In your command-line run the following commands:
brew doctor
brew update
In your command-line run the following commands:
brew doctor
brew update
Apple will reject apps that are using private url schemes (Ugh, Apple....) if they are pretty much obvius. Some apps are rejected and others are not, so, be aware of this issue before implementing any of those URL's in your app as a feature.
steps: | |
# Decrypt Rails Master key file | |
- name: gcr.io/cloud-builders/gcloud | |
args: ["kms", "decrypt", "--ciphertext-file=./config/master.key.enc", | |
"--plaintext-file=./config/master.key", | |
"--location=us-central1","--keyring=photo-album", | |
"--key=rails_master_key"] | |
# Decrypt Photo Album service account credentials |
# Leverage the official Ruby image from Docker Hub | |
# https://hub.docker.com/_/ruby | |
FROM ruby:2.6 | |
# Install recent versions of nodejs (10.x) and yarn pkg manager | |
# Needed to properly pre-compile Rails assets | |
RUN (curl -sL https://deb.nodesource.com/setup_10.x | bash -) && apt-get update && apt-get install -y nodejs | |
RUN (curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -) && \ | |
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \ |
#!/usr/bin/env bash | |
cd /usr/src/app | |
# Create the Rails production DB on first run | |
RAILS_ENV=production bundle exec rake db:create | |
# Make sure we are using the most up to date | |
# database schema | |
RAILS_ENV=production bundle exec rake db:migrate |
# Deploy the latest container images we just built | |
gcloud beta run deploy photo-album --image gcr.io/$PROJECT_ID/photo_album \ | |
--set-cloudsql-instances $PROJECT_ID:us-central1:photo-album-production \ | |
--region us-central1 --allow-unauthenticated | |
# set an env variable to make things more readable | |
CB_SVC_ACCOUNT=xxx...xxx@cloudbuild.gserviceaccount.com | |
# Grant Cloud Build the right to decrypt Rails master key | |
$ gcloud kms keys add-iam-policy-binding rails_master_key --location=us-central1 \ | |
--keyring=photo-album --member=serviceAccount:$CB_SVC_ACCOUNT \ | |
--role=roles/cloudkms.cryptoKeyDecrypter | |
# Grant Cloud Build the right to decrypt Rails the production database password | |
$ gcloud kms keys add-iam-policy-binding db_pwd_key --location=us-central1 \ |
# Setup Photo Album service account | |
PA_SVC_ACCOUNT=photo-album-runner@$PROJECT_ID.iam.gserviceaccount.com | |
# Grant GCS admin role | |
gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
--member serviceAccount:$PA_SVC_ACCOUNT --role roles/storage.admin | |
# Grant GCS admin role | |
gcloud projects add-iam-policy-binding $PROJECT_ID \ | |
--member serviceAccount:$PA_SVC_ACCOUNT --role roles/cloudsql.client |
# Create a key ring where to hook your encrypted keys | |
gcloud kms keyrings create photo-album --location=us-central1 | |
# Encrypt the credentials of the cloud runner service account | |
gcloud kms keys create photo_album_runner_key --location us-central1 \ | |
--keyring photo-album --purpose encryption | |
gcloud kms encrypt - location us-central1 --keyring photo-album \ | |
--key photo_album_runner_key --plaintext-file ./config/photo_album_runner.key \ | |
--ciphertext-file ./config/photo_album_runner.key.enc |
Verifying my Blockstack ID is secured with the address 19i2ComWoeuEnCeVf45ax4Dx34UmawExS2 https://explorer.blockstack.org/address/19i2ComWoeuEnCeVf45ax4Dx34UmawExS2 |