🔒 Add environment-based configuration system

- Add .env.example template with all configurable values - Create comprehensive .gitignore for personal data - Add sanitization script to remove hardcoded personal info - Add environment-aware deployment scripts - Add ENVIRONMENT.md documentation - Keep personal information in .env (gitignored) This makes the repository safe for public sharing while keeping personal domains, emails, and secrets secure.
2026-02-10 06:45:07 +00:00 · 2025-07-01 10:09:14 -07:00
parent 63b53dfc1b
commit d582108b16
9 changed files with 495 additions and 28 deletions
--- a/scripts/prepare-deployment.sh
+++ b/scripts/prepare-deployment.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+set -e
+
+# Environment-aware deployment script
+echo "🚀 Environment-aware deployment script..."
+
+# Load environment variables
+if [ -f ".env" ]; then
+  echo "📋 Loading configuration from .env file..."
+  export $(grep -v '^#' .env | xargs)
+else
+  echo "❌ No .env file found! Please create one from .env.example"
+  exit 1
+fi
+
+# Validate required environment variables
+required_vars=(
+  "BASE_DOMAIN"
+  "WEBHOOK_DOMAIN" 
+  "KNATIVE_DOMAIN"
+  "GITHUB_REPOSITORY"
+  "CONTAINER_REGISTRY"
+)
+
+for var in "${required_vars[@]}"; do
+  if [ -z "${!var}" ]; then
+    echo "❌ Required environment variable $var is not set!"
+    exit 1
+  fi
+done
+
+echo "✅ Environment validation passed"
+echo "   Base Domain: $BASE_DOMAIN"
+echo "   Webhook Domain: $WEBHOOK_DOMAIN"
+echo "   GitHub Repository: $GITHUB_REPOSITORY"
+
+# Function to substitute environment variables in manifests
+substitute_env_vars() {
+  local source_dir="$1"
+  local target_dir="$2"
+  
+  echo "📝 Substituting environment variables: $source_dir -> $target_dir"
+  
+  # Create target directory
+  mkdir -p "$target_dir"
+  
+  # Process all YAML files
+  for file in "$source_dir"/*.yml "$source_dir"/*.yaml; do
+    if [ -f "$file" ]; then
+      local basename=$(basename "$file")
+      local target_file="$target_dir/$basename"
+      
+      # Substitute environment variables
+      envsubst < "$file" > "$target_file"
+      echo "   ✅ $basename"
+    fi
+  done
+}
+
+# Create deployment-ready manifests from templates
+if [ -d "manifests/templates" ]; then
+  echo "🔄 Creating deployment manifests from templates..."
+  
+  substitute_env_vars "manifests/templates/dev" "manifests/dev"
+  substitute_env_vars "manifests/templates/staging" "manifests/staging"  
+  substitute_env_vars "manifests/templates/prod" "manifests/prod"
+  substitute_env_vars "manifests/templates" "manifests"
+  
+  echo "✅ Deployment manifests ready"
+else
+  echo "⚠️ No templates directory found, using existing manifests"
+fi
+
+echo ""
+echo "🎯 Ready for deployment with your environment configuration!"
+echo "   Run: kubectl apply -f manifests/dev/"
+echo "   Or use: ./scripts/setup-webhook-deployment.sh"
--- a/scripts/sanitize-repo.sh
+++ b/scripts/sanitize-repo.sh
@@ -0,0 +1,107 @@
+#!/bin/bash
+set -e
+
+# Script to sanitize repository by replacing hardcoded values with placeholders
+echo "🧹 Sanitizing repository - removing hardcoded personal information..."
+
+# Load environment variables to know what to replace
+if [ -f ".env" ]; then
+  source .env
+else
+  echo "❌ No .env file found!"
+  exit 1
+fi
+
+# Function to replace in file if it exists
+replace_in_file() {
+  local file="$1"
+  local search="$2"
+  local replace="$3"
+  
+  if [ -f "$file" ]; then
+    sed -i "s|${search}|${replace}|g" "$file"
+    echo "✅ Updated $file"
+  fi
+}
+
+# Replace domain names in all relevant files
+echo "📝 Replacing domain names with placeholders..."
+
+# README.md
+replace_in_file "README.md" "$DEV_DOMAIN" "2048-dev.example.com"
+replace_in_file "README.md" "$STAGING_DOMAIN" "2048-staging.example.com"
+replace_in_file "README.md" "$PROD_DOMAIN" "2048.example.com"
+replace_in_file "README.md" "$GITHUB_REPOSITORY" "your-username/k8s-game-2048"
