Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: add encrypted detailed files #840

Merged
merged 16 commits into from
Dec 17, 2024
Merged

refactor: add encrypted detailed files #840

merged 16 commits into from
Dec 17, 2024

Conversation

vjousse
Copy link
Collaborator

@vjousse vjousse commented Nov 21, 2024
edited
Loading

🔧 Problem

In order not to make public the Ecoinvent data containing detailed processes impacts, this data is stored in a private repository on Github https://github.com/MTES-MCT/ecobalyse-private, so it is not included with the source code of the Ecobalyse application, even though it is necessary for its proper functioning. This frequently leads to technical problems when putting features into production, as it is very complicated to keep data synchronized between the two repositories.

🍰 Solution

Re-store detailed processes in the main repository, but encrypt them using git encryption with the help of https://github.com/elasticdog/transcrypt

🚨 Points to watch/comments

The warning *** WARNING : deprecated key derivation used. on the ci is ok for now, see elasticdog/transcrypt#169

As Scalingo doesn't give access to the git repo I need to git clone it when deploying to Scalingo. Then I can run transcrypt to decrypt the files and copy them over.

We don't synchronize with ecobalyse-private anymore. To add new detailed files they will just need to be added to a commit in the main repo. You can see the diffs locally but not on Github anymore as the files are encrypted.

🏝️ How to test

Depending on your OS, install trancrypt like explained here https://github.com/elasticdog/transcrypt/blob/main/INSTALL.md. Get the trancrypt key in https://vaultwarden.incubateur.net/ and add it to your .env file under the TRANSCRYPT_KEY entry. If you don't have access to the Vault, you should ask for one.
You can check that files are encrypted by running:

cat public/data/textile/processes_impacts.json

It should give you some cryptic content.

Then init your repo with transcrypt using the following command (you will need to do it only once for all):

./bin/run-transcrypt.sh

The processes should then be decrypted and you should be able to read them directly with:

cat public/data/textile/processes_impacts.json

Try to change some detailed files and check that you can commit the changes in this branch without any problem (you can change the objects one).

Before commiting changes, be sure that your .git/hooks/pre-commit file contains the following (it should have been added by the transcrypt command):

# Transcrypt pre-commit hook: fail if secret file in staging lacks the magic prefix "Salted" in B64
 RELATIVE_GIT_DIR=$(git rev-parse --git-dir 2>/dev/null || printf '')
 CRYPT_DIR=$(git config transcrypt.crypt-dir 2>/dev/null || printf '%s/crypt' "${RELATIVE_GIT_DIR}")
 "${CRYPT_DIR}/transcrypt" pre_commit

@vjousse vjousse force-pushed the refactor/crypt-detailed-processes branch 2 times, most recently from 17e13d5 to 3e60d65 Compare November 25, 2024 16:19
@vjousse vjousse changed the title chore: add encrypted files refactor: add encrypted detailed files Nov 25, 2024
@vjousse vjousse marked this pull request as ready for review November 25, 2024 16:19
@vjousse vjousse requested review from n1k0, paulboosz and ccomb November 25, 2024 16:20
n1k0
n1k0 approved these changes Nov 26, 2024
View reviewed changes
Copy link
Member

@n1k0 n1k0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested the patch and the decryption/encryption/git workflow, it works great 😄 A few question, nits and remarks and we're good to go 👍

.buildpacks Outdated Show resolved Hide resolved
.github/workflows/create_release.yml Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
public/data/object/processes_impacts.json Outdated Show resolved Hide resolved
bin/build-specific-app-version.sh Show resolved Hide resolved
bin/transcrypt Outdated Show resolved Hide resolved
@vjousse vjousse force-pushed the refactor/crypt-detailed-processes branch 2 times, most recently from 6001e9a to e89e57b Compare December 4, 2024 10:42
@n1k0 n1k0 self-requested a review December 4, 2024 12:50
n1k0
n1k0 approved these changes Dec 4, 2024
View reviewed changes
Copy link
Member

@n1k0 n1k0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few remarks and comments following recent branch updates

