From 829f534afd71f3aa4c7736bc95e729559b10f47b Mon Sep 17 00:00:00 2001
From: Michael Bumann <hello@michaelbumann.com>
Date: Thu, 9 Apr 2020 12:24:18 +0200
Subject: [PATCH] Configure activestorage for production

access keys and region are configured using environment variables
---
 Gemfile                           |  1 +
 Gemfile.lock                      | 18 ++++++++++++++++++
 config/environments/production.rb |  2 +-
 config/storage.yml                | 10 +++++-----
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/Gemfile b/Gemfile
index cc5430e..5de7f90 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,6 +23,7 @@ gem 'bootsnap', '>= 1.4.2', require: false
 
 gem 'lockbox'
 
+gem 'aws-sdk-s3', require: false
 # gem 'airrecord'
 gem 'google-api-client'
 gem 'rack-cors'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2cc091d..eabe759 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -58,6 +58,22 @@ GEM
       zeitwerk (~> 2.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
+    aws-eventstream (1.0.3)
+    aws-partitions (1.263.0)
+    aws-sdk-core (3.89.1)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
+      aws-sigv4 (~> 1.1)
+      jmespath (~> 1.0)
+    aws-sdk-kms (1.27.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.60.1)
+      aws-sdk-core (~> 3, >= 3.83.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.1.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
     bootsnap (1.4.6)
       msgpack (~> 1.0)
     builder (3.2.4)
@@ -96,6 +112,7 @@ GEM
       concurrent-ruby (~> 1.0)
     jbuilder (2.10.0)
       activesupport (>= 5.0.0)
+    jmespath (1.4.0)
     jwt (2.2.1)
     listen (3.2.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -219,6 +236,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  aws-sdk-s3
   bootsnap (>= 1.4.2)
   byebug
   dotenv-rails
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 6ac7045..51f2525 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -36,7 +36,7 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = :local
+  config.active_storage.service = :amazon
 
   # Mount Action Cable outside main process or domain.
   # config.action_cable.mount_path = nil
diff --git a/config/storage.yml b/config/storage.yml
index d32f76e..b79ac90 100644
--- a/config/storage.yml
+++ b/config/storage.yml
@@ -6,13 +6,13 @@ local:
   service: Disk
   root: <%= Rails.root.join("storage") %>
 
-# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
-# amazon:
-#   service: S3
+# access keys and region are configured using environment variables
+amazon:
+  service: S3
+  bucket: ENV['AWS_S3_BUCKET']
 #   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
 #   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
-#   region: us-east-1
-#   bucket: your_own_bucket
+#   region: ENV['AWS_REGION']
 
 # Remember not to checkin your GCS keyfile to a repository
 # google: