From 89d3bb73f66193f3cf092bce047d6a5048ada8b7 Mon Sep 17 00:00:00 2001
From: aradhanas9 <147805399+aradhanas9@users.noreply.github.com>
Date: Thu, 9 May 2024 22:06:57 +0530
Subject: [PATCH] Update Lethe server configuration (#4854)

---
 .github/workflows/alpha_cleanup.yml | 16 +++++++++++++---
 .github/workflows/beta_to_prod.yml  | 16 +++++++++++++---
 .github/workflows/release.yml       | 16 +++++++++++++---
 tools/cleanup.sh                    |  6 +++---
 tools/deploy.sh                     |  6 +++---
 tools/release.sh                    |  6 +++---
 tools/upload.sh                     |  4 ++--
 7 files changed, 50 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/alpha_cleanup.yml b/.github/workflows/alpha_cleanup.yml
index bc3815dec4..a7273a2d6b 100644
--- a/.github/workflows/alpha_cleanup.yml
+++ b/.github/workflows/alpha_cleanup.yml
@@ -24,11 +24,21 @@ jobs:
         with:
           fetch-depth: "0"
 
-      - name: Install SSH key
+      - name: Install SSH key for Bastion
         uses: shimataro/ssh-key-action@v2
         with:
-          key: ${{ secrets.SSH_PRIV_KEY }}
-          known_hosts: ${{ secrets.SSH_KNOWN_HOST_DEPLOY }}
+          key: ${{ secrets.DEV_TOOLS_BASTION_PRIVATE_KEY }}
+          name: id_rsa-bastion
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_BASTION }}
+          config: ${{ secrets.CONFIG }}
+
+      - name: Install SSH key of target
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.DEV_TOOLS_EC2_PRIVATE_KEY }}
+          name: id_rsa-target
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_TARGET }}
+          config: ${{ secrets.CONFIG }}
 
       - name: Clean-up old versions
         run: bash tools/cleanup.sh ${{ github.event.inputs.appVersion }}
diff --git a/.github/workflows/beta_to_prod.yml b/.github/workflows/beta_to_prod.yml
index 1ce2347637..cec8f75179 100644
--- a/.github/workflows/beta_to_prod.yml
+++ b/.github/workflows/beta_to_prod.yml
@@ -16,11 +16,21 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Install SSH key
+      - name: Install SSH key for Bastion
         uses: shimataro/ssh-key-action@v2
         with:
-          key: ${{ secrets.SSH_PRIV_KEY }}
-          known_hosts: ${{ secrets.SSH_KNOWN_HOST_DEPLOY }}
+          key: ${{ secrets.DEV_TOOLS_BASTION_PRIVATE_KEY }}
+          name: id_rsa-bastion
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_BASTION }}
+          config: ${{ secrets.CONFIG }}
+
+      - name: Install SSH key of target
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.DEV_TOOLS_EC2_PRIVATE_KEY }}
+          name: id_rsa-target
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_TARGET }}
+          config: ${{ secrets.CONFIG }}
 
       - name: Ready for promotion
         run: bash tools/deploy.sh ${{ github.event.inputs.betaVersion }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0619b206ba..02516d930b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -210,11 +210,21 @@ jobs:
         run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT
         id: extract_branch
 
-      - name: Install SSH key
+      - name: Install SSH key for Bastion
         uses: shimataro/ssh-key-action@v2
         with:
-          key: ${{ secrets.SSH_PRIV_KEY }}
-          known_hosts: ${{ secrets.SSH_KNOWN_HOST_DEPLOY }}
+          key: ${{ secrets.DEV_TOOLS_BASTION_PRIVATE_KEY }}
+          name: id_rsa-bastion
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_BASTION }}
+          config: ${{ secrets.CONFIG }}
+
+      - name: Install SSH key of target
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.DEV_TOOLS_EC2_PRIVATE_KEY }}
+          name: id_rsa-target
+          known_hosts: ${{ secrets.KNOWN_HOSTS_OF_TARGET }}
+          config: ${{ secrets.CONFIG }}
       - name: Setup git
         run: |
           git config user.email ${{ env.GITHUB_EMAILID }}
diff --git a/tools/cleanup.sh b/tools/cleanup.sh
index c0d0ae43b4..3a56a5c9f7 100755
--- a/tools/cleanup.sh
+++ b/tools/cleanup.sh
@@ -13,7 +13,7 @@ purge() {
 
     echo " - ${version}"
     python3 tools/versions.py --delete "${version}"
-    ssh -o StrictHostKeyChecking=no -T nuxeo@lethe.nuxeo.com "rm -vf ${REMOTE_PATH_PROD}/alpha/*${version}.* ${REMOTE_PATH_PROD}/alpha/*${version}-*" || true
+    ssh -o StrictHostKeyChecking=no -T lethe.nuxeo.com "rm -vf ${REMOTE_PATH_PROD}/alpha/*${version}.* ${REMOTE_PATH_PROD}/alpha/*${version}-*" || true
     git tag --delete "alpha-${version}" || true
     git push --delete origin "wip-alpha-${version}" || true  # branch
     git push --delete origin "alpha-${version}" || true  # tag
@@ -32,7 +32,7 @@ main() {
     python3 -m pip install --user pyyaml==5.3.1
 
     echo ">>> Retrieving versions.yml"
-    rsync -e "ssh -o StrictHostKeyChecking=no" -vz nuxeo@lethe.nuxeo.com:"${REMOTE_PATH_PROD}/versions.yml" .
+    rsync -e "ssh -o StrictHostKeyChecking=no" -vz lethe.nuxeo.com:"${REMOTE_PATH_PROD}/versions.yml" .
 
