什么应该从 Ruby on Rails 的公共源代码管理中删除? [英] What should be removed from public source control in Ruby on Rails?

问题描述

我一直在网上搜索，但找不到任何关于从新的公共 Rails 应用程序中排除哪些内容的好的/最近的示例.我希望在 GitHub 上开源我的应用程序，并想知道应该从源代码管理中删除哪些类型的数据.

I've been searching the web, and I can't find any good/recent examples of what to exclude from a new public rails app. I'm looking to open source my app on GitHub and am wondering what types of data should be removed from source control.

据我所知，应该有一个包含私人信息的 config/config.yml 文件.我一直在查看其他文件，它看起来像 config/database.yml、config/intializers/secret_token.rb 和 config/initializers/session_store.rb 也应该被排除在外?

From what I can tell, there should be a config/config.yml file that has private information. I've been looking through the other files, and it looks like config/database.yml, config/intializers/secret_token.rb and config/initializers/session_store.rb should also be excluded?

单独排除所有这些文件是最佳做法吗?或者有没有办法在 config/config.yml 中定义所有信息并在每个文件中调用?此外，哪些文件和数据应该保密和隐藏?就这些吗?

Is it best practice to exclude all of these files separately? Or is there a way to have the info all defined in config/config.yml and be called in each of those files? Additionally, what files and data should be kept private and hidden? Is that all of them?

我只是想知道我应该采取什么方法以及最佳做法是什么.感谢您的帮助！

I'm just wondering what approach I should take and what is the best practice. Thanks for any help!

推荐答案

我最近也在研究这个问题；我想在将开源代码推送到 Github 的整个过程中隐藏敏感信息，然后自动推送到 Travis CI 用于测试，然后从 Travis 自动部署到 Heroku.以下是迄今为止我在各种 StackOverflow 问答、博客等中发现的所有细节，希望它们可以作为您的参考，即使仅用于 Rails 应用程序中的配置(省略任何 {{ ... }} 你看)

I've been looking into this recently as well; I wanted to keep sensitive information hidden throughout the process of pushing open source code to Github, then automatically pushed to Travis CI for testing, then from Travis being automatically deployed to Heroku. Here are all the details of what I've found so far looking at various StackOverflow Q&As, blogs etc, which will hopefully serve as a reference for you, even if only for config inside the Rails app (omit any {{ ... }} you see)

免责声明:我绝不是这里的专家，所以请记住，可能有比我正在尝试的方法更好的方法来做到这一点.我希望能够在此问答主题中学习一些新技巧.

我目前使用 Figaro gem 在 ENV 中隐藏敏感信息环境变量.在我的 (.gitignored) config/application.yml 中，我保留了以下信息:

I currently use the Figaro gem to hide sensitive information in ENV environment variables. In my (.gitignored) config/application.yml, I keep the following information:

# App keys
SECRET_TOKEN: # your rake secret generated token

development:
  DB_NAME: # your dev db name here
  DB_USER: # your dev db username here
  DB_PASSWORD: # your dev db password here

test:
  DB_NAME: # your test db name here
  DB_USER: # your test db username here
  DB_PASSWORD: # your test db password here

production:
  DB_NAME: # your prod db name here
  DB_USER: # your prod db username here
  DB_PASSWORD: # your prod db password here

# Third Party keys that you will reference in their relevant files
THIRD_PARTY_API_OR_LICENSE_KEY: # list of whatever api/license keys you use

(DB_NAME、DB_USER 和 DB_PASSWORD 将根据您的应用程序运行的环境动态使用).

(DB_NAME, DB_USER, and DB_PASSWORD will be used dynamically depending on what environment your app is running in).

上述文件的空版本 (config/application.example.yml) 被推送到 Github，并附有一些关于如何填写的说明.

An empty version of the above file (config/application.example.yml) gets pushed to Github with some instructions on how to fill it in.

推送到 Github 并引用这些变量的文件如下所示:

The files that are pushed to Github and reference these variables look like this:

config/database.yml
(此处使用 Postgresql，但您应该能够更改您使用的任何数据库的设置)

config/database.yml
(Postgresql is used here, but you should be able to change the settings for whatever database you use)

postgresql: &postgresql
  adapter: postgresql
  database: <%= ENV['DB_NAME'] %>
  username: <%= ENV['DB_USER'] %>
  password: <%= ENV['DB_PASSWORD'] %>
  min_messages: ERROR

defaults: &defaults
  pool: 5
  timeout: 5000
  host: localhost
  <<: *<%= ENV['DB'] || "postgresql" %>

development:
  <<: *defaults

test:
  <<: *defaults

production:
  <<: *defaults

config/initializers/secret_token.rb

if Rails.env.production? && ENV['SECRET_TOKEN'].blank?
  raise 'SECRET_TOKEN environment variable must be set!'
end

YourApp::Application.config.secret_token = 
  ENV['SECRET_TOKEN'] || {{WHATEVER_SECRET_TOKEN_RAILS_GENERATED_BY_DEFAULT}}

(另外，任何文件都会引用 THIRD_PARTY_API_OR_LICENSE_KEY 类型的键.)

