Better deployment

.env.sample

@@ -1,8 +1,27 @@
-AVM_MICROSERVICE_HOST=localhost:7200
-FIREBASE_CREDENTIALS=
-FIREBASE_PROJECT_ID=
-ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=
-ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
-ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
-RAILS_LOG_LEVEL=
-ROOT_URL_REDIRECT=
+# ---- required in all environments ----
+ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=wdquAMgEOvYATXZzH2qWYhAT-d33R5s9NBaT3u0NTuE           # random base64 encoded 32 bytes (should result in 44 characters)
+ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=uY3Dcm4RmTeSaILJZvD3Bk34zB7FttZLDwIMoM3YutE     # random base64 encoded 32 bytes (should result in 44 characters)
+ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=Gsx8gdeRzLlWS6qWnpPglEIDI_mn2t4tyUkoeChZ7Ho   # random base64 encoded 32 bytes (should result in 44 characters)
+AVM_MICROSERVICE_HOST=localhost:7200    # host of the AVM service
+
+
+# ---- required in produciton environment ----
+DATABASE_URL=postgres://avm_server:password@pg-host:5432/avm_server_production
+SECRET_KEY_BASE=be48dd3219138cc04cbdb48fb5324a4fb1a043c3db892ecf00087d895b97ea21bc5a64fddaa3835373cf2d3d62d8c4546a0359b68f6cc42278a5cc64bdfa9a5a     # random 64 bytes in hex
+
+
+# ---- rails app envs ----
+RAILS_ENV=development       # development, test, production
+RAILS_LOG_LEVEL=info        # error, warn, info
+RAILS_LOG_TO_STDOUT=true    # true, false - defaults to false in production; recommended to set to true for containered deployments
+
+
+# ---- optional ----
+APPLE_APP_SITE_ASSOCIATION=e30=         # Base64 encoded content of Apple's /.well-known/apple-app-site-associaton file
+ANDROID_ASSTELINKS=e30=                 # Base64 encoded contant of Andorid's /.well-known/assetlink.json file
+
+FIREBASE_CREDENTIALS=                   # needed for Firebase Cloud Messaging - notifications
+FIREBASE_PROJECT_ID=                    # needed for Firebase Cloud Messaging - notifications
+
+ROOT_URL_REDIRECT=https://example.com/          # where to redirect root path request "/"
+QR_CODE_URL_REDIRECT=https://example.com/       # where to redirect "/qr-code" request

.gitlab/auto-deploy-values.yaml

@@ -34,10 +34,3 @@ persistence:
       accessMode: ReadWriteMany
       size: 1Gi
       storageClass: nfs-client
-  - name: autogram-server-well-known
-    mount:
-      path: /app/public/.well-known
-    claim:
-      accessMode: ReadWriteMany
-      size: 1Mi
-      storageClass: nfs-client

README.md

@@ -17,6 +17,8 @@ Projekt sa skladá z viacerých častí:
 
 ## Ako si to rozbehnúť
 
+### Development prostredie
+
 - Je potrebné si nainštalovať správnu verziu Ruby. To sa najlepšie robí cez [RVM](https://rvm.io/) alebo [Rbenv](https://github.com/rbenv/rbenv).
 - Aplikácia vyžaduje PostgreSQL databázu.
 - Skopírovať `.env.sample` do `.env` a nastaviť hodnoty.
@@ -28,6 +30,17 @@ bundle exec rails db:setup
 bundle esec rails s
 ```
 
+### Produkčné nasadenie v kontajneri
+
+- Je potrebné si vybuildiť Docker image na základe poskytnutého Dockerfile.
+- Volume pre šifrované ukladanie podpisovaných súborov v `/app/storage`
+- Premenné prosredia sú bližšie popísané v `.env.sample`, pričom tieto sú nevyhnutné pre produkčné nasadenie:
+  - PostgreSQL a connection string v `DATABASE_URL`
+  - Adresa [AVM Service](https://github.com/slovensko-digital/avm-service) inštnacie v `AVM_MICROSERVICE_HOST`
+  - Nastavené ENVs `ACTIVE_RECORD_ENCRYPTION_*`
+  - Nastavený ENV `SECRET_KEY_BASE`
+  - Nastavený ENV `RAILS_ENV=production`
+
 
 ## Architektúra riešenia
 

app/controllers/assetlinks_controller.rb

@@ -0,0 +1,9 @@
+class AssetlinksController < ApplicationController
+  def apple_app_site_association
+    render :json => JSON.load(Base64.decode64 ENV.fetch('APPLE_APP_SITE_ASSOCIATION', 'e30='))
+  end
+
+  def android_assetlinks
+    render :json => JSON.load(Base64.decode64 ENV.fetch('ANDROID_ASSETLINKS', 'e30='))
+  end
+end

config/routes.rb

@@ -20,11 +20,12 @@
       resources :integration_devices, path: '/integration-devices', only: [:index, :destroy]
       resource :sign_request, path: '/sign-request', only: [:create]
 
-      get '/qr-code', to: redirect('https://sluzby.slovensko.digital/autogram-v-mobile/#download', status: 302)
+      get '/qr-code', to: redirect(ENV.fetch("QR_CODE_URL_REDIRECT", 'https://sluzby.slovensko.digital/autogram-v-mobile/#download'), status: 302)
     end
   end
 
-  get '/.well-known/apple-app-site-association' => 'apple#apple_app_site_association'
+  get '/.well-known/apple-app-site-association' => 'assetlinks#apple_app_site_association'
+  get '/.well-known/assetlinks.json' => 'assetlinks#android_assetlinks'
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.