + unicode-canonical-property-names-ecmascript@^1.0.4: version "1.0.4" resolved "https://registry.yarnpkg.com/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-1.0.4.tgz#2619800c4c825800efdd8343af7dd9933cbe2818" @@ -16340,6 +16714,11 @@ uuid@^8.3.0: resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.1.tgz#2ba2e6ca000da60fce5a196954ab241131e05a31" integrity sha512-FOmRr+FmWEIG8uhZv6C2bTgEVXsHk08kE7mPlrBbEe+c3r9pjceVPgupIfNIhc4yx55H69OXANrUaSuu9eInKg== +uuid@^9.0.0: + version "9.0.1" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-9.0.1.tgz#e188d4c8853cc722220392c424cd637f32293f30" + integrity sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA== + v8-compile-cache@^2.1.1: version "2.2.0" resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.2.0.tgz#9471efa3ef9128d2f7c6a7ca39c4dd6b5055b132" @@ -16467,6 +16846,11 @@ watchpack@^2.2.0: glob-to-regexp "^0.4.1" graceful-fs "^4.1.2" +webidl-conversions@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-3.0.1.tgz#24534275e2a7bc6be7bc86611cc16ae0a5654871" + integrity sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ== + webidl-conversions@^5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-5.0.0.tgz#ae59c8a00b121543a2acc65c0434f57b0fc11aff" @@ -16609,6 +16993,14 @@ whatwg-mimetype@^2.3.0: resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-2.3.0.tgz#3d4b1e0312d2079879f826aff18dbeeca5960fbf" integrity sha512-M4yMwr6mAnQz76TbJm914+gPpB/nCwvZbJU28cUD6dR004SAxDLOOSUaB1JDRqLtaOV/vi0IC5lEAGFgrjGv/g== +whatwg-url@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-5.0.0.tgz#966454e8765462e37644d3626f6742ce8b70965d" + integrity sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw== + dependencies: + tr46 "~0.0.3" + webidl-conversions "^3.0.0" + whatwg-url@^8.0.0: version "8.4.0" resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-8.4.0.tgz#50fb9615b05469591d2b2bd6dfaed2942ed72837" @@ -16991,6 +17383,11 @@ yargs-parser@^20.2.2: resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w== +yargs-parser@^21.1.1: + version "21.1.1" + resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-21.1.1.tgz#9096bceebf990d21bb31fa9516e0ede294a77d35" + integrity sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw== + yargs@^13.3.2: version "13.3.2" resolved "https://registry.yarnpkg.com/yargs/-/yargs-13.3.2.tgz#ad7ffefec1aa59565ac915f82dccb38a9c31a2dd" @@ -17037,6 +17434,19 @@ yargs@^16.2.0: y18n "^5.0.5" yargs-parser "^20.2.2" +yargs@^17.7.2: + version "17.7.2" + resolved "https://registry.yarnpkg.com/yargs/-/yargs-17.7.2.tgz#991df39aca675a192b816e1e0363f9d75d2aa269" + integrity sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w== + dependencies: + cliui "^8.0.1" + escalade "^3.1.1" + get-caller-file "^2.0.5" + require-directory "^2.1.1" + string-width "^4.2.3" + y18n "^5.0.5" + yargs-parser "^21.1.1" + yargs@~3.10.0: version "3.10.0" resolved "https://registry.yarnpkg.com/yargs/-/yargs-3.10.0.tgz#f7ee7bd857dd7c1d2d38c0e74efbd681d1431fd1" From 432ec8d8cf9d297331af5e4f314b244c543c2db8 Mon Sep 17 00:00:00 2001 From: Michael Hampton Date: Wed, 20 Dec 2023 11:19:39 -0500 Subject: [PATCH 2/4] refactor(snackpub): use ExternalSecret --- snackpub/k8s/base/external-secrets-config.yaml | 5 +++++ snackpub/k8s/base/kustomization.yaml | 4 ++++ .../k8s/production/external-secret-env.yaml | 17 +++++++++++++++++ snackpub/k8s/production/kustomization.yaml | 6 ++++-- snackpub/k8s/production/secrets/snackpub.env | Bin 61 -> 0 bytes snackpub/k8s/staging/external-secret-env.yaml | 17 +++++++++++++++++ snackpub/k8s/staging/kustomization.yaml | 6 ++++-- snackpub/k8s/staging/secrets/snackpub.env | Bin 61 -> 0 bytes 8 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 snackpub/k8s/base/external-secrets-config.yaml create mode 100644 snackpub/k8s/production/external-secret-env.yaml delete mode 100644 snackpub/k8s/production/secrets/snackpub.env create mode 100644 snackpub/k8s/staging/external-secret-env.yaml delete mode 100644 snackpub/k8s/staging/secrets/snackpub.env diff --git a/snackpub/k8s/base/external-secrets-config.yaml b/snackpub/k8s/base/external-secrets-config.yaml new file mode 100644 index 00000000..f0664676 --- /dev/null +++ b/snackpub/k8s/base/external-secrets-config.yaml @@ -0,0 +1,5 @@ +nameReference: +- kind: Secret + fieldSpecs: + - kind: ExternalSecret + path: spec/target/name diff --git a/snackpub/k8s/base/kustomization.yaml b/snackpub/k8s/base/kustomization.yaml index 849b2e44..46153eda 100644 --- a/snackpub/k8s/base/kustomization.yaml +++ b/snackpub/k8s/base/kustomization.yaml @@ -5,3 +5,7 @@ commonLabels: resources: - deployment.yaml - service.yaml +configurations: + - external-secrets-config.yaml +secretGenerator: +- name: snackpub-env diff --git a/snackpub/k8s/production/external-secret-env.yaml b/snackpub/k8s/production/external-secret-env.yaml new file mode 100644 index 00000000..2bc35352 --- /dev/null +++ b/snackpub/k8s/production/external-secret-env.