(Plus, whatever files would be referencing THIRD_PARTY_API_OR_LICENSE_KEY-type keys.)

使用 Travis gem 创建加密的 travis 变量.如果您从 Travis worker 直接部署到 Heroku，则需要 Heroku API 密钥和 Heroku Git URL(请参阅此 StackOverflow 问答 了解详情)，否则如果只是用于测试，则可以省略它们:

Create encrypted travis variables using the Travis gem. The Heroku API key and Heroku Git URL are needed if you deploy direct to Heroku from a Travis worker (see this StackOverflow Q&A for details), otherwise you can omit them if you just use it for testing:

$ gem install travis
$ travis encrypt your_username/your_repo HEROKU_API_KEY={{YOUR_HEROKU_API_KEY}}
$ travis encrypt HEROKU_GIT_URL={{YOUR_HEROKU_GIT_URL}} # eg git@heroku.com:your_app.git
$ travis encrypt DB_NAME={{YOUR_DB_NAME_UNDER_TEST}} # eg your_app_test
$ travis encrypt DB_USER={{YOUR_DB_USER_UNDER_TEST}}
$ travis encrypt DB_PASSWORD={{YOUR_DB_PASSWORD_UNDER_TEST}}

(另外，加密您在测试期间可能需要的任何其他密钥，如果有的话...)

(Plus, encrypt any other keys you may need during testing, if any...)

然后将它们添加到 .travis.yml
(再次以 Postgresql 为中心，但您应该能够更改您使用的任何数据库的设置)

Then add them to .travis.yml
(once again Postgresql-focused, but you should be able to change the settings for whatever database you use)

env:
  global:
    - secure: {{YOUR_ENCRYPTED_HEROKU_API_KEY}}
    - secure: {{YOUR_ENCRYPTED_HEROKU_GIT_URL}}
    - secure: {{YOUR_ENCRYPTED_DB_NAME}}
    - secure: {{YOUR_ENCRYPTED_DB_USER}}
    - secure: {{YOUR_ENCRYPTED_DB_PASSWORD}}
  matrix:
    - DB: postgresql
before_script:
  - psql -c "create database $DB_NAME;" -U $DB_USER
  - RAILS_ENV=test bundle exec rake db:migrate
script:
  - bundle exec rspec spec/
after_success:
  - gem install heroku
  - git remote add heroku $HEROKU_GIT_URL
  # ... see link above for the rest of the config content

多个标有secure同名的变量没问题；它们将在配置中显示为 HEROKU_API_KEY=[secure] HEROKU_GIT_URL=[secure] 等.

Multiple variables marked with the same name of secure are fine; they'll show up in the config as HEROKU_API_KEY=[secure] HEROKU_GIT_URL=[secure] etc.

使用 Figaro 的 Heroku rake 任务自动设置 Heroku 在生产中需要看到的环境变量:

Use the Figaro's Heroku rake task to automatically set the environment variables that Heroku needs to see in production:

$ rake figaro:heroku

或者，手动设置它们:

$ heroku config:set SECRET_TOKEN={{YOUR_SECRET_TOKEN}}
$ heroku config:set DB_NAME={{YOUR_DB_NAME_UNDER_PRODUCTION}} # eg your_app_production
$ heroku config:set DB_USER={{YOUR_DB_USER_UNDER_PRODUCTION}}
$ heroku config:set DB_PASSWORD={{YOUR_DB_PASSWORD_UNDER_PRODUCTION}}
$ heroku config:set THIRD_PARTY_API_OR_LICENSE_KEY={{YOUR_THIRD_PARTY_API_OR_LICENSE_KEY}}

然后，尝试部署.

这就是我现在所拥有的.目前我不确定我是否应该隐藏更多信息，或者我隐藏得不够好，但这是一项正在进行的工作.

That's all I have for now. Not sure at the moment if I should be hiding more info or if I'm not hiding it well enough, but it's a work in progress.

这篇关于什么应该从 Ruby on Rails 的公共源代码管理中删除?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！