Use readonly user

ocadotechnology · Nov 1, 2024 · 066366f · 066366f
1 parent d849924
commit 066366f
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 1 deletion.
diff --git a/.github/actions/deploy_gcloud/action.yml b/.github/actions/deploy_gcloud/action.yml
@@ -22,6 +22,9 @@ inputs:
   database-host:
     description: Database host
     required: true
+  database-password:
+    description: Database password
+    required: true
   django-secret:
     description: Django secret
     required: true
@@ -181,6 +184,7 @@ runs:
         CLOUDSDK_PYTHON_SITEPACKAGES: "1"
         DATABASE_NAME: cfl_${{env.DATABASE_POSTFIX}}
         DATABASE_HOST: ${{ inputs.database-host }}
+        DATABASE_PASSWORD: ${{ inputs.database-password }}
         CACHE_PREFIX: ${{ env.MODULE_NAME }}-
         AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }}
         AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }}

diff --git a/.github/workflows/deploy_default.yml b/.github/workflows/deploy_default.yml
@@ -48,6 +48,7 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           database-host: ${{ secrets.DATABASE_HOST }}
+          database-password: ${{ secrets.DATABASE_PASSWORD }}
           django-secret: ${{ secrets.DJANGO_SECRET }}
           django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }}
           dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }}

diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml
@@ -58,6 +58,7 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           database-host: ${{ secrets.DATABASE_HOST }}
+          database-password: ${{ secrets.DATABASE_PASSWORD }}
           django-secret: ${{ secrets.DJANGO_SECRET }}
           django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }}
           dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }}

diff --git a/.github/workflows/deploy_staging.yml b/.github/workflows/deploy_staging.yml
@@ -48,6 +48,7 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           database-host: ${{ secrets.DATABASE_HOST }}
+          database-password: ${{ secrets.DATABASE_PASSWORD }}
           django-secret: ${{ secrets.DJANGO_SECRET }}
           django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }}
           dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }}

diff --git a/app.yaml.tmpl b/app.yaml.tmpl
@@ -27,6 +27,7 @@ env_variables:
   CACHE_PREFIX: '${CACHE_PREFIX}'
   DATABASE_NAME: '${DATABASE_NAME}'
   DATABASE_HOST: '${DATABASE_HOST}'
+  DATABASE_PASSWORD: '${DATABASE_PASSWORD}'
   RECAPTCHA_PRIVATE_KEY: '${RECAPTCHA_PRIVATE_KEY}'
   RECAPTCHA_PUBLIC_KEY: '${RECAPTCHA_PUBLIC_KEY}'
   DJANGO_PORTAL_CONTACT_FORM_EMAIL: '${DJANGO_PORTAL_CONTACT_FORM_EMAIL}'

diff --git a/django_site/settings.py b/django_site/settings.py
@@ -171,7 +171,8 @@
         "ENGINE": "django.db.backends.mysql",
         "HOST": os.getenv("DATABASE_HOST"),
         "NAME": os.getenv("DATABASE_NAME"),
-        "USER": "root",
+        "USER": "readonly",
+        "PASSWORD": os.getenv("DATABASE_PASSWORD"),
         "ATOMIC_REQUESTS": True,
     }
 }