.github/workflows/create_release.yml Outdated Show resolved Hide resolved
.github/workflows/node.js.yml Outdated Show resolved Hide resolved
bin/run-transcrypt.sh Outdated Show resolved Hide resolved
bin/run-transcrypt.sh Show resolved Hide resolved
buildpack-run.sh Outdated Show resolved Hide resolved
buildpack-run.sh Outdated Show resolved Hide resolved
@vjousse vjousse force-pushed the refactor/crypt-detailed-processes branch 2 times, most recently from 1d9a408 to 2fb8e83 Compare December 10, 2024 10:26
@vjousse vjousse force-pushed the refactor/crypt-detailed-processes branch from 2fb8e83 to db8fa71 Compare December 16, 2024 13:54
paulboosz
paulboosz approved these changes Dec 16, 2024
View reviewed changes
Copy link
Collaborator

@paulboosz paulboosz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

encrypting/decrypting works and I was able to commit changes to processes.json

n1k0
n1k0 reviewed Dec 17, 2024
View reviewed changes
buildpack-run.sh Show resolved Hide resolved
@vjousse vjousse merged commit ac46a9d into master Dec 17, 2024
5 checks passed
@vjousse vjousse deleted the refactor/crypt-detailed-processes branch December 17, 2024 07:56
@github-actions github-actions bot mentioned this pull request Dec 17, 2024
Merged
vjousse pushed a commit that referenced this pull request Jan 13, 2025
@github-actions
chore(release): release v3.0.0 (#845)
c0c02a3 
## [3.0.0](https://github.com/MTES-MCT/ecobalyse/compare/v2.7.1..v3.0.0)
(2025-01-13)



### 🚀 Features

- Generalize density, electricity, heat and waste process fields
([#855](#855))
- *(data)* Ensure consistent nullable alias field in all processes
files. ([#862](#862))
- Add betagouv logo.
([#848](#848))
- *(data)* Unified, cross-domain processes file format.
([#866](#866))
- *(data)* Validate processes files against a JSON schema.
([#869](#869))
- *(data,textile)* Add trim process and components data.
([#824](#824))
- *(textile)* Implement trims.
([#873](#873))
- *(data,ui)* Add trims to more textile examples, render them in
explorer ([#876](#876))
- Allow expanding trim details.
([#877](#877))
- Allow staff to access detailed impacts from explorer.
([#878](#878))

### 🪲 Bug Fixes

- *(food)* [**breaking**] Food processes identifiers are now UUIDs
([#844](#844))
- *(data)* [**breaking**] Update textile process ids to use UUID format
([#858](#858))
- Data pipeline with new UUIDs
([#857](#857))
- Fix api error with old versions
([#851](#851))
- Broken homepage after upgrading highcharts
([#863](#863))
- *(dev)* Fix npm ci error with `transcrypt`
([#870](#870))
- Correct data on trims
([#879](#879))
- Warn on session data decoding error.
([#884](#884))
- *(textile)* Apply durability to trims impacts.
([#886](#886))
- Update PEF score label.
([#887](#887))

### 🚜 Refactor

- Move textile step_usage field to categories.
([#850](#850))
- *(data)* Move textile process "correctif" to comment
([#852](#852))
- Add encrypted detailed impacts files to the source code
([#840](#840))
- Abstract components.
([#872](#872))
- Order json keys
([#871](#871))

### 📚 Documentation

- Fix openapi food examples
([#867](#867))

### ⚙️ Miscellaneous Tasks

- Increase API test timeout
([#853](#853))
- *(data)* Remove system_description process field.
([#859](#859))
- Upgrade dependencies, December 2024.
([#860](#860))
- Remove obsolete/unused info textile process field.
([#861](#861))
- *(data)* Merge PastoEco in a single file to speedup imports and fixed
linking to AGB
([#833](#833))
- Fix score_history workflow for transcrypt
([#864](#864))
- Standardize number formatting across codebase
([#804](#804))
- Standardize tkm unit
([#868](#868))
- Remove obsolete pre-commit command.
([#874](#874))
- Update trim api parameter ordering.
([#875](#875))
- Remove data directory, now in `ecobalyse-data` repo
([#888](#888))
- Update crypto-related docs.
([#890](#890))
- *(security)* Upgrade django to >=5.1.4.
([#885](#885))
- Readd score_history
([#891](#891))

<!-- generated by git-cliff -->

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot mentioned this pull request Jan 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@n1k0 n1k0 n1k0 approved these changes

@paulboosz paulboosz paulboosz approved these changes

@ccomb ccomb Awaiting requested review from ccomb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vjousse @n1k0 @paulboosz