Wednesday, February 13, 2013

Prep Ruby on Rails Apps for GitHub Publishing


Rails_on_github

When I started to publish code on GitHub I began searching for the best way to share my code without accidentially giving away my keys, passcodes or usernames. I tried to fork a version for publishing but branch history will still allow the public to see what was in previous versions. After trying a few methods, I opted to store all my passcodes in a *.yml file in config folder and just add it to the .gitignore. This required a few notes to let cloners know what to do with the code in the case they were to use their own keys directly.


Create a file under the ‘/config’ folder ‘ app_passwords.yml’

defaults: &defaults 
    app_key: my_app_key
    app_secret: my_app_secret 

development:
     <<: *defaults

test:
     <<: *defaults 

production:
     <<: *defaults

In order to load ‘app_passwords.yml’ it needs to reside at the top of the ‘/config/initializers’ folder. I placed a file called ‘01_app_passwords.rb’ (I added the 01 to put it at the top of the file list since initializers are processed in order).


In ‘config/initializers/01_app_passwords.rb’

MY_PASSWORDS = YAML.load_file("#{Rails.root}/config/app_passwords.yml")[Rails.env]

Now that the passwords are loaded into the Rails envionment, they can be called from the controller.


In ‘my_controller.rb’

APP_KEY = MY_PASSWORDS['app_key']
APP_SECRET = MY_PASSWORDS['app_secret']

Now that the app’s sensitive data is located in a single place, the ‘app_passwords.yml’ can be added to your ‘.gitignore’ file and it will not be committed to GitHub (as long as you don’t have other commits to your code history). There are now two options for your README for letting users who download your code to change in order to use it with their own passwords.
  1. Change ‘MY_PASSWORDS['app_key’]‘ and 'MY_PASSWORDS['app_secret’] with their own keys and passwords. or….
  2. Add their own ‘app_passwords.yml’ to the ‘/config’ folder.
This seems to get the worry out of the way and let you code and commit without worry (well at least after the first commit and check!). ~Lou