mirror of
https://github.com/ghndrx/k8s-game-2048.git
synced 2026-02-10 06:45:07 +00:00
d582108b16
- Add .env.example template with all configurable values - Create comprehensive .gitignore for personal data - Add sanitization script to remove hardcoded personal info - Add environment-aware deployment scripts - Add ENVIRONMENT.md documentation - Keep personal information in .env (gitignored) This makes the repository safe for public sharing while keeping personal domains, emails, and secrets secure.
104 lines
3.0 KiB
Markdown
104 lines
3.0 KiB
Markdown
# Environment Configuration
|
|
|
|
This repository uses environment variables to keep personal information (domains, emails, repository names) out of the public codebase.
|
|
|
|
## Quick Setup
|
|
|
|
1. **Copy the environment template:**
|
|
```bash
|
|
cp .env.example .env
|
|
```
|
|
|
|
2. **Edit `.env` with your information:**
|
|
```bash
|
|
nano .env
|
|
```
|
|
|
|
3. **Update these key values:**
|
|
- `BASE_DOMAIN` - Your domain (e.g., `example.com`)
|
|
- `GITHUB_REPOSITORY` - Your GitHub repo (e.g., `username/k8s-game-2048`)
|
|
- `CERT_EMAIL` - Your email for SSL certificates
|
|
- `WEBHOOK_SECRET` - Generate with: `openssl rand -hex 32`
|
|
|
|
## Environment Variables
|
|
|
|
### Required Variables
|
|
|
|
| Variable | Description | Example |
|
|
|----------|-------------|---------|
|
|
| `BASE_DOMAIN` | Your base domain | `example.com` |
|
|
| `WEBHOOK_DOMAIN` | Webhook endpoint domain | `webhook.example.com` |
|
|
| `GITHUB_REPOSITORY` | Your GitHub repository | `username/k8s-game-2048` |
|
|
| `CERT_EMAIL` | Email for SSL certificates | `admin@example.com` |
|
|
| `WEBHOOK_SECRET` | Secret for webhook security | Generated 64-char hex |
|
|
|
|
### Auto-generated Domains
|
|
|
|
The following domains are automatically generated from `BASE_DOMAIN`:
|
|
|
|
- **Development**: `2048-dev.{BASE_DOMAIN}`
|
|
- **Staging**: `2048-staging.{BASE_DOMAIN}`
|
|
- **Production**: `2048.{BASE_DOMAIN}`
|
|
|
|
### Canonical Knative Domains
|
|
|
|
- **Dev**: `game-2048-dev.game-2048-dev.dev.{BASE_DOMAIN}`
|
|
- **Staging**: `game-2048-staging.game-2048-staging.staging.{BASE_DOMAIN}`
|
|
- **Production**: `game-2048-prod.game-2048-prod.{BASE_DOMAIN}`
|
|
|
|
## Security
|
|
|
|
- **Never commit `.env`** - It's in `.gitignore` for security
|
|
- **Use strong webhook secrets** - Generate with `openssl rand -hex 32`
|
|
- **Rotate secrets regularly** - Update webhook secret periodically
|
|
|
|
## Deployment Scripts
|
|
|
|
### Setup Webhook Handler
|
|
```bash
|
|
./scripts/setup-webhook-deployment.sh
|
|
```
|
|
|
|
### Prepare Environment-Specific Manifests
|
|
```bash
|
|
./scripts/prepare-deployment.sh
|
|
```
|
|
|
|
### Sanitize Repository (for public sharing)
|
|
```bash
|
|
./scripts/sanitize-repo.sh
|
|
```
|
|
|
|
## GitHub Secrets
|
|
|
|
After setting up your `.env`, configure these GitHub repository secrets:
|
|
|
|
1. Go to your repository Settings → Secrets and variables → Actions
|
|
2. Add these secrets from your `.env` file:
|
|
|
|
```
|
|
WEBHOOK_SECRET=<from .env>
|
|
DEV_WEBHOOK_URL=https://<WEBHOOK_DOMAIN>/webhook/deploy
|
|
STAGING_WEBHOOK_URL=https://<WEBHOOK_DOMAIN>/webhook/deploy
|
|
PROD_WEBHOOK_URL=https://<WEBHOOK_DOMAIN>/webhook/deploy
|
|
KNATIVE_DOMAIN=<BASE_DOMAIN>
|
|
```
|
|
|
|
## Template System
|
|
|
|
The repository uses a template system to keep personal information secure:
|
|
|
|
- **`manifests/templates/`** - Sanitized templates with placeholders
|
|
- **`manifests/`** - Your actual deployment manifests (gitignored)
|
|
- **`.env.example`** - Template for environment configuration
|
|
|
|
## Development Workflow
|
|
|
|
1. Clone repository
|
|
2. Copy `.env.example` to `.env`
|
|
3. Update `.env` with your configuration
|
|
4. Run `./scripts/prepare-deployment.sh`
|
|
5. Deploy with `./scripts/setup-webhook-deployment.sh`
|
|
|
|
This ensures your personal information stays private while keeping the codebase shareable.
|