+
+# GitHub workflows - replace all hardcoded domains
+for workflow in .github/workflows/*.yml; do
+  if [ -f "$workflow" ]; then
+    replace_in_file "$workflow" "$DEV_CANONICAL_DOMAIN" "game-2048-dev.game-2048-dev.dev.example.com"
+    replace_in_file "$workflow" "$STAGING_CANONICAL_DOMAIN" "game-2048-staging.game-2048-staging.staging.example.com"
+    replace_in_file "$workflow" "$PROD_CANONICAL_DOMAIN" "game-2048-prod.game-2048-prod.example.com"
+    replace_in_file "$workflow" "$DEV_DOMAIN" "2048-dev.example.com"
+    replace_in_file "$workflow" "$STAGING_DOMAIN" "2048-staging.example.com"
+    replace_in_file "$workflow" "$PROD_DOMAIN" "2048.example.com"
+    replace_in_file "$workflow" "$GITHUB_REPOSITORY" "your-username/k8s-game-2048"
+  fi
+done
+
+# Scripts
+for script in scripts/*.sh; do
+  if [ -f "$script" ]; then
+    replace_in_file "$script" "$DEV_DOMAIN" "2048-dev.example.com"
+    replace_in_file "$script" "$STAGING_DOMAIN" "2048-staging.example.com"
+    replace_in_file "$script" "$PROD_DOMAIN" "2048.example.com"
+    replace_in_file "$script" "$DEV_CANONICAL_DOMAIN" "game-2048-dev.game-2048-dev.dev.example.com"
+    replace_in_file "$script" "$STAGING_CANONICAL_DOMAIN" "game-2048-staging.game-2048-staging.staging.example.com"
+    replace_in_file "$script" "$PROD_CANONICAL_DOMAIN" "game-2048-prod.game-2048-prod.example.com"
+    replace_in_file "$script" "$KNATIVE_DOMAIN" "example.com"
+    replace_in_file "$script" "$WEBHOOK_DOMAIN" "webhook.example.com"
+    replace_in_file "$script" "$GITHUB_REPOSITORY" "your-username/k8s-game-2048"
+  fi
+done
+
+# Manifests - create template versions
+echo "📂 Creating template manifests..."
+mkdir -p manifests/templates
+
+# Copy current manifests to templates and sanitize
+cp -r manifests/dev manifests/templates/
+cp -r manifests/staging manifests/templates/
+cp -r manifests/prod manifests/templates/
+cp manifests/*.yaml manifests/templates/ 2>/dev/null || true
+
+# Sanitize template manifests
+for file in manifests/templates/**/*.yml manifests/templates/**/*.yaml manifests/templates/*.yaml; do
+  if [ -f "$file" ]; then
+    replace_in_file "$file" "$DEV_DOMAIN" "2048-dev.example.com"
+    replace_in_file "$file" "$STAGING_DOMAIN" "2048-staging.example.com"
+    replace_in_file "$file" "$PROD_DOMAIN" "2048.example.com"
+    replace_in_file "$file" "$DEV_CANONICAL_DOMAIN" "game-2048-dev.game-2048-dev.dev.example.com"
+    replace_in_file "$file" "$STAGING_CANONICAL_DOMAIN" "game-2048-staging.game-2048-staging.staging.example.com"
+    replace_in_file "$file" "$PROD_CANONICAL_DOMAIN" "game-2048-prod.game-2048-prod.example.com"
+    replace_in_file "$file" "dev.$KNATIVE_DOMAIN" "dev.example.com"
+    replace_in_file "$file" "staging.$KNATIVE_DOMAIN" "staging.example.com"
+    replace_in_file "$file" "$KNATIVE_DOMAIN" "example.com"
+    replace_in_file "$file" "$GITHUB_REPOSITORY" "your-username/k8s-game-2048"
+    replace_in_file "$file" "$CERT_EMAIL" "admin@example.com"
+  fi
+done
+
+# Package.json
+replace_in_file "package.json" "$GITHUB_REPOSITORY" "your-username/k8s-game-2048"
+
+# Documentation
+replace_in_file "docs/WEBHOOK_DEPLOYMENT.md" "$KNATIVE_DOMAIN" "example.com"
+
+echo ""
+echo "✅ Repository sanitization completed!"
+echo ""
+echo "📋 Summary of changes:"
+echo "- Replaced all domain references with example.com"
+echo "- Replaced GitHub repository with placeholder"
+echo "- Created template manifests in manifests/templates/"
+echo "- Personal information is now only in .env file (which is .gitignored)"
+echo ""
+echo "⚠️  Note: Current manifests still contain your actual domains for deployment"
+echo "   Template manifests are sanitized for public repository"
--- a/scripts/setup-webhook-deployment.sh
+++ b/scripts/setup-webhook-deployment.sh
@@ -4,15 +4,30 @@ set -e
 # Webhook-based Deployment Setup Script for k8s-game-2048
 echo "🚀 Setting up webhook-based deployment for k8s-game-2048..."

