From 6c7014d6a680561151f61a31df43dc69498e51ec Mon Sep 17 00:00:00 2001
From: Nicolas LAURENT <aegypius@users.noreply.github.com>
Date: Fri, 3 Jun 2022 12:16:25 +0200
Subject: [PATCH] feat: add support for symfony secrets (#22)

---
 README.md                                |  2 ++
 config/before_composer.yml               |  7 +++++++
 docs/symfony/secrets.md                  | 13 +++++++++++++
 templates/symfony/secrets_private.php.j2 |  3 +++
 4 files changed, 25 insertions(+)
 create mode 100644 docs/symfony/secrets.md
 create mode 100644 templates/symfony/secrets_private.php.j2

diff --git a/README.md b/README.md
index 47ff317..5e9a9e3 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,8 @@ Common deploy tasks for projects made at Le Phare.
 * [Workflow overview](docs/workflow.md)
 * Composer:
   * [Private registry](docs/composer/private-registry.md)
+* Symfony:
+  * [Secrets](docs/symfony/secrets.md)
 
 ## Role Variables
 
diff --git a/config/before_composer.yml b/config/before_composer.yml
index 7860d94..ae5ef77 100644
--- a/config/before_composer.yml
+++ b/config/before_composer.yml
@@ -11,3 +11,10 @@
     login_password: "{{ app_database_password }}"
     state: dump
     target: "{{ ansistrano_deploy_to }}/{{ ansistrano_current_dir }}/{{ db_pull_remote_database_name }}.sql.gz"
+
+- name: Setup {{ symfony_env }} secrets decrypt key
+  template:
+    src: symfony/secrets_private.php.j2
+    dest: "{{ ansistrano_release_path.stdout }}/config/secrets/{{ symfony_env }}/{{ symfony_env }}.decrypt.private.php"
+    mode: 0644
+  when: symfony_secret_private_key is defined
diff --git a/docs/symfony/secrets.md b/docs/symfony/secrets.md
new file mode 100644
index 0000000..aa9e1c0
--- /dev/null
+++ b/docs/symfony/secrets.md
@@ -0,0 +1,13 @@
+# Symfony secrets
+
+## Conditions
+
+`symfony_secret_private_key` must be set (in the vault).
+
+## When
+
+During `lephare_symfony_before_composer_tasks_file`
+
+## Description
+
+Creates a `decrypt.private.php` file in the `config/secret` directory allowing to use symfony secrets seamlessly.
diff --git a/templates/symfony/secrets_private.php.j2 b/templates/symfony/secrets_private.php.j2
new file mode 100644
index 0000000..9515611
--- /dev/null
+++ b/templates/symfony/secrets_private.php.j2
@@ -0,0 +1,3 @@
+<?php // {{ symfony_env }}.decrypt.private on {{ now(False, '%a, %d %b %Y %H:%M:%S %z') }}
+
+return "{{ symfony_secret_private_key }}";