Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/publisher-oauth' into dev
Browse files Browse the repository at this point in the history
  • Loading branch information
colorfield committed Oct 17, 2023
1 parent c056569 commit 7d1bd3d
Show file tree
Hide file tree
Showing 26 changed files with 1,045 additions and 11 deletions.
6 changes: 6 additions & 0 deletions .lagoon.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ tasks:
name: import translations from the ui
command: drush scr scripts/translations-import.php
service: cli
- run:
name: Create Keys for Simple OAuth if necessary
command: |
if [[ ! -f /app/keys/private.key || ! -f /app/keys/public.key ]]; then
drush simple-oauth:generate-keys /app/keys
fi
environments:
prod:
routes:
Expand Down
20 changes: 19 additions & 1 deletion INIT.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,18 @@ replace(
'PROJECT_NAME=example',
'PROJECT_NAME=' + process.env.PROJECT_NAME_MACHINE,
);
const clientSecret = randomString(32);
replace(
['apps/cms/.lagoon.env', 'apps/website/.lagoon.env'],
'PUBLISHER_OAUTH2_CLIENT_SECRET=!REPLACE-ME!',
'PUBLISHER_OAUTH2_CLIENT_SECRET=' + clientSecret,
);
const sessionSecret = randomString(32);
replace(
['apps/website/.lagoon.env'],
'PUBLISHER_OAUTH2_SESSION_SECRET=!REPLACE-ME!',
'PUBLISHER_OAUTH2_SESSION_SECRET=' + sessionSecret,
);
// Template's prod domain is special.
replace(
'.lagoon.yml',
Expand Down Expand Up @@ -106,7 +118,7 @@ Update the default hash salt.
```ts
replace(
'apps/cms/scaffold/settings.php.append.txt',
'banana123',
'time-flies-like-an-arrow-fruit-flies-like-a-banana',
randomString(32),
);
```
Expand All @@ -121,6 +133,12 @@ replace(
);
```

Remove the init script check.

```ts
replace('.github/workflows/test.yml', / - name: Init check.*?\n\n/gs, '');
```

Remove the init script.

```ts
Expand Down
59 changes: 58 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

## Create a new project from this template

- https://github.com/AmazeeLabs/silverback-template => `Use this template` =>
Minimum steps

- https://github.com/AmazeeLabs/silverback-template > `Use this template` >
`Create a new repository`
- In the newly created repo
- Settings > Manage access > Collaborators and teams
Expand All @@ -16,9 +18,13 @@
- Answer its questions
- Review the changes in the repo
- Commit and push

Other steps

- [Create a new Lagoon project](https://amazeelabs.atlassian.net/wiki/spaces/ALU/pages/368115717/Create+a+new+Lagoon+project)
- [Create a new Netlify project](https://amazeelabs.atlassian.net/wiki/spaces/ALU/pages/368017428/Create+a+new+Netlify+project)
- Check the [Environment overrides](#environment-overrides) section below
- Create `dev` and `prod` branches (and optionally `stage`) from `release`

## Branches and environments

Expand Down Expand Up @@ -159,6 +165,57 @@ lagoon runtime configuration.
lagoon add variable -p [project name] -e dev -N NETLIFY_SITE_ID -V [netlify site id]
```

### Publisher authentication with Drupal

Publisher can require to authenticate with Drupal based on OAuth2.
Only used on Lagoon environments.

#### Drupal configuration

##### Create keys

Per environment, keys are gitignored.

Via Drush

```bash
drush simple-oauth:generate-keys ./keys
```

Or via the UI

- Go to `/admin/config/people/simple_oauth`
- Click on "Generate keys", the directory should be set to `../keys`

##### Create the Publisher Consumer

Per environment, Consumers are content entities.

- Go to `/admin/config/services/consumer`
- Create a Consumer
- Label: `Publisher`
- Client ID: `publisher`
- Secret: a random string
- Redirect URI: `[publisher-url]/oauth/callback`
- Scope: `Publisher`
- Optional: the default Consumer can be safely deleted

Troubleshoot: make sure that the `DRUPAL_HASH_SALT` environment variable is >= 32 chars.

#### Publisher authentication

Edit [website environment variables](./apps/website/.lagoon.env)

```
PUBLISHER_SKIP_AUTHENTICATION=false
PUBLISHER_OAUTH2_CLIENT_SECRET="[secret used in the Drupal Consumer]"
PUBLISHER_OAUTH2_SESSION_SECRET="[another random string]"
```

##### Set the 'Access Publisher' permission

Optional: add this permission to relevant roles.

## Storybook

If a `CHROMATIC_PROJECT_TOKEN` environment variable is set, the Storybook build
Expand Down
3 changes: 3 additions & 0 deletions apps/cms/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -28,3 +28,6 @@ generated/operations.json

# Translations from the FE
generated/translations.json

# OAuth2
keys/*.key
3 changes: 3 additions & 0 deletions apps/cms/.lagoon.env
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
PROJECT_NAME=example
PUBLISHER_URL="https://${LAGOON_GIT_BRANCH}-${PROJECT_NAME}.build.amazeelabs.dev"
NETLIFY_URL="https://${LAGOON_GIT_BRANCH}-${PROJECT_NAME}.amazeelabs.dev"

# Used to set the original client secret.
PUBLISHER_OAUTH2_CLIENT_SECRET=!REPLACE-ME!
4 changes: 4 additions & 0 deletions apps/cms/composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
"drupal/redirect": "^1.8",
"drupal/reroute_email": "^2.2",
"drupal/role_delegation": "^1.2",
"drupal/simple_oauth": "^5.2",
"drupal/slack": "^1.4",
"drupal/stage_file_proxy": "^2.0.2",
"drupal/userprotect": "^1.2",
Expand All @@ -91,6 +92,9 @@
},
"extra": {
"patches": {
"drupal/core": {
"#2706241 AccessAwareRouter does not respect HTTP method": "https://www.drupal.org/files/issues/2023-03-17/2706241-74.patch"
},
"drupal/config_ignore": {
"#2857247 Do not export ignored config": "https://www.drupal.org/files/issues/2021-08-18/config_ignore_2857247-75.patch"
},
Expand Down
Loading

0 comments on commit 7d1bd3d

Please sign in to comment.