Merge pull request #2440 from tchak/dotenv

Dotenv

.gitignore

@@ -28,7 +28,6 @@ config/initializers/super_admin.rb
 doc/*.svg
 config/france_connect.yml
 config/github_secrets.yml
-config/initializers/mailjet.rb
 config/fog_credentials.yml
 uploads/*
 coverage/**/*

README.md

@@ -34,13 +34,6 @@ Afin d'initialiser l'environnement de développement, exécutez la commande suiv
     bundle install
     yarn install
 
-## Bouchonnage de l’authentification
-
-Créer les fichiers de configuration avec les valeurs par défaut :
-
-    cp config/france_connect.example.yml config/france_connect.yml
-    cp config/github_secrets.example.yml config/github_secrets.yml
-
 ## Création de la base de données
 
 Les informations nécessaire à l'initialisation de la base doivent être pré-configurées à la main grâce à la procédure suivante :
@@ -59,12 +52,6 @@ Afin de générer la BDD de l'application, il est nécessaire d'exécuter les co
     # Migrate the development database and the test database
     bin/rails db:migrate
 
-## Connexion a Pipedrive
-
-Dans le fichier `config/intializers/token.rb`, ajouter
-
-`PIPEDRIVE_TOKEN = 'token'`
-
 *Note : les valeurs pour ces paramètres sont renseignées dans le Keepass*
 
 ## Bouchonnage de la configuration

app/controllers/application_controller.rb

@@ -24,11 +24,6 @@ class ApplicationController < ActionController::Base
     end
   end
 
-  def default_url_options
-    return { protocol: 'https' } if Rails.env.staging? || Rails.env.production?
-    {}
-  end
-
   def load_navbar_left_pannel_partial_url
     controller = request.controller_class
     method = params[:action]

app/lib/api_entreprise/api.rb

@@ -1,8 +1,4 @@
 class ApiEntreprise::API
-  class << self
-    attr_accessor :token
-  end
-
   ENTREPRISE_RESOURCE_NAME = "entreprises"
   ETABLISSEMENT_RESOURCE_NAME = "etablissements"
   EXERCICES_RESOURCE_NAME = "exercices"
@@ -49,7 +45,7 @@ class ApiEntreprise::API
   end
 
   def self.url(resource_name, siret_or_siren)
-    [API_ENTREPRISE_URL, resource_name, siret_or_siren].join("/")
+    [base_url, resource_name, siret_or_siren].join("/")
   end
 
   def self.params(siret_or_siren, procedure_id)
@@ -57,7 +53,17 @@ class ApiEntreprise::API
       context: "demarches-simplifiees.fr",
       recipient: siret_or_siren,
       object: "procedure_id: #{procedure_id}",
-      token: SIADETOKEN
+      token: token
     }
   end
+
+  private
+
+  def self.token
+    Rails.application.secrets.api_entreprise[:key]
+  end
+
+  def self.base_url
+    Rails.application.secrets.api_entreprise[:base_url]
+  end
 end

app/lib/pipedrive/api.rb

@@ -48,7 +48,7 @@ class Pipedrive::API
     params.merge!({
       start: 0,
       limit: 500,
-      api_token: PIPEDRIVE_TOKEN
+      api_token: token
     })
 
     response = RestClient.get(url, params: params)
@@ -56,14 +56,18 @@ class Pipedrive::API
   end
 
   def self.put(url, params)
-    url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}"
+    url = "#{url}?api_token=#{token}"
 
     RestClient.put(url, params.to_json, { content_type: :json })
   end
 
   def self.post(url, params)
-    url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}"
+    url = "#{url}?api_token=#{token}"
 
