TPA issueshttps://gitlab.torproject.org/groups/tpo/tpa/-/issues2024-03-05T19:45:08Zhttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41494Make Stephen a maintainer of donate-neo2024-03-05T19:45:08ZKezMake Stephen a maintainer of donate-neoCurrently, @stephen requires a donate-neo maintainer or a gitlab admin to run donate-review CI jobs. This is really inefficient and creates needless extra work for everyone. I'd like to make stephen a maintainer of the donate-neo repo so...Currently, @stephen requires a donate-neo maintainer or a gitlab admin to run donate-review CI jobs. This is really inefficient and creates needless extra work for everyone. I'd like to make stephen a maintainer of the donate-neo repo so he can trigger the review app deployment job without needing to ask someone else to do it.
Making him a maintainer will give him access to the `CI_PROJECT_ACCESS_TOKEN` CI secret, as well as indirect unprivileged code-execution on donate-review-01 as the gitlab-runner user (the CI script isn't sandboxed). I don't think either of these are actually issues, but I want to run it by someone else first in case there's something I haven't considered.
@gaba or @anarcat Do you have any thoughts or concerns about giving stephen maintainer privileges in that repo?anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41523document donate-review deployment process and project in general2024-02-14T21:09:13Zanarcatdocument donate-review deployment process and project in generalin tpo/tpa/team#41519, we have identified that donate-review lacks documentation. #41518 is a task for @lavamind to review that project, but this is for @kez to document it as much as they can.in tpo/tpa/team#41519, we have identified that donate-review lacks documentation. #41518 is a task for @lavamind to review that project, but this is for @kez to document it as much as they can.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41521install redis on donate-review-012024-02-13T17:35:37ZKezinstall redis on donate-review-01@stephen needs a redis server available for testing donate-neo review apps. the easiest way to set that up would be to add the redis package to the machine in puppet. redis shouldn't need any additional configuration, i believe it should...@stephen needs a redis server available for testing donate-neo review apps. the easiest way to set that up would be to add the redis package to the machine in puppet. redis shouldn't need any additional configuration, i believe it should "just work" out of the box. the most configuring it could need is allowing all connections from localhost.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41513I need a sanitized private/settings.local.php file2024-02-05T15:58:16ZKezI need a sanitized private/settings.local.php fileWhile working on the unit tests for #41511, I ran into an issue where some of the tests rely on the `private/settings.local.php` file. I don't have a copy of this, and there's no example copy I can work with. I'll need the settings.local...While working on the unit tests for #41511, I ran into an issue where some of the tests rely on the `private/settings.local.php` file. I don't have a copy of this, and there's no example copy I can work with. I'll need the settings.local.php file from the crm-ext-01 box so I can fix any issues with the unit tests, and document the config file. **This file contains private keys** so the file will need to be sanitized before it's posted in this ticket or checked into git. This file should be located at `crm-ext-01.torproject.org:/srv/donate-api.torproect.org/htdocs-staging`.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/41289mattlav would like to be notified when donate detects stripe fraud2023-11-02T18:44:48ZKezmattlav would like to be notified when donate detects stripe fraudthe other day @mattlav asked if he could be notified when the donate middleware detects and bans stripe fraud. we could do this really easily by changing the donate fail2ban logging to include a bit more information, and then setting `ac...the other day @mattlav asked if he could be notified when the donate middleware detects and bans stripe fraud. we could do this really easily by changing the donate fail2ban logging to include a bit more information, and then setting `action = %(action_mwl)s` in the fail2ban config. the biggest blocker there is that crm-ext-01 would need an SMTP client setup somewhere and we'd have to plan for crm-ext to send mail.anarcatanarcathttps://gitlab.torproject.org/tpo/tpa/team/-/issues/40883Renew Harica TLS certificate for donate.tpo onion2022-10-13T23:46:03ZJérôme Charaouilavamind@torproject.orgRenew Harica TLS certificate for donate.tpo onionOur Harica TLS certificate for onion address `yoaenchicimox2qdc47p36zm3cuclq7s7qxx6kvxqaxjodigfifljqqd.onion` is expiring in 2 weeks. We should renew it.Our Harica TLS certificate for onion address `yoaenchicimox2qdc47p36zm3cuclq7s7qxx6kvxqaxjodigfifljqqd.onion` is expiring in 2 weeks. We should renew it.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2022-09-16