From f7551db9f87dfcb93dad3b2580c846da8e79b671 Mon Sep 17 00:00:00 2001 From: Elaman Nazarkulov Date: Thu, 2 Jan 2025 17:18:42 +0600 Subject: [PATCH 1/4] Remove firebase --- ...at-5f7ba-firebase-adminsdk-1523p-0a596434ea.json | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 src/main/resources/open-chat-5f7ba-firebase-adminsdk-1523p-0a596434ea.json diff --git a/src/main/resources/open-chat-5f7ba-firebase-adminsdk-1523p-0a596434ea.json b/src/main/resources/open-chat-5f7ba-firebase-adminsdk-1523p-0a596434ea.json deleted file mode 100644 index af40347..0000000 --- a/src/main/resources/open-chat-5f7ba-firebase-adminsdk-1523p-0a596434ea.json +++ /dev/null @@ -1,13 +0,0 @@ -{ - "type": "service_account", - "project_id": "open-chat-5f7ba", - "private_key_id": "0a596434ea046a80a9d2613e04de8a7e6fd338ba", - "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCqRuJrqVLYQM/7\nW3V+oEba3w6vbu0/wKiCuTCrhnxiaZ/a9Hk3NK64xWnlX+isDxWrNgz/0RYIiAWZ\niVxy+28vTsDyqWqlsUUGuGa/mBzHJ+Xxxdk8/PAMA6Tv/wn3j+CWarTYtIZ/Nxpy\nnKKqzV8uwF/lbpOPC/pUNkWJFdwLTrQK1Yy/jEPtTFz7TZkFu8kluTL/Jo9UBZkX\nBRqZsnd6WBJMhKQe4JB9ZhvVr07V1DfrVDhZHo/ETys+J0wjLI36Vpsl6w2e3MAk\ngLdVamZtMG9oBuzgpQzPcfT0u6589zDuQ0aZHBSg/Z7X7o7dmnSH7CLBWdHK4kMa\nxAEclwFFAgMBAAECggEAMLhCbZqPhSeaOqmzBw2V6Gb9HS4IfP7DWE/jgJhku4XM\nQspDaovM2DpH7+TOvng8c3XuJz3sZ3l/3KvkQ1P0vpzycRwPUyRTAza802ITDdq5\nHMHGw//9MPrT9QVMlURZ9r/GSeDxQLIEA7oUgvlrHAXYCl3mo33CXNkAcVZLVQJx\n59SbJWoigCYBFUFqQc5ohJ2sg/RAWrVGwJ0YaFs6+jRRksfvpnOqBHL/QlubknFS\nLx3h3IGfY5pN65QvNbQqggCGhyd3LvZWJMqz6GamoCqHOr5kh5b4ZaFOQJ3jmt7c\nSzojGUs1EZuiWWvpHOixdUEklbGCHvRcF4V42Qn6GwKBgQDtJF38gr6bq2kVh6kh\n9lxj96K0LoKXlipEa+CJi9q+6x4tFa185Yvk3gDaT0+Qz1fe38WPRK3fC7BMzWMc\nfC53OSZOrWA04FMcrFYKdBCbcabY/OR6tBgsIHqPB9RX6aIWyB6zRN+4YYymjVin\nWX0a60o5++8wFDFfAShZt4Mj6wKBgQC30U5QQYlubDBwO/f4Bd5Q0UAA0tP6fHzw\njuKAzT7FM8zE6yG+QN6LeFYV4XMtXZFpWMYACFE1rWHUVSV9EaHDQVeALt/9ty3H\nKxMYXOqYVBOzr2hh+BPyQKWN9+7ITw0ck/Ekn7w+Jat/ZKal+x+2tQqRzUIrQq5r\nWPsZNqKTjwKBgCiuo30NRPvZtSZfZpGP/RudQQleLUMqHMguJZATMQytsziSzndt\nvckemNDa6FB0caOnifHhG173V2Bln8okN6h2Ym7+6VFI5pk1q3ERpkO0hKYXBG9U\ndA0l6UCeXDxUtVzpKfMhLqwn+AQenYXgIUk78jjuUoNSA4JD5ZM2m0XPAoGAYmUW\n350FPOeK0jk3ljtF8srf0NEKCXZjxr0lf77eD9+Xh/05VccRmWSz6AiDh9AjS1nq\nuw+4sNv7lxZw987dYVBzzzjIS96nEYr8MLlkFmBDH5cQcAjEXJPASwthdTXjld2X\nYnxi3n15nLq6/fQ72Kh2XO+bsN6D0RCTcL6vLf8CgYAWMaYsuzWgRlJT9EJ/89kw\nGFl30ER9dP2EZicLDSGO09yfXMB/Qxf5cWWP60zdl+HqdqRezaCeSJOzeSXHJULo\nEfe8PiubV9jXZA0uYe+aHp3aTnqgEV5JbjiQBsZd3FBTjTBZ8Hg1gMBtQj8kOabu\nqDwHLz+kL3t5cCP7FWvXMw==\n-----END PRIVATE KEY-----\n", - "client_email": "firebase-adminsdk-1523p@open-chat-5f7ba.iam.gserviceaccount.com", - "client_id": "104183128038717550675", - "auth_uri": "https://accounts.google.com/o/oauth2/auth", - "token_uri": "https://oauth2.googleapis.com/token", - "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", - "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-1523p%40open-chat-5f7ba.iam.gserviceaccount.com", - "universe_domain": "googleapis.com" -} From 2197b0c66d2c80532ff83144b8ff1fc4f0dc388c Mon