     RestClient.post(url, params.to_json, { content_type: :json })
   end
+
+  def self.token
+    Rails.application.secrets.pipedrive[:key]
+  end
 end

app/services/signature_service.rb

@@ -1,6 +1,4 @@
 class SignatureService
-  CONFIG_PATH = Rails.root.join("config", "signing_key.yml")
-
   class << self
     def generate
       RbNaCl::Util.bin2hex(RbNaCl::SigningKey.generate)
@@ -24,15 +22,7 @@ class SignatureService
     private
 
     def signing_key
-      @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(config[:key]))
+      @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(Rails.application.secrets.signing_key))
-    end
-
-    def config
-      if File.exist?(CONFIG_PATH)
-        YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys
-      else
-        {}
-      end
     end
   end
 end

app/services/staging_auth_service.rb

@@ -1,23 +1,13 @@
 class StagingAuthService
-  CONFIG_PATH = Rails.root.join("config", "basic_auth.yml")
-
   def self.authenticate(username, password)
     if enabled?
-      username == config[:username] && password == config[:password]
+      username == Rails.application.secrets.basic_auth[:username] && password == Rails.application.secrets.basic_auth[:password]
     else
       true
     end
   end
 
   def self.enabled?
-    !!config[:enabled]
+    ENV['BASIC_AUTH_ENABLED'] == 'enabled'
-  end
-
-  def self.config
-    if File.exist?(CONFIG_PATH)
-      YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys
-    else
-      {}
-    end
   end
 end

app/uploaders/remote_downloader.rb

@@ -4,6 +4,12 @@ class RemoteDownloader
   end
 
   def url
-    @url ||= File.join(STORAGE_URL, @filename)
+    @url ||= File.join(base_url, CarrierWave::Uploader::Base.fog_directory, @filename)
+  end
+
+  protected
+
+  def base_url
+    Rails.application.secrets.fog[:base_url]
   end
 end

config/database.yml

@@ -1,17 +1,26 @@
-development:
+default: &default
   adapter: postgresql
   encoding: unicode
+  pool: <%= ENV.fetch("DB_POOL") { 5 } %>
+  timeout: 5000
+
+development:
+  <<: *default
   database: tps_development
   host: localhost
-  pool: 5
   username: tps_development
   password: tps_development
 
 test:
-  adapter: postgresql
+  <<: *default
-  encoding: unicode
   database: tps_test
   host: localhost
-  pool: 5
   username: tps_test
   password: tps_test
+
+production:
+  <<: *default
+  database: <%= ENV["DB_DATABASE"] %>
+  host: <%= ENV["DB_HOST"] %>
+  username: <%= ENV["DB_USERNAME"] %>
+  password: <%= ENV["DB_PASSWORD"] %>

config/deploy.rb

@@ -53,20 +53,7 @@ set :shared_paths, [
   'tmp/sockets',
   'public/system',
   'public/uploads',
-  'config/database.yml',
+  'config/unicorn.rb'
-  "config/skylight.yml",
-  "config/fog_credentials.yml",
-  'config/storage.yml',
-  'config/initializers/secret_token.rb',
-  "config/environments/#{rails_env}.rb",
-  "config/initializers/token.rb",
-  "config/unicorn.rb",
-  "config/initializers/raven.rb",
-  'config/france_connect.yml',
-  'config/github_secrets.yml',
-  'config/basic_auth.yml',
-  'config/initializers/mailjet.rb',
-  'config/initializers/storage_url.rb'
 ]
 
 set :rbenv_path, "/usr/local/rbenv/bin/rbenv"
@@ -111,15 +98,6 @@ task :setup => :environment do
 
   queue! %[mkdir -p "#{deploy_to}/shared/config/locales/dynamics"]
   queue! %[chmod g+rx,u+rwx "#{deploy_to}/shared/config/locales/dynamics"]
-
-  queue! %[touch "#{deploy_to}/shared/config/database.yml"]
-  queue %[echo "-----> Be sure to edit 'shared/config/database.yml'."]
-
-  queue! %[touch "#{deploy_to}/shared/environments/production.rb"]
-  queue %[echo "-----> Be sure to edit 'shared/environments/production.rb'."]
-
-  queue! %[touch "#{deploy_to}/shared/environments/staging.rb"]
-  queue %[echo "-----> Be sure to edit 'shared/environments/staging.rb'."]
 end
 
