-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
40 changed files
with
431 additions
and
1,602 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"projects": { | ||
"default": "andrejus-web" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
--- | ||
name: Bug report | ||
about: Create a report to help improve the site | ||
title: "[BUG] Report" | ||
labels: "bug \U0001F41E" | ||
assignees: '' | ||
|
||
--- | ||
|
||
**Describe the bug** | ||
A clear and concise description of what the bug is. | ||
|
||
**To Reproduce** | ||
Steps to reproduce the behavior: | ||
1. Go to '...' | ||
2. Click on '....' | ||
3. Scroll down to '....' | ||
4. See error | ||
|
||
**Expected behavior** | ||
A clear and concise description of what you expected to happen. | ||
|
||
**Screenshots** | ||
If applicable, add screenshots to help explain your problem. | ||
|
||
**Desktop (please complete the following information):** | ||
- OS: [e.g. iOS] | ||
- Browser [e.g. chrome, safari] | ||
- Version [e.g. 22] | ||
|
||
**Smartphone (please complete the following information):** | ||
- Device: [e.g. iPhone6] | ||
- OS: [e.g. iOS8.1] | ||
- Browser [e.g. stock browser, safari] | ||
- Version [e.g. 22] | ||
|
||
**Additional context** | ||
Add any other context about the problem here. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
[submodule "themes/hugo-alageek-theme"] | ||
path = themes/hugo-alageek-theme | ||
url = https://github.com/gkmngrgn/hugo-alageek-theme | ||
[submodule "themes/hugo-psi-theme"] | ||
path = themes/hugo-psi-theme | ||
url = https://github.com/andrejusk/hugo-psi-theme |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
andrejusk.github.io (c) by Andrejus Kostarevas | ||
|
||
andrejusk.github.io is licensed under a | ||
Creative Commons Attribution-ShareAlike 4.0 International License. | ||
|
||
You should have received a copy of the license along with this | ||
work. If not, see <http://creativecommons.org/licenses/by-sa/4.0/>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,106 @@ | ||
# andrejusk.github.io | ||
# [andrejus.uk](https://andrejus.uk/) | ||
|
||
Built and deployed with Google Cloud. | ||
|
||
Actual README.md coming eventually. GCP documentation in the meantime. | ||
|
||
## Container Registry Images | ||
|
||
We'll need a Hugo builder image and a Firebase deployer image for the Cloud Build steps, along with the default gcloud images. | ||
|
||
For the Hugo builder image, run the following in Cloud Shell [[1]]. | ||
```sh | ||
### Clone community cloud builders repo | ||
git clone https://github.com/andrejusk/cloud-builders-community.git | ||
|
||
### Navigate to Hugo (cloud-builders-community) | ||
cd cloud-builders-community/hugo | ||
|
||
### Build Hugo image | ||
gcloud builds submit --config cloudbuild.yaml . | ||
``` | ||
|
||
Firebase deployer image for prod [[1]]. Run after above. | ||
```sh | ||
### Navigate to Firebase (cloud-builders-community) | ||
cd ../firebase | ||
|
||
### Permissions fix | ||
chmod +x firebase.bash | ||
|
||
### Build Firebase image | ||
gcloud builds submit --config cloudbuild.yaml . | ||
``` | ||
|
||
## KMS for Production Deployment | ||
|
||
The Firebase deployer needs a token to authenticate. Creating a deployment token and encrypting it [[2]]. Run locally or in Cloud Shell. | ||
|
||
```sh | ||
### Generate new token to be encrypted | ||
firebase login:ci | ||
``` | ||
|
||
Run in Cloud Shell. | ||
|
||
```sh | ||
### Set token as envrionment variable | ||
TOKEN=<GENERATED_TOKEN> | ||
``` | ||
|
||
If KMS not used before. | ||
```sh | ||
### Enable Cryptographic Keys service | ||
gcloud services enable cloudkms.googleapis.com | ||
``` | ||
|
||
|
||
```sh | ||
#### Create a keyring for Cloud Build | ||
gcloud kms keyrings create cloudbuilder --location global | ||
|
||
#### Create a key for the Firebase token | ||
gcloud kms keys create firebase-token --location global --keyring cloudbuilder --purpose encryption | ||
|
||
#### Create the encrypted token | ||
echo -n $TOKEN | gcloud kms encrypt \ | ||
--plaintext-file=- \ | ||
--ciphertext-file=- \ | ||
--location=global \ | ||
--keyring=cloudbuilder \ | ||
--key=firebase-token | base64 | ||
``` | ||
|
||
Now add the encrypted token to the [cloudbuild.yaml](cloudbuild.yaml) definition, as follows. | ||
|
||
```yaml | ||
secrets: | ||
- kmsKeyName: 'projects/<PROJECT_ID>/locations/global/keyRings/cloudbuilder/cryptoKeys/firebase-token' | ||
secretEnv: | ||
FIREBASE_TOKEN: '<ENCRYPTED_TOKEN>' | ||
``` | ||
## IAM for Deployments | ||
The Firebase deployment token was encrypted using a KMS key. By default, the Cloud Builder's service account cannot access other GCP services, and hence cannot access the key to decrypt the token. | ||
To allow Cloud Build to decrypt the key. | ||
Grant `<PROJECT_NUMBER>@cloudbuild.gserviceaccount.com` | ||
the IAM `Cloud KMS CryptoKey Decrypter` role. | ||
|
||
To allow Cloud Build to deploy to App Engine. | ||
|
||
Grant `<PROJECT_NUMBER>@cloudbuild.gserviceaccount.com` | ||
the IAM `App Engine Admin` role. | ||
|
||
## References | ||
|
||
[1]: https://robertsahlin.com/serverless-static-blog-powered-by-hugo-github-cloud-build-and-firebase/ | ||
[[1]] - R. Sahlin, | ||
_Serverless Static Blog powered by Hugo, Github, Cloud Build and Firebase_, | ||
August 3, 2018. | ||
|
||
[2]: https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/firebase | ||
[[2]] - GoogleCloudPlatform, | ||
_cloud-builders-community/firebase_. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
runtime: python27 | ||
api_version: 1 | ||
threadsafe: true | ||
|
||
handlers: | ||
- url: /$ | ||
static_files: public/index.html | ||
upload: public/index.html | ||
|
||
- url: /(.*)/$ | ||
static_files: public/\1/index.html | ||
upload: public/.*/index.html | ||
|
||
- url: /(.+) | ||
static_files: public/\1 | ||
upload: public/(.*) |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.