chore(patch): move exposed secret to .env file and 1password

PauloGoncalvesBH · PauloGoncalvesBH · commit 803225366a83 · 2023-07-18T21:30:20.000+01:00
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,4 @@
+.env.example
 .github
 .nyc_output
 dist/
diff --git a/.env.example b/.env.example
@@ -0,0 +1 @@
+MOESIF_APPLICATION_ID=op://serverest-ci-cd/moesif/application_id
diff --git a/.github/workflows/continuous_delivery.yml b/.github/workflows/continuous_delivery.yml
@@ -40,7 +40,6 @@ jobs:
     concurrency: create_release
 
     runs-on: ubuntu-22.04
-    environment: production
 
     steps:
     - name: Project checkout
@@ -59,6 +58,11 @@ jobs:
         DOCKER_REGISTRY_USER: op://serverest-ci-cd/docker/username
         DOCKER_REGISTRY_PASSWORD: op://serverest-ci-cd/docker/password
         PACT_BROKER_TOKEN: op://serverest-ci-cd/pactflow/pact_broker_token
+        MOESIF_APPLICATION_ID: op://serverest-ci-cd/moesif/application_id
+    - name: Fill .env file with secrets
+      run: echo "MOESIF_APPLICATION_ID=$MOESIF_APPLICATION_ID" >> .env
+      env:
+        MOESIF_APPLICATION_ID: ${{ env.MOESIF_APPLICATION_ID }}
     - name: Release on NPM and Docker
       run: npx semantic-release@18.0.0
       env:
diff --git a/.github/workflows/deploy-online-serverest.yml b/.github/workflows/deploy-online-serverest.yml
@@ -50,13 +50,19 @@ jobs:
     needs: build-and-push-image-to-gcloud-container-registry
 
     runs-on: ubuntu-22.04
+    environment: staging
 
     steps:
     - name: Load secrets from 1password
       uses: 1password/load-secrets-action@v1
       env:
         OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
         GCP_IAM_SERVICE_ACCOUNT_KEY: op://serverest-ci-cd/google-cloud/service_account_key
+        MOESIF_APPLICATION_ID: op://serverest-ci-cd/moesif/application_id
+    - name: Fill .env file with secrets
+      run: echo "MOESIF_APPLICATION_ID=$MOESIF_APPLICATION_ID" >> .env
+      env:
+        MOESIF_APPLICATION_ID: ${{ env.MOESIF_APPLICATION_ID }}
     - name: Set up Cloud SDK
       uses: google-github-actions/setup-gcloud@v0
     - name: Authentication on GCloud
@@ -122,6 +128,7 @@ jobs:
     if: "!contains(github.ref, 'beta')"
 
     runs-on: ubuntu-22.04
+    environment: production
 
     steps:
     - name: Load secrets from 1password
diff --git a/.gitignore b/.gitignore
@@ -17,6 +17,7 @@ coverage.lcov
 .vscode/
 
 ## Others
+.env
 tmp/
 *.tmp
 *.swp
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -9,6 +9,7 @@
     "serverest": "src/server.js"
   },
   "files": [
+    ".env",
     "docs/",
     "src/"
   ],
@@ -50,6 +51,7 @@
     "connect-timeout": "^1.9.0",
     "cors": "^2.8.5",
     "debug": "^4.3.4",
+    "dotenv": "^16.3.1",
     "express": "^4.17.1",
     "express-async-errors": "^3.1.1",
     "express-query-int": "^3.0.0",
diff --git a/src/utils/logger.js b/src/utils/logger.js
@@ -7,6 +7,7 @@ para não ser afetado pelo teste de mutação.
 Esse arquivo está marcado para ser ignorado no arquivo stryker.conf.js
 */
 
+require('dotenv').config()
 const moesif = require('moesif-nodejs')
 
 const { version } = require('../../package.json')
@@ -21,7 +22,7 @@ module.exports = async app => {
   }
   const { porta, timeout, nodoc, nobearer, nosec } = require('../server').argv
   const moesifMiddleware = moesif({
-    applicationId: 'eyJhcHAiOiIxNTA6MTU1MCIsInZlciI6IjIuMCIsIm9yZyI6IjQ5MToxMTIxIiwiaWF0IjoxNTk4OTE4NDAwfQ.e0E6Qhz1o1Jjs5prulHDYEBlv0juruWs_btjq2mong8',
+    applicationId: process.env.MOESIF_APPLICATION_ID,
     identifyUser: (req, res) => { return formaDeExecucao() },
     identifyCompany: (req, res) => { return version },
     skip: (req, res) => {

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+.env.example`
`1`	`2`	`.github`
`2`	`3`	`.nyc_output`
`3`	`4`	`dist/`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+MOESIF_APPLICATION_ID=op://serverest-ci-cd/moesif/application_id`