From 066366ff2e318ace765529cbba55121feb0388cc Mon Sep 17 00:00:00 2001 From: faucomte97 Date: Fri, 1 Nov 2024 21:48:45 +0000 Subject: [PATCH] Use readonly user --- .github/actions/deploy_gcloud/action.yml | 4 ++++ .github/workflows/deploy_default.yml | 1 + .github/workflows/deploy_dev.yml | 1 + .github/workflows/deploy_staging.yml | 1 + app.yaml.tmpl | 1 + django_site/settings.py | 3 ++- 6 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/actions/deploy_gcloud/action.yml b/.github/actions/deploy_gcloud/action.yml index 8458016..2c4ce7b 100644 --- a/.github/actions/deploy_gcloud/action.yml +++ b/.github/actions/deploy_gcloud/action.yml @@ -22,6 +22,9 @@ inputs: database-host: description: Database host required: true + database-password: + description: Database password + required: true django-secret: description: Django secret required: true @@ -181,6 +184,7 @@ runs: CLOUDSDK_PYTHON_SITEPACKAGES: "1" DATABASE_NAME: cfl_${{env.DATABASE_POSTFIX}} DATABASE_HOST: ${{ inputs.database-host }} + DATABASE_PASSWORD: ${{ inputs.database-password }} CACHE_PREFIX: ${{ env.MODULE_NAME }}- AWS_ACCESS_KEY_ID: ${{ inputs.aws-access-key-id }} AWS_SECRET_ACCESS_KEY: ${{ inputs.aws-secret-access-key }} diff --git a/.github/workflows/deploy_default.yml b/.github/workflows/deploy_default.yml index 0ceb315..49fb723 100644 --- a/.github/workflows/deploy_default.yml +++ b/.github/workflows/deploy_default.yml @@ -48,6 +48,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} database-host: ${{ secrets.DATABASE_HOST }} + database-password: ${{ secrets.DATABASE_PASSWORD }} django-secret: ${{ secrets.DJANGO_SECRET }} django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }} dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }} diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 4979276..d26b7bd 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -58,6 +58,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} database-host: ${{ secrets.DATABASE_HOST }} + database-password: ${{ secrets.DATABASE_PASSWORD }} django-secret: ${{ secrets.DJANGO_SECRET }} django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }} dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }} diff --git a/.github/workflows/deploy_staging.yml b/.github/workflows/deploy_staging.yml index a8f4599..43733cd 100644 --- a/.github/workflows/deploy_staging.yml +++ b/.github/workflows/deploy_staging.yml @@ -48,6 +48,7 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} database-host: ${{ secrets.DATABASE_HOST }} + database-password: ${{ secrets.DATABASE_PASSWORD }} django-secret: ${{ secrets.DJANGO_SECRET }} django-portal-contact-form-email: ${{ secrets.DJANGO_PORTAL_CONTACT_FORM_EMAIL }} dotmailer-create-contact-url: ${{ secrets.DOTMAILER_CREATE_CONTACT_URL }} diff --git a/app.yaml.tmpl b/app.yaml.tmpl index 117b3ba..3165a18 100644 --- a/app.yaml.tmpl +++ b/app.yaml.tmpl @@ -27,6 +27,7 @@ env_variables: CACHE_PREFIX: '${CACHE_PREFIX}' DATABASE_NAME: '${DATABASE_NAME}' DATABASE_HOST: '${DATABASE_HOST}' + DATABASE_PASSWORD: '${DATABASE_PASSWORD}' RECAPTCHA_PRIVATE_KEY: '${RECAPTCHA_PRIVATE_KEY}' RECAPTCHA_PUBLIC_KEY: '${RECAPTCHA_PUBLIC_KEY}' DJANGO_PORTAL_CONTACT_FORM_EMAIL: '${DJANGO_PORTAL_CONTACT_FORM_EMAIL}' diff --git a/django_site/settings.py b/django_site/settings.py index 2af5460..ec66612 100644 --- a/django_site/settings.py +++ b/django_site/settings.py @@ -171,7 +171,8 @@ "ENGINE": "django.db.backends.mysql", "HOST": os.getenv("DATABASE_HOST"), "NAME": os.getenv("DATABASE_NAME"), - "USER": "root", + "USER": "readonly", + "PASSWORD": os.getenv("DATABASE_PASSWORD"), "ATOMIC_REQUESTS": True, } }