Set AUTH for Staging apps in Heroku Review

app.json

@@ -78,6 +78,7 @@
   },
   "name": "coderdojo.jp",
   "scripts": {
+      "postdeploy": "bundle exec rails db:setup && bundle exec rails dojos:update_db_by_yaml && bundle exec rails dojo_event_services:upsert"
   },
   "stack": "heroku-18"
 }

app/controllers/application_controller.rb

@@ -1,4 +1,7 @@
 class ApplicationController < ActionController::Base
+  http_basic_authenticate_with name: ENV['BASIC_AUTH_NAME'],
+                           password: ENV['BASIC_AUTH_PASSWORD'] if Rails.env.staging?
+
   before_action :store_location , unless: :login_page_access?
 
   # Prevent CSRF attacks by raising an exception.

config/database.yml

@@ -82,5 +82,9 @@ test:
 #   production:
 #     url: <%= ENV['DATABASE_URL'] %>
 #
+staging:
+  <<: *default
+  database: coderdojo_jp_staging
+
 production:
   url: <%= ENV['DATABASE_URL'] %>

config/environments/staging.rb

@@ -0,0 +1,105 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Attempt to read encrypted secrets from `config/secrets.yml.enc`.
+  # Requires an encryption key in `ENV["RAILS_MASTER_KEY"]` or
+  # `config/secrets.yml.key`.
+  config.read_encrypted_secrets = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Suppress logger output for asset requests.
+  #config.assets.quiet = true
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = Sprockets::UglifierCompressor.new(comments: :copyright)
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = 'http://assets.example.com'
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+
+  # Mount Action Cable outside main process or domain
+  # config.action_cable.mount_path = nil
+  # config.action_cable.url = 'wss://example.com/cable'
+  # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  config.force_ssl = true
+
+  # Use the lowest log level to ensure availability of diagnostic information
+  # when problems arise.
+  config.log_level = :debug
+
+  # Prepend all log lines with the following tags.
+  config.log_tags = [ :request_id ]
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+  # config.cache_store = :memory_store
+
+  # Use a real queuing backend for Active Job (and separate queues per environment)
+  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_name_prefix = "coderdojo_jp_#{Rails.env}"
+  config.action_mailer.perform_caching = false
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Use a different logger for distributed setups.
+  # require 'syslog/logger'
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+
+  if ENV["RAILS_LOG_TO_STDOUT"].present?
+    logger           = ActiveSupport::Logger.new(STDOUT)
+    logger.formatter = config.log_formatter
+    config.logger    = ActiveSupport::TaggedLogging.new(logger)
+  end
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+
+  # Redirect if not in correct domains
+  config.middleware.use Rack::HostRedirect, {
+    %w(coderdojo-japan.herokuapp.com www.coderdojo.jp) => 'coderdojo.jp'
+  }
+end

config/secrets.yml

@@ -23,6 +23,9 @@ development:
 test:
   secret_key_base: 7ba3d6d2a7c7089b9ec2d21821c88cef5801cf32e4f9c4c0908456c3319d3bd651c8601b04625c2a03d3c16d1eb37833f1ae23a34586352eb6ab9d06999af583
 
+staging:
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+
 # Do not keep production secrets in the unencrypted secrets file.
 # Instead, either read values from the environment.
 # Or, use `bin/rails secrets:setup` to configure encrypted secrets