-# Configuration
+# Load configuration from .env file
+if [ -f ".env" ]; then
+  echo "📋 Loading configuration from .env file..."
+  export $(grep -v '^#' .env | xargs)
+else
+  echo "⚠️ No .env file found, using defaults"
+fi
+
+# Configuration with fallbacks
 WEBHOOK_SECRET="${WEBHOOK_SECRET:-$(openssl rand -hex 32)}"
 MANIFESTS_PATH="${MANIFESTS_PATH:-/home/administrator/k8s-game-2048/manifests}"
-WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.$(hostname -f)}"
+WEBHOOK_DOMAIN="${WEBHOOK_DOMAIN:-webhook.wa.darknex.us}"
+KNATIVE_DOMAIN="${KNATIVE_DOMAIN:-wa.darknex.us}"
+KUBECONFIG_PATH="${KUBECONFIG_PATH:-/etc/rancher/k3s/k3s.yaml}"
+DEPLOY_INGRESS="${DEPLOY_INGRESS:-true}"
+WEBHOOK_REPLICAS="${WEBHOOK_REPLICAS:-1}"

 echo "📋 Configuration:"
 echo "  Webhook Secret: ${WEBHOOK_SECRET:0:8}..."
 echo "  Manifests Path: $MANIFESTS_PATH"
 echo "  Webhook Domain: $WEBHOOK_DOMAIN"
+echo "  Knative Domain: $KNATIVE_DOMAIN"
+echo "  Deploy Ingress: $DEPLOY_INGRESS"
+echo "  Replicas: $WEBHOOK_REPLICAS"

 # Step 1: Create webhook system namespace
 echo ""
@@ -26,6 +41,19 @@ kubectl create secret generic webhook-secret \
  -n webhook-system \
  --dry-run=client -o yaml | kubectl apply -f -

+# Step 2.5: Create kubeconfig secret for webhook handler
+echo "🔑 Creating kubeconfig secret..."
+if [ -f "$KUBECONFIG_PATH" ]; then
+  kubectl create secret generic webhook-kubeconfig \
+    --from-file=config="$KUBECONFIG_PATH" \
+    -n webhook-system \
+    --dry-run=client -o yaml | kubectl apply -f -
+else
+  echo "⚠️ Kubeconfig not found at $KUBECONFIG_PATH"
+  echo "Please create the webhook-kubeconfig secret manually:"
+  echo "kubectl create secret generic webhook-kubeconfig --from-file=config=~/.kube/config -n webhook-system"
+fi
+
 # Step 3: Update webhook handler manifests with correct paths
 echo "🔧 Updating webhook handler manifests..."
 sed -i "s|/home/administrator/k8s-game-2048/manifests|$MANIFESTS_PATH|g" manifests/webhook/webhook-handler.yaml
@@ -89,7 +117,7 @@ echo "   - WEBHOOK_SECRET: $WEBHOOK_SECRET"
 echo "   - DEV_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
 echo "   - STAGING_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
 echo "   - PROD_WEBHOOK_URL: https://$WEBHOOK_DOMAIN/webhook/deploy"
-echo "   - KNATIVE_DOMAIN: your-knative-domain.com"
+echo "   - KNATIVE_DOMAIN: $KNATIVE_DOMAIN"
 echo ""
 echo "2. Expose webhook handler externally:"
 if [ "$DEPLOY_INGRESS" != "true" ]; then
@@ -121,5 +149,5 @@ echo "WEBHOOK_SECRET  | $WEBHOOK_SECRET"
 echo "DEV_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
 echo "STAGING_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
 echo "PROD_WEBHOOK_URL | https://$WEBHOOK_DOMAIN/webhook/deploy"
-echo "KNATIVE_DOMAIN  | your-knative-domain.com"
+echo "KNATIVE_DOMAIN  | $KNATIVE_DOMAIN"
 echo "===============================|"