kevinmcalear

Installing Postgres via Brew

Pre-Reqs

Brew Package Manager

In your command-line run the following commands:

1. brew doctor
2. brew update

kevinmcalear

Note

Apple will reject apps that are using private url schemes (Ugh, Apple....) if they are pretty much obvius. Some apps are rejected and others are not, so, be aware of this issue before implementing any of those URL's in your app as a feature.

Updates

• [UPDATE 4] iOS 10 update: apparently settings now can be reached using App-Pref instead of prefs
• [UPDATE 3] For now you just can use url schemes to open your apps's settings with Swift 3.0 (Xcode 8). I'll keep you informed when OS preferences can be reached
• [UPDATE 2] The openURL() method of UIApplication is now deprecated. You should use application(_:open:options:) instead
• [UPDATE 1] Not yet tested in iOS 10. It will fail because of policies changes in URL scheme handling.

kevinmcalear

steps:

# Decrypt Rails Master key file
- name: gcr.io/cloud-builders/gcloud
  args: ["kms", "decrypt", "--ciphertext-file=./config/master.key.enc", 
         "--plaintext-file=./config/master.key",
         "--location=us-central1","--keyring=photo-album", 
        "--key=rails_master_key"]

# Decrypt Photo Album service account credentials

kevinmcalear

# Leverage the official Ruby image from Docker Hub
# https://hub.docker.com/_/ruby
FROM ruby:2.6

# Install recent versions of nodejs (10.x) and yarn pkg manager
# Needed to properly pre-compile Rails assets
RUN (curl -sL https://deb.nodesource.com/setup_10.x | bash -) && apt-get update && apt-get install -y nodejs 

RUN (curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -) && \
    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \

kevinmcalear

#!/usr/bin/env bash

cd /usr/src/app

# Create the Rails production DB on first run
RAILS_ENV=production bundle exec rake db:create

# Make sure we are using the most up to date
# database schema
RAILS_ENV=production bundle exec rake db:migrate

kevinmcalear

# Deploy the latest container images we just built
gcloud beta run deploy photo-album --image gcr.io/$PROJECT_ID/photo_album \
  --set-cloudsql-instances $PROJECT_ID:us-central1:photo-album-production \
  --region us-central1 --allow-unauthenticated
  

kevinmcalear

# set an env variable to make things more readable
CB_SVC_ACCOUNT=xxx...xxx@cloudbuild.gserviceaccount.com

# Grant Cloud Build the right to decrypt Rails master key
$ gcloud kms keys add-iam-policy-binding rails_master_key --location=us-central1 \
  --keyring=photo-album --member=serviceAccount:$CB_SVC_ACCOUNT \
  --role=roles/cloudkms.cryptoKeyDecrypter

# Grant Cloud Build the right to decrypt Rails the production database password
$ gcloud kms keys add-iam-policy-binding db_pwd_key --location=us-central1 \

kevinmcalear

# Setup Photo Album service account
PA_SVC_ACCOUNT=photo-album-runner@$PROJECT_ID.iam.gserviceaccount.com

# Grant GCS admin role
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$PA_SVC_ACCOUNT --role roles/storage.admin
  
# Grant GCS admin role
gcloud projects add-iam-policy-binding $PROJECT_ID \
  --member serviceAccount:$PA_SVC_ACCOUNT --role roles/cloudsql.client

kevinmcalear

# Create a key ring where to hook your encrypted keys
gcloud kms keyrings create photo-album --location=us-central1

# Encrypt the credentials of the cloud runner service account
gcloud kms keys create photo_album_runner_key --location us-central1 \
  --keyring photo-album --purpose encryption
gcloud kms encrypt - location us-central1 --keyring photo-album \
  --key photo_album_runner_key --plaintext-file ./config/photo_album_runner.key \
  --ciphertext-file ./config/photo_album_runner.key.enc

kevinmcalear

Verifying my Blockstack ID is secured with the address 19i2ComWoeuEnCeVf45ax4Dx34UmawExS2 https://explorer.blockstack.org/address/19i2ComWoeuEnCeVf45ax4Dx34UmawExS2