 namespace :yarn do

config/env.example

@@ -1,2 +1,15 @@
 APP_NAME="tps_local"
 APP_HOST="http://localhost:3000/"
+
+GITHUB_CLIENT_ID=""
+GITHUB_CLIENT_SECRET=""
+
+FC_PARTICULIER_ID=""
+FC_PARTICULIER_SECRET=""
+FC_PARTICULIER_REDIRECT_URI=""
+FC_PARTICULIER_HOST=""
+
+API_ENTREPRISE_KEY=""
+API_ENTREPRISE_BASE_URL="https://entreprise.api.gouv.fr/v2"
+
+PIPEDRIVE_KEY=""

config/environments/development.rb

@@ -47,17 +47,15 @@ Rails.application.configure do
   # Action Mailer settings
   config.action_mailer.delivery_method = :smtp
   config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
-  config.action_mailer.asset_host = 'http://localhost:3000'
   # Config for mailcatcher https://mailcatcher.me/
   config.action_mailer.smtp_settings = {
-    :address => "localhost",
+    address: 'localhost',
-    :port => 1025,
+    port: 1025,
-    :locale => 'fr'
+    locale: 'fr'
   }
 
   Rails.application.routes.default_url_options = {
-    host: 'localhost:3000',
+    host: 'localhost:3000'
-    protocol: :http
   }
 
   # Raises error for missing translations

config/environments/production.rb

@@ -58,7 +58,7 @@ Rails.application.configure do
   # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
 
   # Use a different cache store in production.
-  config.cache_store = :memory_store
+  # config.cache_store = :memory_store
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.action_controller.asset_host = 'http://assets.example.com'
@@ -67,6 +67,25 @@ Rails.application.configure do
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
 
+  if ENV['MAILTRAP_ENABLED'] == 'enabled'
+    config.action_mailer.delivery_method = :smtp
+    config.action_mailer.smtp_settings = {
+      user_name: Rails.application.secrets.mailtrap[:username],
+      password: Rails.application.secrets.mailtrap[:password],
+      address: 'smtp.mailtrap.io',
+      domain: 'smtp.mailtrap.io',
+      port: '2525',
+      authentication: :cram_md5
+    }
+  else
+    config.action_mailer.delivery_method = :mailjet
+  end
+
+  config.action_mailer.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
   # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
   # the I18n.default_locale when a translation cannot be found).
   config.i18n.fallbacks = true
@@ -83,6 +102,9 @@ Rails.application.configure do
   config.active_record.dump_schema_after_migration = false
 
   Rails.application.routes.default_url_options = {
-    protocol: :https
+    protocol: :https,
+    host: ENV['APP_HOST']
   }
+
+  config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
 end

config/environments/staging.rb

@@ -0,0 +1,110 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Verifies that versions and hashed value of the package contents in the project's package.json
+  config.webpacker.check_yarn_integrity = false
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like
+  # NGINX, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
+  # yet still be able to expire them through the digest params.
+  config.assets.digest = true
+
+  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  config.force_ssl = true
+
+  # Use the lowest log level to ensure availability of diagnostic information
+  # when problems arise.
+  config.log_level = :debug
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :memory_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = 'http://assets.example.com'
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  if ENV['MAILTRAP_ENABLED'] == 'enabled'
+    config.action_mailer.delivery_method = :smtp
+    config.action_mailer.smtp_settings = {
+      user_name: Rails.application.secrets.mailtrap[:username],
+      password: Rails.application.secrets.mailtrap[:password],
+      address: 'smtp.mailtrap.io',
+      domain: 'smtp.mailtrap.io',
+      port: '2525',
+      authentication: :cram_md5
+    }
+  else
+    config.action_mailer.delivery_method = :mailjet
+  end
+
+  config.action_mailer.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  config.active_storage.service = :clever_cloud
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+
+  Rails.application.routes.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
+  config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
+end

config/features.rb

@@ -23,7 +23,7 @@ Flipflop.configure do
 
   group :production do
     feature :remote_storage,
-      default: Rails.env.production? || Rails.env.staging?
+      default: ENV['FOG_ENABLED'] == 'enabled'
     feature :weekly_overview,
       default: Rails.env.production?
   end

config/initializers/active_job_log_subscriber.rb

@@ -40,6 +40,7 @@ class ActiveJobLogSubscriber < ::ActiveJob::Logging::LogSubscriber
     tags.push('exception') if data[:exception]
     data[:tags] = tags
     data[:type] = 'tps'
+    data[:source] = ENV['SOURCE']
 
     log(data)
   end

config/initializers/active_storage_conf_override.rb

@@ -1,4 +0,0 @@
-# FIXME: remove this once we moved to a properly structured infrastructure
-if Rails.env.production? || Rails.env.staging?
-  Rails.application.config.active_storage.service = :clever_cloud
-end

config/initializers/carrierwave.rb

@@ -1,17 +1,18 @@
-if Rails.env.test?
-  Fog.credentials_path = Rails.root.join('config', 'fog_credentials.test.yml')
-else
-  Fog.credentials_path = Rails.root.join('config', 'fog_credentials.yml')
-end
-
 CarrierWave.configure do |config|
   # These permissions will make dir and files available only to the user running
   # the servers
   config.permissions = 0664
   config.directory_permissions = 0775
 
-  if Rails.env.production? || Rails.env.staging?
+  if ENV['FOG_ENABLED'] == 'enabled'
-    config.fog_credentials = { provider: 'OpenStack' }
+    config.fog_credentials = {
+      provider: 'OpenStack',
+      openstack_tenant: Rails.application.secrets.fog[:openstack_tenant],
+      openstack_api_key: Rails.application.secrets.fog[:openstack_api_key],
+      openstack_username: Rails.application.secrets.fog[:openstack_username],
+      openstack_auth_url: Rails.application.secrets.fog[:openstack_auth_url],
+      openstack_region: Rails.application.secrets.fog[:openstack_region],
+    }
   end
 
   # This avoids uploaded files from saving to public/ and so
@@ -22,11 +23,5 @@ CarrierWave.configure do |config|
 
   config.fog_public = true
 
-  if Rails.env.production?
+  config.fog_directory = Rails.application.secrets.fog[:directory]
-    config.fog_directory = "tps"
-  elsif Rails.env.development?
-    config.fog_directory = "test_local"
-  else
-    config.fog_directory = "tps_dev"
-  end
 end

config/initializers/devise.rb

@@ -6,7 +6,7 @@ Devise.setup do |config|
   # The secret key used by Devise. Devise uses this key to generate
   # random tokens. Changing this key will render invalid all existing
   # confirmation, reset password and unlock tokens in the database.
-  # config.secret_key = '023b8d51611750f31982654ec5c14e275784af6a7a15aadbc599a973265e01e4218e209489b65e63d008b23754e4db268e376f652720fa9a69846853a365b811'
+  config.secret_key = Rails.application.secrets.secret_key_base
 
   # ==> Mailer Configuration
   # Configure the e-mail address which will be shown in Devise::Mailer,
@@ -235,8 +235,7 @@ Devise.setup do |config|
   # Add a new OmniAuth provider. Check the wiki for more information on setting
   # up on your models and hooks.
   if !Rails.env.test?
-    github_secrets = YAML::load_file(File.join(__dir__, '../github_secrets.yml'))
+    config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email'
-    config.omniauth :github, github_secrets['client_id'], github_secrets['client_secret'], scope: 'user:email'
   end
 