Sep 17 00:00:00 2001 From: Beksultan Date: Thu, 2 Jan 2025 19:08:18 +0600 Subject: [PATCH 2/4] Extract env variables and secrets --- .github/workflows/build.yaml | 23 ++++++++--- build.gradle | 2 - docker-compose/docker-compose.yaml | 12 ------ .../service/firebase/FCMInitializer.kt | 6 +-- src/main/resources/application-production.yml | 30 +++++++++++++- src/main/resources/application.yml | 40 ++++++++----------- 6 files changed, 66 insertions(+), 47 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ba22655..8f5b798 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -77,9 +77,22 @@ jobs: "docker rmi iceknight07/open-chat:latest || true" ssh -i ~/.ssh/private.key ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \ "docker run --name open-chat-server --network=open-chat-network -p 443:8443 -d \ - -e POSTGRES_URL=open-chat-postgres:5432/open_chat \ - -e POSTGRES_USER=postgres \ - -e POSTGRES_PASSWORD=12345678 \ - -e KMS_URL=ws://kurento-media-server:8888/kurento \ - -e SPRING_PROFILES_ACTIVE=production \ + -e POSTGRES_URL=${{ secrets.POSTGRES_URL }} \ + -e POSTGRES_USER=${{ secrets.POSTGRES_USER }} \ + -e POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \ + -e KMS_URL=${{ secrets.KMS_URL }} \ + -e AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} \ + -e AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} \ + -e AWS_REGION=${{ secrets.REGION }} \ + -e ATTACHMENTS_BUCKET=${{ secrets.ATTACHMENTS_BUCKET }} \ + -e RECORDINGS_BUCKET=${{ secrets.RECORDINGS_BUCKET }} \ + -e TRANSCRIPTS_BUCKET=${{ secrets.TRANSCRIPTS_BUCKET }} \ + -e COGNITO_USER_POOL_ID=${{ secrets.COGNITO_USER_POOL_ID }} \ + -e COGNITO_APP_CLIENT_ID=${{ secrets.COGNITO_APP_CLIENT_ID }} \ + -e COGNITO_APP_CLIENT_SECRET=${{ secrets.COGNITO_APP_CLIENT_SECRET }} \ + -e JWKS_URL=${{ secrets.JWKS_URL }} \ + -e OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} \ + -e GEMINI_API_KEY=${{ secrets.GEMINI_API_KEY }} \ + -e FIREBASE_CONFIGURATION_JSON=${{ secrets.FIREBASE_CONFIGURATION_JSON }} \ + -e SSL_KEY_STORE_PASSWORD=${{ secrets.SSL_KEY_STORE_PASSWORD }} \ iceknight07/open-chat:latest" \ No newline at end of file diff --git a/build.gradle b/build.gradle index 487c4db..48d4dd6 100644 --- a/build.gradle +++ b/build.gradle @@ -40,8 +40,6 @@ dependencies { implementation 'com.fasterxml.jackson.module:jackson-module-kotlin:2.17.1' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.1' - - runtimeOnly("com.mysql:mysql-connector-j") runtimeOnly("org.postgresql:postgresql") implementation 'org.flywaydb:flyway-core:10.10.0' implementation "org.flywaydb:flyway-database-postgresql:10.10.0" diff --git a/docker-compose/docker-compose.yaml b/docker-compose/docker-compose.yaml index 4b441d8..5bae8ee 100644 --- a/docker-compose/docker-compose.yaml +++ b/docker-compose/docker-compose.yaml @@ -13,18 +13,6 @@ services: volumes: - rabbitmq-data:/var/lib/rabbitmq - open-chat-mysql: - image: mysql:8.0.22 - container_name: open-chat-mysql - hostname: open-chat-mysql - environment: - - MYSQL_ROOT_PASSWORD=123456 - - MYSQL_DATABASE=open_chat - ports: - - '3310:3306' - volumes: - - local-mysql-data:/var/lib/mysql - open-chat-postgres: container_name: open-chat-postgres hostname: open-chat-postgres diff --git a/src/main/kotlin/io/openfuture/openmessenger/service/firebase/FCMInitializer.kt b/src/main/kotlin/io/openfuture/openmessenger/service/firebase/FCMInitializer.kt index 27604e7..796af64 100644 --- a/src/main/kotlin/io/openfuture/openmessenger/service/firebase/FCMInitializer.kt +++ b/src/main/kotlin/io/openfuture/openmessenger/service/firebase/FCMInitializer.kt @@ -15,8 +15,8 @@ import javax.annotation.PostConstruct @Service class FCMInitializer { - @Value("\${app.firebase-configuration-file}") - private val firebaseConfigPath: String? = null + @Value("\${app.firebase-configuration-json}") + private val firebaseConfigJson: String? = null var logger: Logger = LoggerFactory.getLogger(FCMInitializer::class.java) @@ -24,7 +24,7 @@ class FCMInitializer { fun initialize() { try { val options = FirebaseOptions.builder() - .setCredentials(GoogleCredentials.fromStream(ClassPathResource(firebaseConfigPath!!).getInputStream())) + .setCredentials(GoogleCredentials.fromStream(firebaseConfigJson!!.byteInputStream())) .build() if (FirebaseApp.getApps().isEmpty()) { FirebaseApp.initializeApp(options) diff --git a/src/main/resources/application-production.yml b/src/main/resources/application-production.yml index ed48cf6..7c745bf 100644 --- a/src/main/resources/application-production.yml +++ b/src/main/resources/application-production.yml @@ -5,13 +5,41 @@ spring: username: ${POSTGRES_USER} password: ${POSTGRES_PASSWORD} +aws: + access-key: ${AWS_ACCESS_KEY} + secret-key: ${AWS_SECRET_KEY} + region: ${AWS_REGION} + attachments-bucket: ${ATTACHMENTS_BUCKET} + recordings-bucket: ${RECORDINGS_BUCKET} + transcripts-bucket: ${TRANSCRIPTS_BUCKET} + cognito: + user-pool-id: ${COGNITO_USER_POOL_ID} + app-client-id: ${COGNITO_APP_CLIENT_ID} + app-client-secret: ${COGNITO_APP_CLIENT_SECRET} + +jwks: + url: ${JWKS_URL} + +openai: + model: gpt-3.5-turbo-0301 + api: + url: https://api.openai.com/v1/chat/completions + key: ${OPENAI_API_KEY} + +gemini: + api: + key: ${GEMINI_API_KEY} + url: https://generativelanguage.googleapis.com/v1beta/models +app: + firebase-configuration-json: ${FIREBASE_CONFIGURATION_JSON} + kms: url: ${KMS_URL} server: ssl: key-store: classpath:keystore.p12 - key-store-password: 12345678 + key-store-password: ${SSL_KEY_STORE_PASSWORD} key-store-type: PKCS12 key-alias: tomcat port: 8443 diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index bb800ff..1997682 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -8,43 +8,35 @@ spring: password: 123456 jpa: database-platform: org.hibernate.dialect.PostgreSQLDialect - cloud: - gcp: - credentials: - location: file:/Users/beksultan/Documents/open-messanger/alien-scope-428812-i2-0794e36fcbee.json servlet: multipart: max-file-size: 50MB max-request-size: 50MB aws: - access-key: ${AWS_ACCESS_KEY} - secret-key: ${AWS_SECRET_KEY} - region: