labadmin/proyectosacc-mirror
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(ci): fix S3 artifacts bucket references in install step and secure terraform tfvars

Browse Source 
- Use DEV_S3_ARTIFACTS_BUCKET and PROD_S3_ARTIFACTS_BUCKET in 06_install
  instead of generic S3_ARTIFACTS_BUCKET to prevent cross-env reads
- Add terraform/environments/*.tfvars to .gitignore to prevent secret leaks
- Update prod backend state bucket name to proyectosacc-specific bucket
- Add CI/CD credential policy documentation
This commit is contained in:
Evert Daniel Romero Garrido
2026-04-14 16:01:30 -06:00
parent 2cdeee0b84
commit 3fe8cb1391
5 changed files with 527 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bitbucket-pipelines.yml
+2 -2
View File
@@ -94,7 +94,7 @@ pipelines:
-i ~/.ssh/sacc4_key \
-o StrictHostKeyChecking=no \
"${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
- step:
name: 07_deploy
@@ -168,7 +168,7 @@ pipelines:
-i ~/.ssh/sacc4_key \
-o StrictHostKeyChecking=no \
"${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
- step:
name: 07_deploy