   # ==> Warden configuration

config/initializers/france_connect.rb

@@ -1,22 +1,3 @@
-FRANCE_CONNECT = if Rails.env.test?
+FRANCE_CONNECT = {
-  {
+  particulier: Rails.application.secrets.france_connect_particulier
-    particulier: {
+}
-      identifier: 'plop',
-      secret: 'plip',
-      redirect_uri: 'https://bidon.com/endpoint',
-      authorization_endpoint: 'https://bidon.com/endpoint',
-      token_endpoint: 'https://bidon.com/endpoint',
-      userinfo_endpoint: 'https://bidon.com/endpoint',
-      logout_endpoint: 'https://bidon.com/endpoint',
-    }
-  }
-else
-  fc_config_file_path = Rails.root.join("config", "france_connect.yml")
-
-  # FIXME: with a yaml with a { particulier: {} } structure
-  config_hash = YAML.safe_load(File.read(fc_config_file_path))
-    .reduce({}) { |acc, (key, value)| acc[key.gsub('particulier_', '')] = value; acc }
-    .symbolize_keys
-
-  { particulier: config_hash }
-end

config/initializers/lograge.rb

@@ -10,6 +10,7 @@ Rails.application.configure do
     config.lograge.custom_options = lambda do |event|
       {
         type: 'tps',
+        source: ENV['SOURCE'],
         tags: ['request', event.payload[:exception] ? 'exception' : nil].compact,
         user_id: event.payload[:user_id],
         user_email: event.payload[:user_email],

config/initializers/mailjet.rb

@@ -0,0 +1,5 @@
+Mailjet.configure do |config|
+  config.api_key = Rails.application.secrets.mailjet[:api_key]
+  config.secret_key = Rails.application.secrets.mailjet[:secret_key]
+  config.default_from = CONTACT_EMAIL
+end

config/initializers/raven.rb

@@ -0,0 +1,7 @@
+if ENV['SENTRY_ENABLED'] == 'enabled'
+  require 'raven'
+
+  Raven.configure do |config|
+    config.dsn = ENV['SENTRY_DSN_RAILS']
+  end
+end

config/initializers/storage_url.rb

@@ -1 +0,0 @@
-STORAGE_URL = "https://storage.apientreprise.fr/#{CarrierWave::Uploader::Base.fog_directory}/"

config/initializers/urls.rb

@@ -1,7 +1,5 @@
 API_CARTO_URL = "https://apicarto.sgmap.fr"
 
-API_ENTREPRISE_URL = 'https://entreprise.api.gouv.fr/v2'
-
 API_GEO_URL = "https://geo.api.gouv.fr"
 
 PIPEDRIVE_API_URL = 'https://api.pipedrive.com/v1'

config/secrets.yml

@@ -9,14 +9,70 @@
 
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
+defaults: &defaults
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  signing_key: <%= ENV["SIGNING_KEY"] %>
+  basic_auth:
+    username: <%= ENV['BASIC_AUTH_USERNAME'] %>
+    password: <%= ENV['BASIC_AUTH_PASSWORD'] %>
+  france_connect_particulier:
+    identifier: <%= ENV['FC_PARTICULIER_ID'] %>
+    secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
+    redirect_uri: <%= ENV['FC_PARTICULIER_REDIRECT_URI'] %>
+    authorization_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/authorize
+    token_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/token
+    userinfo_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/userinfo
+    logout_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/logout
+  github:
+    client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
+    client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>
+  mailjet:
+    api_key: <%= ENV['MAILJET_API_KEY'] %>
+    secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>
+  api_entreprise:
+    key: <%= ENV['API_ENTREPRISE_KEY'] %>
+    base_url: <%= ENV['API_ENTREPRISE_BASE_URL'] %>
+  pipedrive:
+    key: <%= ENV['PIPEDRIVE_KEY'] %>
+  fog:
+    openstack_tenant: <%= ENV['FOG_OPENSTACK_TENANT'] %>
+    openstack_api_key: <%= ENV['FOG_OPENSTACK_API_KEY'] %>
+    openstack_username: <%= ENV['FOG_OPENSTACK_USERNAME'] %>
+    openstack_auth_url: <%= ENV['FOG_OPENSTACK_AUTH_URL'] %>
+    openstack_region: <%= ENV['FOG_OPENSTACK_REGION'] %>
+    base_url: <% ENV['FOG_BASE_URL'] %>
+    directory: <%= ENV['FOG_DIRECTORY'] %>
+  mailtrap:
+    username: <%= ENV['MAILTRAP_USERNAME'] %>
+    password: <%= ENV['MAILTRAP_PASSWORD'] %>
 
 development:
+  <<: *defaults
   secret_key_base: 05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0
+  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
 
 test:
+  <<: *defaults
   secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a
+  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
+  api_entreprise:
+    key: api_entreprise_test_key
+    base_url: https://entreprise.api.gouv.fr/v2
+  fog:
+    base_url: https://storage.apientreprise.fr
+    directory: tps_dev
+  pipedrive:
+    key: pipedrive_test_key
+  france_connect_particulier:
+    identifier: france_connect_test_identifier
+    secret: france_connect_test_secret
+    redirect_uri: https://bidon.com/endpoint
+    authorization_endpoint: https://bidon.com/endpoint
+    token_endpoint: https://bidon.com/endpoint
+    userinfo_endpoint: https://bidon.com/endpoint
+    logout_endpoint: https://bidon.com/endpoint
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  <<: *defaults

config/signing_key.yml

@@ -1,2 +0,0 @@
-# This is a signing key used in dev and test environments
-key: 'aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017'

config/skylight.yml

@@ -0,0 +1,3 @@
+---
+# The authentication token for the application.
+authentication: <%= ENV['SKYLIGHT_AUTHENTICATION_KEY'] || '' %>

config/storage.yml

@@ -1,7 +1,11 @@
 local:
   service: Disk
   root: <%= Rails.root.join("storage") %>
-
 test:
   service: Disk
   root: <%= Rails.root.join("tmp/storage") %>
+clever_cloud:
+  service: Cellar
+  access_key_id: <%= ENV['CLEVER_CLOUD_ACCESS_KEY_ID'] %>
+  secret_access_key: <%= ENV['CLEVER_CLOUD_SECRET_ACCESS_KEY'] %>
+  bucket: <%= ENV['CLEVER_CLOUD_BUCKET'] %>

lib/tasks/dev.rake

@@ -2,7 +2,6 @@ namespace :dev do
   desc 'Initialise dev environment'
   task :init do
     puts 'start initialisation'
-    Rake::Task['dev:generate_token_file'].invoke
     Rake::Task['dev:generate_franceconnect_file'].invoke
     Rake::Task['dev:generate_fog_credentials_file'].invoke
     Rake::Task['dev:generate_features_file'].invoke
@@ -10,14 +9,6 @@ namespace :dev do
     puts 'end initialisation'
   end
 
-  task :generate_token_file do
-    puts 'creating token.rb file'
-    res = `rake secret`.delete("\n")
-    file = File.new('config/initializers/token.rb', 'w+')
-    file.write("TPS::Application.config.SIADETOKEN = '#{res}'")
-    file.close
-  end
-
   task :generate_franceconnect_file do
     file = File.new('config/france_connect.yml', 'w+')
     comment = <<~EOF

spec/spec_helper.rb

@@ -81,9 +81,6 @@ DatabaseCleaner.strategy = :transaction
 
 TPS::Application.load_tasks
 
-SIADETOKEN = :valid_token if !defined? SIADETOKEN
-PIPEDRIVE_TOKEN = :pipedrive_test_token if !defined? PIPEDRIVE_TOKEN
-
 include Warden::Test::Helpers
 
 include SmartListing::Helper