Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add cert step

This commit is contained in:
dal 2025-09-20 16:34:28 -06:00
parent 0e2ac5c9d1
commit cf7725fd53
No known key found for this signature in database
GPG Key ID: 16F4B0E1E9F61122
2 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/database-migrations.yml vendored
View File

@ -59,8 +59,26 @@ jobs:
- name: Install dependencies - name: Install dependencies
run: pnpm install --frozen-lockfile --prefer-offline run: pnpm install --frozen-lockfile --prefer-offline
- name: Download SSL Certificate from S3
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
CERT_S3_URL: ${{ secrets.CERT_S3_URL }}
run: |
# Create certs directory
mkdir -p /tmp/certs
# Download the certificate from S3
aws s3 cp "$CERT_S3_URL" /tmp/certs/db-cert.pem
# Set proper permissions
chmod 600 /tmp/certs/db-cert.pem
echo "Certificate downloaded successfully"
- name: Run migrations - name: Run migrations
run: pnpm run db:migrate run: pnpm run db:migrate
env: env:
DATABASE_URL: ${{ secrets.DB_URL }} DATABASE_URL: ${{ secrets.DB_URL }}
NODE_TLS_REJECT_UNAUTHORIZED: '0' DATABASE_SSL_CERT: /tmp/certs/db-cert.pem

28
packages/database/drizzle.config.ts
View File

@ -1,5 +1,6 @@
import { config } from 'dotenv'; import { config } from 'dotenv';
import { defineConfig } from 'drizzle-kit'; import { defineConfig } from 'drizzle-kit';
import * as fs from 'fs';
// Load specific .env file // Load specific .env file
config({ path: '../../.env' }); // or '.env.development', '.env.production', etc. config({ path: '../../.env' }); // or '.env.development', '.env.production', etc.
@ -10,15 +11,36 @@ if (!connectionString) {
throw new Error('DATABASE_URL environment variable is not defined'); throw new Error('DATABASE_URL environment variable is not defined');
} }
// Check if we have a certificate file specified
const certPath = process.env.DATABASE_SSL_CERT;
const isLocalhost = connectionString.includes('localhost') || connectionString.includes('127.0.0.1');
// Configure SSL based on environment
let sslConfig: any = undefined;
if (!isLocalhost) {
if (certPath && fs.existsSync(certPath)) {
// Use the certificate if available
sslConfig = {
ca: fs.readFileSync(certPath),
rejectUnauthorized: true, // With a proper cert, we can validate
};
console.log('Using SSL certificate from:', certPath);
} else {
// Fallback to allowing self-signed certificates
sslConfig = {
rejectUnauthorized: false,
};
console.log('SSL certificate not found, allowing self-signed certificates');
}
}
export default defineConfig({ export default defineConfig({
schema: './src/schema.ts', schema: './src/schema.ts',
out: './drizzle', out: './drizzle',
dialect: 'postgresql', dialect: 'postgresql',
dbCredentials: { dbCredentials: {
url: connectionString || '', url: connectionString || '',
ssl: { ...(sslConfig && { ssl: sslConfig }),
rejectUnauthorized: false, // Allow self-signed certificates
},
}, },
verbose: true, verbose: true,
strict: true, strict: true,