us-east-2 - attachments-bucket: ${AWS_ATTACHMENTS_BUCKET} - recordings-bucket: ${AWS_RECORDINGS_BUCKET} - transcripts-bucket: ${AWS_TRANSCRIPTS_BUCKET} + access-key: + secret-key: + region: + attachments-bucket: + recordings-bucket: + transcripts-bucket: cognito: - user-pool-id: ${AWS_COGNITO_USER_POOL_ID} - app-client-id: ${AWS_COGNITO_APP_CLIENT_ID} - app-client-secret: ${AWS_COGNITO_APP_CLIENT_SECRET} + user-pool-id: + app-client-id: + app-client-secret: jwks: - url: ${AWS_COGNITO_JWKS_URL} + url: openai: - model: ${OPENAI_MODEL} + model: gpt-3.5-turbo-0301 api: - url: ${OPENAI_API_URL} - key: ${OPENAI_API_KEY} + url: https://api.openai.com/v1/chat/completions + key: gemini: api: - key: ${GEMINI_API_KEY} - url: ${GEMINI_API_URL} - - -system: - GOOGLE_APPLICATION_CREDENTIALS: ${GOOGLE_APPLICATION_CREDENTIALS} + key: + url: https://generativelanguage.googleapis.com/v1beta/models kms: url: ws://127.0.0.1:8888/kurento @@ -64,4 +56,4 @@ state: # FIREBASE app: - firebase-configuration-file: ${FIREBASE_CONFIG_FILE} \ No newline at end of file + firebase-configuration-json: \ No newline at end of file From d5eb3881088176d2d5f712cf710a00da8f90d679 Mon Sep 17 00:00:00 2001 From: Beksultan Date: Thu, 2 Jan 2025 19:09:25 +0600 Subject: [PATCH 3/4] Extract env variables and secrets --- .github/workflows/build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 8f5b798..408c6ee 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -77,6 +77,7 @@ jobs: "docker rmi iceknight07/open-chat:latest || true" ssh -i ~/.ssh/private.key ${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \ "docker run --name open-chat-server --network=open-chat-network -p 443:8443 -d \ + -e SPRING_PROFILES_ACTIVE=production \ -e POSTGRES_URL=${{ secrets.POSTGRES_URL }} \ -e POSTGRES_USER=${{ secrets.POSTGRES_USER }} \ -e POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \ From 0af62813654480a6bc95e0ead7fa3618f92b675a Mon Sep 17 00:00:00 2001 From: Beksultan Date: Thu, 2 Jan 2025 19:10:12 +0600 Subject: [PATCH 4/4] Extract env variables and secrets --- .github/workflows/build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 408c6ee..6c880ab 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -84,10 +84,10 @@ jobs: -e KMS_URL=${{ secrets.KMS_URL }} \ -e AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }} \ -e AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }} \ - -e AWS_REGION=${{ secrets.REGION }} \ - -e ATTACHMENTS_BUCKET=${{ secrets.ATTACHMENTS_BUCKET }} \ - -e RECORDINGS_BUCKET=${{ secrets.RECORDINGS_BUCKET }} \ - -e TRANSCRIPTS_BUCKET=${{ secrets.TRANSCRIPTS_BUCKET }} \ + -e AWS_REGION=${{ vars.REGION }} \ + -e ATTACHMENTS_BUCKET=${{ vars.ATTACHMENTS_BUCKET }} \ + -e RECORDINGS_BUCKET=${{ vars.RECORDINGS_BUCKET }} \ + -e TRANSCRIPTS_BUCKET=${{ vars.TRANSCRIPTS_BUCKET }} \ -e COGNITO_USER_POOL_ID=${{ secrets.COGNITO_USER_POOL_ID }} \ -e COGNITO_APP_CLIENT_ID=${{ secrets.COGNITO_APP_CLIENT_ID }} \ -e COGNITO_APP_CLIENT_SECRET=${{ secrets.COGNITO_APP_CLIENT_SECRET }} \