forked from graphile/starter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathheroku-setup.template
executable file
·114 lines (92 loc) · 4.14 KB
/
heroku-setup.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/usr/bin/env sh
########################################
# THESE ARE THE CRITICAL SETTINGS #
########################################
# The name of the Heroku app to create.
# Must start with a letter, end with a letter or digit and can only contain lowercase letters, digits, and dashes.
export APP_NAME="PICK-A-UNIQUE-NAME"
# The name of the database to create.
# Must be under 48 characters long, shorter is better.
# Should only contain characters valid in a PostgreSQL identifier (i.e. no hyphens!)
export DATABASE_NAME="$(echo "$APP_NAME" | tr '-' '_')"
#e.g. export DATABASE_NAME="my_database_name_here"
# Database location (including :port, if it's not the standard :5432)
export DATABASE_HOST="DETAILS_FROM.AMAZON_RDS.us-east-1.rds.amazonaws.com"
# Superuser credentials, used for creating the database
export DATABASE_SUPERUSER="superuser_username_from_RDS"
export DATABASE_SUPERUSER_PASSWORD="superuser_password_from_RDS"
########################################
# PLEASE PROOF-READ THE BELOW, #
# PARTICULARLY THE DATABASE SETUP #
########################################
# Echo commands, exit on error
set -e -x
# Database roles
export DATABASE_OWNER="${DATABASE_NAME}"
export DATABASE_AUTHENTICATOR="${DATABASE_NAME}_authenticator"
export DATABASE_VISITOR="${DATABASE_NAME}_visitor"
# Database credentials
export DATABASE_OWNER_PASSWORD="$(openssl rand -base64 30 | tr '+/' '-_')"
export DATABASE_AUTHENTICATOR_PASSWORD="$(openssl rand -base64 30 | tr '+/' '-_')"
# We're using 'template1' because we know it should exist. We should not actually change this database.
export SUPERUSER_TEMPLATE1_URL="postgres://${DATABASE_SUPERUSER}:${DATABASE_SUPERUSER_PASSWORD}@${DATABASE_HOST}/template1"
export SUPERUSER_DATABASE_URL="postgres://${DATABASE_SUPERUSER}:${DATABASE_SUPERUSER_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
echo
echo
echo "Testing database connection"
psql -X1v ON_ERROR_STOP=1 "${SUPERUSER_TEMPLATE1_URL}" -c 'SELECT true AS success'
echo
echo
echo "Creating Heroku app"
# Region can be either us or eu
heroku apps:create "$APP_NAME" --region us
echo
echo
echo "Provisioning the free redis addon"
heroku addons:create heroku-redis:hobby-dev -a "$APP_NAME"
echo
echo
echo "Creating the database and the roles"
psql -Xv ON_ERROR_STOP=1 "${SUPERUSER_TEMPLATE1_URL}" <<HERE
CREATE ROLE ${DATABASE_OWNER} WITH LOGIN PASSWORD '${DATABASE_OWNER_PASSWORD}';
GRANT ${DATABASE_OWNER} TO ${DATABASE_SUPERUSER};
CREATE ROLE ${DATABASE_AUTHENTICATOR} WITH LOGIN PASSWORD '${DATABASE_AUTHENTICATOR_PASSWORD}' NOINHERIT;
CREATE ROLE ${DATABASE_VISITOR};
GRANT ${DATABASE_VISITOR} TO ${DATABASE_AUTHENTICATOR};
-- Create database
CREATE DATABASE ${DATABASE_NAME} OWNER ${DATABASE_OWNER};
-- Database permissions
REVOKE ALL ON DATABASE ${DATABASE_NAME} FROM PUBLIC;
GRANT ALL ON DATABASE ${DATABASE_NAME} TO ${DATABASE_OWNER};
GRANT CONNECT ON DATABASE ${DATABASE_NAME} TO ${DATABASE_AUTHENTICATOR};
HERE
echo
echo
echo "Installing extensions into the database"
psql -X1v ON_ERROR_STOP=1 "${SUPERUSER_DATABASE_URL}" <<HERE
-- Add extensions
CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog;
CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA public;
CREATE EXTENSION IF NOT EXISTS citext WITH SCHEMA public;
CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA public;
HERE
# Autogenerated settings from your settings above
export DATABASE_URL="postgres://${DATABASE_OWNER}:${DATABASE_OWNER_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
export AUTH_DATABASE_URL="postgres://${DATABASE_AUTHENTICATOR}:${DATABASE_AUTHENTICATOR_PASSWORD}@${DATABASE_HOST}/${DATABASE_NAME}"
echo
echo
echo "Setting the Heroku variables"
heroku config:set \
NODE_ENV="production" \
DATABASE_URL="${DATABASE_URL}?ssl=true&sslrootcert=../../data/amazon-rds-ca-cert.pem" \
AUTH_DATABASE_URL="${AUTH_DATABASE_URL}?ssl=true&sslrootcert=../../data/amazon-rds-ca-cert.pem" \
DATABASE_AUTHENTICATOR="${DATABASE_AUTHENTICATOR}" \
DATABASE_VISITOR="${DATABASE_VISITOR}" \
SECRET="$(openssl rand -base64 48)" \
JWT_SECRET="$(openssl rand -base64 48)" \
ROOT_URL="https://${APP_NAME}.herokuapp.com" \
-a "$APP_NAME"
echo
echo
echo "Pushing to Heroku"
git push heroku master:master