     echo ">>> Checking versions.yml integrity"
     python3 tools/versions.py --check || exit 1
@@ -68,7 +68,7 @@ main() {
     python3 tools/versions.py --check || exit 1
 
     echo ">>> Uploading versions.yml"
-    rsync -e "ssh -o StrictHostKeyChecking=no" -vz versions.yml nuxeo@lethe.nuxeo.com:"${REMOTE_PATH_PROD}/"
+    rsync -e "ssh -o StrictHostKeyChecking=no" -vz versions.yml lethe.nuxeo.com:"${REMOTE_PATH_PROD}/"
 }
 
 main "$@"
diff --git a/tools/deploy.sh b/tools/deploy.sh
index 0fc3038eb6..7739503454 100755
--- a/tools/deploy.sh
+++ b/tools/deploy.sh
@@ -22,7 +22,7 @@ release() {
     fi
 
     echo ">>> [${latest_release}] Deploying to the production website"
-    ssh -o "StrictHostKeyChecking=no" -T nuxeo@lethe.nuxeo.com <<EOF
+    ssh -o "StrictHostKeyChecking=no" -T lethe.nuxeo.com <<EOF
 # Move beta files into the release folder
 mv -vf ${REMOTE_PATH_PROD}/beta/*${drive_version}* ${REMOTE_PATH_PROD}/release/
 
@@ -45,9 +45,9 @@ EOF
     echo ">>> [release ${drive_version}] Generating the versions file"
     python3 -m pip install --user -U setuptools wheel
     python3 -m pip install --user pyyaml==5.3.1
-    rsync -e "ssh -o StrictHostKeyChecking=no" -vz nuxeo@lethe.nuxeo.com:"${REMOTE_PATH_PROD}/versions.yml" .
+    rsync -e "ssh -o StrictHostKeyChecking=no" -vz lethe.nuxeo.com:"${REMOTE_PATH_PROD}/versions.yml" .
     python3 tools/versions.py --promote "${drive_version}" --type "release"
-    rsync -e "ssh -o StrictHostKeyChecking=no" -vz versions.yml nuxeo@lethe.nuxeo.com:"${REMOTE_PATH_PROD}/"
+    rsync -e "ssh -o StrictHostKeyChecking=no" -vz versions.yml lethe.nuxeo.com:"${REMOTE_PATH_PROD}/"
 }
 
 release "$@"
diff --git a/tools/release.sh b/tools/release.sh
index 25bf442db4..ceab914be0 100755
--- a/tools/release.sh
+++ b/tools/release.sh
@@ -15,7 +15,7 @@ cancel() {
     artifacts="${REMOTE_PATH_STAGING}/${GITHUB_RUN_NUMBER}"
 
     echo ">>> [Deploy] Removing uploaded artifacts"
-    ssh -o "StrictHostKeyChecking=no" nuxeo@lethe.nuxeo.com rm -rfv "${artifacts}"
+    ssh -o "StrictHostKeyChecking=no" lethe.nuxeo.com rm -rfv "${artifacts}"
 }
 
 create() {
@@ -48,8 +48,8 @@ publish() {
     fi
 
     echo ">>> [${release_type} ${drive_version}] Deploying to the server"
-    scp -o "StrictHostKeyChecking=no" tools/versions.py nuxeo@lethe.nuxeo.com:"${artifacts}"
-    ssh -o "StrictHostKeyChecking=no" -T nuxeo@lethe.nuxeo.com <<EOF
+    scp -o "StrictHostKeyChecking=no" tools/versions.py lethe.nuxeo.com:"${artifacts}"
+    ssh -o "StrictHostKeyChecking=no" -T lethe.nuxeo.com <<EOF
 cd ${artifacts} || exit 1
 
 echo " >> [Deploy] Generating ${drive_version}.yml"
diff --git a/tools/upload.sh b/tools/upload.sh
index c623daa005..1c985ec009 100644
--- a/tools/upload.sh
+++ b/tools/upload.sh
@@ -15,8 +15,8 @@ publish_staging() {
     path="${REMOTE_PATH_STAGING}/${GITHUB_RUN_NUMBER}/"
 
     echo ">>> [Upload] Deploying to the staging server"
-    rsync -e "ssh -o StrictHostKeyChecking=no" --chmod=755 -pvz "${artifact}" nuxeo@lethe.nuxeo.com:"${path}" || \
-        rsync -e "ssh -o StrictHostKeyChecking=no" -vz "${artifact}" nuxeo@lethe.nuxeo.com:"${path}" || exit 1  # macOS does not have --chmod
+    rsync -e "ssh -o StrictHostKeyChecking=no" --chmod=755 -pvz "${artifact}" lethe.nuxeo.com:"${path}" || \
+        rsync -e "ssh -o StrictHostKeyChecking=no" -vz "${artifact}" lethe.nuxeo.com:"${path}" || exit 1  # macOS does not have --chmod
     echo "Artifacts deployed to:"
     echo " >>> ${REMOTE_PATH_STAGING}/${GITHUB_RUN_NUMBER} <<<"
 }