build: fix generated vars missing from .env

changed the server/.env generation from envsubst to sed and includes
remaining server secrets (DB_PASSWORD which is needed for datasource.ts
SECRET_KEY and MAIL_API_KEY which were previously read in from a file)

assumes that if .env exists it should not be overwritten. this does mean
managing additions to the versioned .env.template manually..

Makefile

@@ -68,10 +68,19 @@ $(REDIS_SETTINGS_PATH): server/deploy/settings.template.json | keys
 	cp server/deploy/settings.template.json $(REDIS_SETTINGS_PATH)
 
 $(SERVER_ENV): $(SERVER_ENV_TEMPLATE) $(SECRETS)
-	POM_BASE_URL=${POM_BASE_URL} \
-	DB_PASSWORD=$$(cat $(DB_PASSWORD_PATH)); \
-		envsubst < $(SERVER_ENV_TEMPLATE) > $(SERVER_ENV)
-
+	if [ ! -f $(SERVER_ENV) ]; then \
+		cp $(SERVER_ENV_TEMPLATE) $(SERVER_ENV); \
+		DB_PASSWORD=$$(cat $(DB_PASSWORD_PATH)); \
+		SECRET_KEY=$$(cat $(SECRET_KEY_PATH)); \
+		sed \
+			-e "s|BASE_URL=.*|BASE_URL=${POM_BASE_URL}|" \
+			-e "s|DB_PASSWORD=.*|DB_PASSWORD=$${DB_PASSWORD}|" \
+			-e "s|SECRET_KEY=.*|SECRET_KEY=$${SECRET_KEY}|" \
+			$(SERVER_ENV_TEMPLATE) > $(SERVER_ENV); \
+	else \
+		echo "$(SERVER_ENV) already exists. skipping"; \
+	fi
+
 $(PGPASS_PATH): $(DB_PASSWORD_PATH) server/deploy/pgpass.template | keys
 	DB_PASSWORD=$$(cat $(DB_PASSWORD_PATH)); \
 	sed "s|DB_PASSWORD|$$DB_PASSWORD|g" server/deploy/pgpass.template > $(PGPASS_PATH)
@@ -97,7 +106,7 @@ $(SECRET_KEY_PATH): | keys
 	echo $${SECRET_KEY} > $(SECRET_KEY_PATH)
 
 .PHONY: settings
-settings: $(SENTRY_DSN_PATH) $(SECRET_KEY_PATH) | keys
+settings: $(SENTRY_DSN_PATH) $(SECRET_KEY_PATH) $(GA_TAG_PATH) | keys
 	echo 'export const BUILD_ID = "${BUILD_ID}";' > $(SHARED_CONFIG_PATH)
 	echo 'export const SENTRY_DSN = "${SENTRY_DSN}";' >> $(SHARED_CONFIG_PATH)
 	echo 'export const GA_TAG = "${GA_TAG}";' >> $(SHARED_CONFIG_PATH)

server/.env.template

@@ -1,9 +1,12 @@
-BASE_URL=${POM_BASE_URL}
+BASE_URL=base-url
 
-DB_PASSWORD=${DB_PASSWORD}
+DB_PASSWORD=db-password
+SECRET_KEY=secret-key
 
-GOOGLE_CLIENT_ID=changeme
-GOOGLE_CLIENT_SECRET=changeme
+MAIL_API_KEY=mail-api-key
 
-FACEBOOK_CLIENT_ID=changeme
-FACEBOOK_CLIENT_SECRET=changeme
+GOOGLE_CLIENT_ID=google-client-id
+GOOGLE_CLIENT_SECRET=google-client-secret
+
+FACEBOOK_CLIENT_ID=facebook-client-id
+FACEBOOK_CLIENT_SECRET=facbook-client-secret

server/src/settings.ts

@@ -9,8 +9,6 @@ import * as dotenv from "dotenv";
 
 dotenv.config();
 
-export const SECRET_KEY: string = fs.readFileSync("/run/secrets/secret_key", "utf8").trim();
-
 export interface AppSettings {
   emailer: Emailer;
   host: string;
@@ -34,7 +32,7 @@ const dev: () => AppSettings = () => ({
   host: process.env.BASE_URL || "http://localhost:8081",
   serverHost: "http://localhost:2567",
   logging: new DevLogging(),
-  secret: SECRET_KEY,
+  secret: process.env.SECRET_KEY || "",
   googleAuth: {
     clientId: process.env.GOOGLE_CLIENT_ID || "",
     clientSecret: process.env.GOOGLE_CLIENT_SECRET || "",
@@ -49,11 +47,11 @@ const dev: () => AppSettings = () => ({
 
 const staging: () => AppSettings = () => {
   const devSettings = dev();
-  const apiKey = fs.readFileSync("/run/secrets/mail_api_key", "utf-8").trim();
+  const mailApiKey = process.env.MAIL_API_KEY || "";
   const domain = "mg.comses.net";
   return {
     ...devSettings,
-    emailer: new MailgunEmailer({ api_key: apiKey, domain }),
+    emailer: new MailgunEmailer({ api_key: mailApiKey, domain }),
     host: process.env.BASE_URL || "https://staging.portofmars.asu.edu",
     serverHost: process.env.BASE_URL || "https://staging.portofmars.asu.edu",
   };