我通常会更新生产的Ruby on Rails应用程序,今天我使用gem文件更新了一些安全漏洞,将它们推送到我的Github存储库中,然后进行了git push heroku master接收到以下错误:
remote: -----> Preparing app for Rails asset pipeline
remote: Running: rake assets:precompile
remote: rake aborted!
remote: Devise.secret_key was not set. Please add the following to your Devise initializer:
remote:
remote: config.secret_key = '<hash>'
remote:
remote: Please ensure you restarted your application after installing Devise or setting the key....
remote: !
remote: ! Precompiling assets failed.
remote: !
不确定最近更新的actionview -v 5.1.6.2与该错误之间是否存在连接,但是我继续并添加了config.secret_key = ...,然后提交并推送到我的仓库中,然后执行了git push heroku master,现在我明白了:
An unhandled lowlevel error occurred. The application logs may have details.
Heroku日志说:
#<RuntimeError: Missing `secret_key_base` for 'production' environment, set this value in `config/secrets.yml`>
但是我的config/secrets.yml中有此内容:
# Do not keep production secrets in the unencrypted secrets file.
# Instead, either read values from the environment.
# Or, use `bin/rails secrets:setup` to configure encrypted secrets
# and move the `production:` environment over there.
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
答案 0 :(得分:0)
我决定不按照Heroku的建议在我的PlayerRepository playerRepository=PlayerRepository.getInstance();
Player player=playerRepository.getPlayer();
player.buyUpgrade(upgrade);
文件中设置Devise秘密密钥,而是转到devise.rb文件并添加以下代码行:
application.rb
我忘记了Heroku已经设置了我的秘密密钥库,因此在将这行代码添加到config.secret_key_base = ENV["SECRET_KEY_BASE"]文件并将更改提交到我的Github存储库后,我运行了application.rb,然后运行了git push heroku master,并且我的生产RoR网站已恢复正常运行,并且恢复正常。
此解决方案更好地是避免在我的heroku run rake db:migrate文件中包含任何秘密密钥,从安全角度来看,这不是一个好主意。