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: snackpub-env +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackpub-env + creationPolicy: Owner + dataFrom: + - extract: + key: production__snack__snackpub__env + version: "1" diff --git a/snackpub/k8s/production/kustomization.yaml b/snackpub/k8s/production/kustomization.yaml index 377de7e5..f9bee409 100644 --- a/snackpub/k8s/production/kustomization.yaml +++ b/snackpub/k8s/production/kustomization.yaml @@ -4,10 +4,12 @@ namespace: production resources: - ../base - vertical-pod-autoscaler.yaml + - external-secret-env.yaml patchesStrategicMerge: - service-backend.yaml - deployment-replicas.yaml secretGenerator: - name: snackpub-env - envs: - - secrets/snackpub.env + behavior: merge + files: + - ./external-secret-env.yaml diff --git a/snackpub/k8s/production/secrets/snackpub.env b/snackpub/k8s/production/secrets/snackpub.env deleted file mode 100644 index 1d36fd712b6535c279dde635eceb1101ced3108f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 61 zcmV-D0K)$OM@dveQdv+`0B0?;uTarfQgW51(oyJpjxaVew=_IQXH)IUMZMg#10`&6 T%IxTuW6gz!#-f}JFP!Jr9xfdb diff --git a/snackpub/k8s/staging/external-secret-env.yaml b/snackpub/k8s/staging/external-secret-env.yaml new file mode 100644 index 00000000..d910f4f2 --- /dev/null +++ b/snackpub/k8s/staging/external-secret-env.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: snackpub-env +spec: + refreshInterval: "0" + secretStoreRef: + kind: ClusterSecretStore + name: gcp-store + target: + name: snackpub-env + creationPolicy: Owner + dataFrom: + - extract: + key: staging__snack__snackpub__env + version: "1" diff --git a/snackpub/k8s/staging/kustomization.yaml b/snackpub/k8s/staging/kustomization.yaml index e14d0097..afcaa569 100644 --- a/snackpub/k8s/staging/kustomization.yaml +++ b/snackpub/k8s/staging/kustomization.yaml @@ -3,9 +3,11 @@ kind: Kustomization namespace: staging resources: - ../base + - external-secret-env.yaml patchesStrategicMerge: - service-backend.yaml secretGenerator: - name: snackpub-env - envs: - - secrets/snackpub.env + behavior: merge + files: + - ./external-secret-env.yaml diff --git a/snackpub/k8s/staging/secrets/snackpub.env b/snackpub/k8s/staging/secrets/snackpub.env deleted file mode 100644 index d167811ceb9023f436c739a770e022b878397294..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 61 zcmV-D0K)$OM@dveQdv+`0HR$Ah8Cf_I5$By3o Date: Wed, 20 Dec 2023 11:19:50 -0500 Subject: [PATCH 3/4] refactor(website): remove secret --- website/deploy/base/deployment.yaml | 2 -- website/deploy/base/kustomization.yaml | 4 ---- website/deploy/base/secrets/snack.env | Bin 132 -> 0 bytes website/deploy/development/secrets/snack.env | Bin 131 -> 0 bytes 4 files changed, 6 deletions(-) delete mode 100644 website/deploy/base/secrets/snack.env delete mode 100644 website/deploy/development/secrets/snack.env diff --git a/website/deploy/base/deployment.yaml b/website/deploy/base/deployment.yaml index 4e3b9ac8..10eef441 100644 --- a/website/deploy/base/deployment.yaml +++ b/website/deploy/base/deployment.yaml @@ -20,8 +20,6 @@ spec: envFrom: - configMapRef: name: snack - - secretRef: - name: snack ports: - containerPort: 3011 name: http diff --git a/website/deploy/base/kustomization.yaml b/website/deploy/base/kustomization.yaml index 491c0710..4eb29246 100644 --- a/website/deploy/base/kustomization.yaml +++ b/website/deploy/base/kustomization.yaml @@ -7,7 +7,3 @@ commonLabels: app: snack configMapGenerator: - name: snack -secretGenerator: -- name: snack - envs: - - secrets/snack.env diff --git a/website/deploy/base/secrets/snack.env b/website/deploy/base/secrets/snack.env deleted file mode 100644 index ef5d69e49298dded854e66f65c96a16c04eed53b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 132 zcmV-~0DJ!cM@dveQdv+`0QyF5Bhc8S@fCzv11tO-XTpue1cgxxdgik$OkP0Ol)|#- z)Uu8bk46d;YN8eWA{tXb?3V$?@`O7Q@SsY?E-E1_M}VxR&UD?(1kV#k4kd*@`w@_% mi=z?Ra}T}=4BYa_MYD@*Y(HG3-o;>=Q|^!v#}-}(J6Qt`kvh2m diff --git a/website/deploy/development/secrets/snack.env b/website/deploy/development/secrets/snack.env deleted file mode 100644 index 4d9fe051040f9bd8089bbe60a8173b046842c782..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131 zcmV-}0DS)dM@dveQdv+`09HyG?a$8-k_))Hy#G=R(9!EnQ#k0_2Gtb0v!y@>ptbEz zjqNGn0+`4P@?H@cA#7HmFlfEeCd}RoFNhqMwMd9~RIUkdjI#Pcgpv@{X=1z{fdyGK lN39v2`>JO%|3pqFn5`66(I> Date: Wed, 20 Dec 2023 11:38:13 -0500 Subject: [PATCH 4/4] refactor(ci): remove git-crypt usage --- .github/actions/setup-secrets/action.yml | 16 -------------- .github/workflows/snackager-bundle.yml | 5 ----- .github/workflows/snackager.yml | 28 ------------------------ .github/workflows/snackpub.yml | 22 ------------------- .github/workflows/website.yml | 22 ------------------- 5 files changed, 93 deletions(-) delete mode 100644 .github/actions/setup-secrets/action.yml diff --git a/.github/actions/setup-secrets/action.yml b/.github/actions/setup-secrets/action.yml deleted file mode 100644 index 95b3def3..00000000 --- a/.github/actions/setup-secrets/action.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Setup Secrets -description: Prepare Snack repository secrets in GitHub Actions - -inputs: - git-crypt-key: - description: The key to unlock the secrets - default: '' - -runs: - using: composite - steps: - - name: 🏗 Setup secrets - if: ${{ inputs.git-crypt-key != '' }} - uses: sliteteam/github-action-git-crypt-unlock@a09ea5079c1b0e1887d4c8d7a4b20f00b5c2d06b - env: - GIT_CRYPT_KEY: ${{ inputs.git-crypt-key }} diff --git a/.github/workflows/snackager-bundle.yml b/.github/workflows/snackager-bundle.yml index 0f4cbb07..b4ac30e5 100644 --- a/.github/workflows/snackager-bundle.yml +++ b/.github/workflows/snackager-bundle.yml @@ -25,11 +25,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup snackager uses: ./.github/actions/setup-snackager diff --git a/.github/workflows/snackager.yml b/.github/workflows/snackager.yml index 2d46618c..5f959526 100644 --- a/.github/workflows/snackager.yml +++ b/.github/workflows/snackager.yml @@ -22,7 +22,6 @@ on: pull_request: paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-snackager/** - .github/workflows/snackager.yml - snackager/** @@ -37,7 +36,6 @@ on: branches: [main] paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-snackager/** - .github/workflows/snackager.yml - snackager/** @@ -56,11 +54,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup snackager uses: ./.github/actions/setup-snackager @@ -81,11 +74,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup snackager uses: ./.github/actions/setup-snackager @@ -102,11 +90,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -130,11 +113,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -185,11 +163,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -231,4 +204,3 @@ jobs: status: ${{ job.status }} author_name: Deploy Snackager to Production fields: message,commit,author,job,took - diff --git a/.github/workflows/snackpub.yml b/.github/workflows/snackpub.yml index 0034b465..1d39f0f5 100644 --- a/.github/workflows/snackpub.yml +++ b/.github/workflows/snackpub.yml @@ -22,7 +22,6 @@ on: pull_request: paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-snackpub/** - .github/workflows/snackpub.yml - snackpub/** @@ -34,7 +33,6 @@ on: branches: [main] paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-snackpub/** - .github/workflows/snackpub.yml - snackpub/** @@ -50,11 +48,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup snackpub uses: ./.github/actions/setup-snackpub @@ -71,11 +64,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -98,11 +86,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -148,11 +131,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: diff --git a/.github/workflows/website.yml b/.github/workflows/website.yml index 3a3d81df..c1cd704b 100644 --- a/.github/workflows/website.yml +++ b/.github/workflows/website.yml @@ -22,7 +22,6 @@ on: pull_request: paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-website/** - .github/workflows/website.yml - website/** @@ -36,7 +35,6 @@ on: branches: [main] paths: - .github/actions/setup-google-cloud/** - - .github/actions/setup-secrets/** - .github/actions/setup-website/** - .github/workflows/website.yml - website/** @@ -70,11 +68,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -94,11 +87,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud @@ -119,11 +107,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: @@ -174,11 +157,6 @@ jobs: - name: 🏗 Setup repository uses: actions/checkout@v3 - - name: 🏗 Setup secrets - uses: ./.github/actions/setup-secrets - with: - git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} - - name: 🏗 Setup Google Cloud SDK uses: ./.github/actions/setup-google-cloud with: