Software
/
rosa-build
mirror of https://github.com/OpenMandrivaSoftware/rosa-build.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2 from warpc/906-remove-private-data 

[refs #906]: remove private data
This commit is contained in:
Vladimir Sharshov 2013-03-04 14:06:46 -08:00
parent 657d330b59 034837c08b
commit c726c83458
11 changed files with 515 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -17,3 +17,6 @@ public/downloads/*
.sass-cache/ .sass-cache/
dump.rdb dump.rdb
crash.log crash.log
config/newrelic.yml
config/deploy/*.rb
config/deploy.rb

2
app/models/key_pair.rb
View File

@ -5,7 +5,7 @@ class KeyPair < ActiveRecord::Base
attr_accessor :fingerprint attr_accessor :fingerprint
attr_accessible :public, :secret, :repository_id attr_accessible :public, :secret, :repository_id
attr_encrypted :secret, :key => APP_CONFIG['secret_key'] attr_encrypted :secret, :key => APP_CONFIG['keys']['key_pair_secret_key']
validates :repository_id, :user_id, :presence => true validates :repository_id, :user_id, :presence => true
validates :secret, :public, :presence => true, :length => { :maximum => 10000 }, :on => :create validates :secret, :public, :presence => true, :length => { :maximum => 10000 }, :on => :create

57
config/application.yml.sample Normal file
View File

@ -0,0 +1,57 @@
common: &common
project_name: ABF
repo_project_name: ABF
anonymous_access: true
file_store_url: 'http://file-store.rosalinux.ru'
distr_types: ['mdv', 'rhel', 'nau5']
abf_worker:
publish_workers_count: 2
keys:
key_pair_secret_key: 'key_pair_secret_key'
airbrake_api_key: 'airbrake_api_key'
devise_pepper: 'devise_pepper'
secret_token: 'secret_token'
wiki_formats:
markdown: "Markdown"
textile: "Textile"
# rdoc: "RDoc"
org: "Org-mode"
# creole: "Creole"
# mediawiki: "MediaWiki"
feedback:
email:
- 'test@example.com'
- 'test1@example.com'
# or
# email: 'test@example.com'
# optional parameters
cc:
- 'test2@example.com' # or like email
bcc:
- 'test3@example.com' # or like email
subject_prefixes: # or one line
- 'from_feedback'
subject_postfixes: # or one line
- 'sample_postfix'
shell_user: 'git'
development:
<<: *common
root_path: /var/rosa
git_path: /var/rosa
do-not-reply-email: do-not-reply@localhost
production:
<<: *common
root_path: /share
git_path: /mnt/gitstore
do-not-reply-email: do-not-reply@abf.rosalinux.ru
mailer_https_url: false
test:
<<: *common
root_path: "use Rails.root/tmp/test_root in spec"
git_path: "use Rails.root/tmp/test_root in spec"
do-not-reply-email: do-not-reply@localhost

126
config/deploy.rb
View File

@ -1,126 +0,0 @@
# -*- encoding : utf-8 -*-
require 'cape'
require 'capistrano_colors'
set :default_environment, {
'LANG' => 'en_US.UTF-8'
}
#set :rake, "#{rake} --trace"
require 'rvm/capistrano'
require 'bundler/capistrano'
require 'airbrake/capistrano'
set :whenever_command, "bundle exec whenever"
# require "whenever/capistrano"
require 'capistrano/ext/multistage'
set :default_stage, "staging"
# set :stages, %w(production staging pingwinsoft) # auto readed
# main details
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
set :application, "rosa_build"
set(:deploy_to) { "/srv/#{application}" }
set :user, "rosa"
set :use_sudo, false
set :keep_releases, 3
set :scm, :git
set :repository, "git@github.com:warpc/rosa-build.git"
set :deploy_via, :remote_cache
require './lib/recipes/nginx'
require './lib/recipes/unicorn'
#require './lib/recipes/bluepill'
set :workers_count, 4
require './lib/recipes/resque'
namespace :deploy do
task :symlink_all, :roles => :app do
run "mkdir -p #{fetch :shared_path}/config"
# Setup DB
run "cp -n #{fetch :release_path}/config/database.yml.sample #{fetch :shared_path}/config/database.yml"
run "ln -nfs #{fetch :shared_path}/config/database.yml #{fetch :release_path}/config/database.yml"
# Setup application
run "cp -n #{fetch :release_path}/config/application.yml.sample #{fetch :shared_path}/config/application.yml"
run "ln -nfs #{fetch :shared_path}/config/application.yml #{fetch :release_path}/config/application.yml"
# It will survive downloads folder between deployments
run "mkdir -p #{fetch :shared_path}/downloads"
run "ln -nfs #{fetch :shared_path}/downloads/ #{fetch :release_path}/public/downloads"
end
task :symlink_pids, :roles => :app do
run "cd #{fetch :shared_path}/tmp && ln -nfs ../pids pids"
end
# Speed up precompile (http://www.bencurtis.com/2011/12/skipping-asset-compilation-with-capistrano )
# namespace :assets do
# task :precompile, :roles => :web, :except => { :no_release => true } do
# from = source.next_revision(current_revision)
# if capture("cd #{latest_release} && #{source.local.log(from)} app/assets/ lib/assets/ vendor/assets/ | wc -l").to_i > 0
# run "cd #{latest_release} && #{rake} RAILS_ENV=#{rails_env} #{asset_env} assets:precompile"
# else
# logger.info "Skipping asset pre-compilation because there were no asset changes"
# end
# end
# end
end
after "deploy:finalize_update", "deploy:symlink_all"
after "deploy:update_code", "deploy:migrate"
after "deploy:setup", "deploy:symlink_pids"
# Bluepill
#after "deploy:restart", "bluepill:restart" # "bluepill:processes:restart_dj" # "bluepill:restart"
#after "deploy:start", "bluepill:start"
#after "deploy:stop", "bluepill:stop"
# Resque
after "deploy:stop", "resque:stop"
after "deploy:start", "resque:start"
after "deploy:restart", "resque:restart"
after "deploy:restart", "deploy:cleanup"
namespace :rake_tasks do
Cape do
mirror_rake_tasks 'db:seeds'
end
end
namespace :update do
desc "Copy remote production shared files to localhost"
task :shared do
run_locally "rsync --recursive --times --rsh=ssh --compress --human-readable --progress #{user}@#{domain}:#{shared_path}/shared_contents/uploads public/uploads"
end
desc "Dump remote production postgresql database, rsync to localhost"
task :postgresql do
get("#{current_path}/config/database.yml", "tmp/database.yml")
remote_settings = YAML::load_file("tmp/database.yml")[rails_env]
local_settings = YAML::load_file("config/database.yml")["development"]
run "export PGPASSWORD=#{remote_settings["password"]} && pg_dump --host=#{remote_settings["host"]} --port=#{remote_settings["port"]} --username #{remote_settings["username"]} --file #{current_path}/tmp/#{remote_settings["database"]}_dump -Fc #{remote_settings["database"]}"
run_locally "rsync --recursive --times --rsh=ssh --compress --human-readable --progress #{user}@#{domain}:#{current_path}/tmp/#{remote_settings["database"]}_dump tmp/"
run_locally "dropdb -U #{local_settings["username"]} --host=#{local_settings["host"]} --port=#{local_settings["port"]} #{local_settings["database"]}"
run_locally "createdb -U #{local_settings["username"]} --host=#{local_settings["host"]} --port=#{local_settings["port"]} -T template0 #{local_settings["database"]}"
run_locally "pg_restore -U #{local_settings["username"]} --host=#{local_settings["host"]} --port=#{local_settings["port"]} -d #{local_settings["database"]} tmp/#{remote_settings["database"]}_dump"
end
desc "Dump all remote data to localhost"
task :all do
# update.shared
update.postgresql
end
end

10
config/deploy/production.rb.sample Normal file
View File

@ -0,0 +1,10 @@
# -*- encoding : utf-8 -*-
require "whenever/capistrano"
set :branch, "master"
set :domain, "0.0.0.0"
role :app, domain
role :web, domain
role :db, domain, :primary => true

2
config/initializers/a_app_config.rb Normal file
View File

@ -0,0 +1,2 @@
# -*- encoding : utf-8 -*-
APP_CONFIG = YAML.load_file("#{Rails.root}/config/application.yml")[Rails.env]

4
config/initializers/airbrake.rb Normal file
View File

@ -0,0 +1,4 @@
# -*- encoding : utf-8 -*-
Airbrake.configure do |config|
config.api_key = APP_CONFIG['keys']['airbrake_api_key']
end rescue nil

203
config/initializers/devise.rb Normal file
View File

@ -0,0 +1,203 @@
# -*- encoding : utf-8 -*-
# Use this hook to configure devise mailer, warden hooks and so forth. The first
# four configuration values can also be set straight in your models.
Devise.setup do |config|
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in Devise::Mailer,
# note that it will be overwritten if you use your own mailer class with default "from" parameter.
config.mailer_sender = "Rosa Build <no-reply@npp-build.rosalab.ru>"
# Configure the class responsible to send e-mails.
# config.mailer = "Devise::Mailer"
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
# ==> Configuration for any authentication mechanism
# Configure which keys are used when authenticating a user. The default is
# just :email. You can configure it to use [:username, :subdomain], so for
# authenticating a user, both parameters are required. Remember that those
# parameters are used only when authenticating and not when retrieving from
# session. If you need permissions, you should implement that in a before filter.
# You can also supply a hash where the value is a boolean determining whether
# or not authentication should be aborted when the value is not present.
config.authentication_keys = [ :login ]
# Configure parameters from the request object used for authentication. Each entry
# given should be a request method and it will automatically be passed to the
# find_for_authentication method and considered in your model lookup. For instance,
# if you set :request_keys to [:subdomain], :subdomain will be used on authentication.
# The same considerations mentioned for authentication_keys also apply to request_keys.
# config.request_keys = []
# Configure which authentication keys should be case-insensitive.
# These keys will be downcased upon creating or modifying a user and when used
# to authenticate or find a user. Default is :email.
config.case_insensitive_keys = [ :email, :uname ]
# Configure which authentication keys should have whitespace stripped.
# These keys will have whitespace before and after removed upon creating or
# modifying a user and when used to authenticate or find a user. Default is :email.
config.strip_whitespace_keys = [ :email, :uname ]
# Tell if authentication through request.params is enabled. True by default.
# config.params_authenticatable = true
# Tell if authentication through HTTP Basic Auth is enabled. False by default.
config.http_authenticatable = true
# If http headers should be returned for AJAX requests. True by default.
# config.http_authenticatable_on_xhr = true
# The realm used in Http Basic Authentication. "Application" by default.
# config.http_authentication_realm = "Application"
# It will change confirmation, password recovery and other workflows
# to behave the same regardless if the e-mail provided was right or wrong.
# Does not affect registerable.
# config.paranoid = true
# ==> Configuration for :database_authenticatable
# For bcrypt, this is the cost for hashing the password and defaults to 10. If
# using other encryptors, it sets how many times you want the password re-encrypted.
#
# Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
# a value less than 10 in other environments.
config.stretches = Rails.env.test? ? 1 : 10
# Setup a pepper to generate the encrypted password.
config.pepper = APP_CONFIG['keys']['devise_pepper']
# ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without
# confirming his account. For instance, if set to 2.days, the user will be
# able to access the website for two days without confirming his account,
# access will be blocked just in the third day. Default is 0.days, meaning
# the user cannot access the website without confirming his account.
# config.allow_unconfirmed_access_for = 2.days
# Defines which key will be used when confirming an account
# config.confirmation_keys = [ :email ]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
# config.remember_for = 2.weeks
# If true, extends the user's remember period when remembered via cookie.
# config.extend_remember_period = false
# Options to be passed to the created cookie. For instance, you can set
# :secure => true in order to force SSL only cookies.
# config.cookie_options = {}
# ==> Configuration for :validatable
# Range for password length. Default is 6..128.
# config.password_length = 6..128
# Email regex used to validate email formats. It simply asserts that
# an one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity.
# config.email_regexp = /\A[^@]+@[^@]+\z/
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes.
# config.timeout_in = 30.minutes
# ==> Configuration for :lockable
# Defines which strategy will be used to lock an account.
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
# :none = No lock strategy. You should handle locking by yourself.
config.lock_strategy = :none
# Defines which key will be used when locking and unlocking an account
# config.unlock_keys = [ :email ]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
# :time = Re-enables login after a certain amount of time (see :unlock_in below)
# :both = Enables both strategies
# :none = No unlock strategy. You should handle unlocking by yourself.
config.unlock_strategy = :none
# Number of authentication tries before locking an account if lock_strategy
# is failed attempts.
# config.maximum_attempts = 20
# Time interval to unlock the account if :time is enabled as unlock_strategy.
# config.unlock_in = 1.hour
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
# config.reset_password_keys = [ :email ]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 2.hours
# ==> Configuration for :encryptable
# Allow you to use another encryption algorithm besides bcrypt (default). You can use
# :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
# :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
# and :restful_authentication_sha1 (then you should set stretches to 10, and copy
# REST_AUTH_SITE_KEY to pepper)
# config.encryptor = :sha512
# ==> Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = :token
config.skip_session_storage = [:token_auth, :http_auth]
# ==> Scopes configuration
# Turn scoped views on. Before rendering "sessions/new", it will first check for
# "users/sessions/new". It's turned off by default because it's slower if you
# are using only default views.
# config.scoped_views = false
# Configure the default scope given to Warden. By default it's the first
# devise role declared in your routes (usually :user).
# config.default_scope = :user
# Configure sign_out behavior.
# Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
# The default is true, which means any logout action will sign out all active scopes.
# config.sign_out_all_scopes = true
# ==> Navigation configuration
# Lists the formats that should be treated as navigational. Formats like
# :html, should redirect to the sign in page when the user does not have
# access, but formats like :xml or :json, should return 401.
#
# If you have any extra navigational formats, like :iphone or :mobile, you
# should add them to the navigational formats lists.
#
# The :"*/*" and "*/*" formats below is required to match Internet
# Explorer requests.
# config.navigational_formats = [:"*/*", "*/*", :html]
# The default HTTP method used to sign out a resource. Default is :delete.
config.sign_out_via = :delete
# ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', :scope => 'user,public_repo'
require 'openid/store/filesystem'
config.omniauth :openid, :name => 'open_id' #, :store => OpenID::Store::Filesystem.new('./tmp')
# ==> Warden configuration
# If you want to use other strategies, that are not supported by Devise, or
# change the failure app, you can configure them inside the config.warden block.
#
# config.warden do |manager|
# manager.failure_app = AnotherApp
# manager.intercept_401 = false
# manager.default_strategies(:scope => :user).unshift :some_external_strategy
# end
end

8
config/initializers/secret_token.rb Normal file
View File

@ -0,0 +1,8 @@
# -*- encoding : utf-8 -*-
# Be sure to restart your server when you modify this file.
# Your secret key for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
Rosa::Application.config.secret_token = APP_CONFIG['keys']['secret_token']

2
config/initializers/setup.rb
View File

@ -1,6 +1,4 @@
# -*- encoding : utf-8 -*- # -*- encoding : utf-8 -*-
APP_CONFIG = YAML.load_file("#{Rails.root}/config/application.yml")[Rails.env]
Dir[Rails.root.join("lib/ext/**/*.rb")].each {|f| require f} Dir[Rails.root.join("lib/ext/**/*.rb")].each {|f| require f}
require 'modules' require 'modules'
require 'plugins' require 'plugins'

227
config/newrelic.yml.sample Normal file
View File

@ -0,0 +1,227 @@
#
# This file configures the New Relic Agent. New Relic monitors
# Ruby, Java, .NET, PHP, and Python applications with deep visibility and low overhead.
# For more information, visit www.newrelic.com.
#
# Generated January 26, 2012
#
# This configuration file is custom generated for Rosalab
# Here are the settings that are common to all environments:
common: &default_settings
# ============================== LICENSE KEY ===============================
# You must specify the license key associated with your New Relic
# account. This key binds your Agent's data to your account in the
# New Relic service.
license_key: 'license_key'
# Agent Enabled (Ruby/Rails Only)
# Use this setting to force the agent to run or not run.
# Default is 'auto' which means the agent will install and run only
# if a valid dispatcher such as Mongrel is running. This prevents
# it from running with Rake or the console. Set to false to
# completely turn the agent off regardless of the other settings.
# Valid values are true, false and auto.
# agent_enabled: auto
# Application Name
# Set this to be the name of your application as you'd like it show
# up in New Relic. New Relic will then auto-map instances of your application
# into a New Relic "application" on your home dashboard page. If you want
# to map this instance into multiple apps, like "AJAX Requests" and
# "All UI" then specify a semicolon-separated list of up to three
# distinct names. If you comment this out, it defaults to the
# capitalized RAILS_ENV (i.e., Production, Staging, etc)
app_name: ABF
# When "true", the agent collects performance data about your
# application and reports this data to the New Relic service at
# newrelic.com. This global switch is normally overridden for each
# environment below. (formerly called 'enabled')
monitor_mode: true
# Developer mode should be off in every environment but
# development as it has very high overhead in memory.
developer_mode: false
# The newrelic agent generates its own log file to keep its logging
# information separate from that of your application. Specify its
# log level here.
log_level: info
# The newrelic agent communicates with the New Relic service via http by
# default. If you want to communicate via https to increase
# security, then turn on SSL by setting this value to true. Note,
# this will result in increased CPU overhead to perform the
# encryption involved in SSL communication, but this work is done
# asynchronously to the threads that process your application code,
# so it should not impact response times.
ssl: false
# EXPERIMENTAL: enable verification of the SSL certificate sent by
# the server. This setting has no effect unless SSL is enabled
# above. This may block your application. Only enable it if the data
# you send us needs end-to-end verified certificates.
#
# This means we cannot cache the DNS lookup, so each request to the
# New Relic service will perform a lookup. It also means that we cannot
# use a non-blocking lookup, so in a worst case, if you have DNS
# problems, your app may block indefinitely.
# verify_certificate: true
# Set your application's Apdex threshold value with the 'apdex_t'
# setting, in seconds. The apdex_t value determines the buckets used
# to compute your overall Apdex score.
# Requests that take less than apdex_t seconds to process will be
# classified as Satisfying transactions; more than apdex_t seconds
# as Tolerating transactions; and more than four times the apdex_t
# value as Frustrating transactions.
# For more about the Apdex standard, see
# http://newrelic.com/docs/general/apdex
apdex_t: 0.5
# Proxy settings for connecting to the New Relic server.
#
# If a proxy is used, the host setting is required. Other settings
# are optional. Default port is 8080.
#
# proxy_host: hostname
# proxy_port: 8080
# proxy_user:
# proxy_pass:
# Tells transaction tracer and error collector (when enabled)
# whether or not to capture HTTP params. When true, frameworks can
# exclude HTTP parameters from being captured.
# Rails: the RoR filter_parameter_logging excludes parameters
# Java: create a config setting called "ignored_params" and set it to
# a comma separated list of HTTP parameter names.
# ex: ignored_params: credit_card, ssn, password
capture_params: false
# Transaction tracer captures deep information about slow
# transactions and sends this to the New Relic service once a
# minute. Included in the transaction is the exact call sequence of
# the transactions including any SQL statements issued.
transaction_tracer:
# Transaction tracer is enabled by default. Set this to false to
# turn it off. This feature is only available at the Professional
# product level.
enabled: true
# Threshold in seconds for when to collect a transaction
# trace. When the response time of a controller action exceeds
# this threshold, a transaction trace will be recorded and sent to
# New Relic. Valid values are any float value, or (default) "apdex_f",
# which will use the threshold for an dissatisfying Apdex
# controller action - four times the Apdex T value.
transaction_threshold: apdex_f
# When transaction tracer is on, SQL statements can optionally be
# recorded. The recorder has three modes, "off" which sends no
# SQL, "raw" which sends the SQL statement in its original form,
# and "obfuscated", which strips out numeric and string literals.
record_sql: obfuscated
# Threshold in seconds for when to collect stack trace for a SQL
# call. In other words, when SQL statements exceed this threshold,
# then capture and send to New Relic the current stack trace. This is
# helpful for pinpointing where long SQL calls originate from.
stack_trace_threshold: 0.500
# Determines whether the agent will capture query plans for slow
# SQL queries. Only supported in mysql and postgres. Should be
# set to false when using other adapters.
# explain_enabled: true
# Threshold for query execution time below which query plans will not
# not be captured. Relevant only when `explain_enabled` is true.
# explain_threshold: 0.5
# Error collector captures information about uncaught exceptions and
# sends them to New Relic for viewing
error_collector:
# Error collector is enabled by default. Set this to false to turn
# it off. This feature is only available at the Professional
# product level.
enabled: true
# Rails Only - tells error collector whether or not to capture a
# source snippet around the place of the error when errors are View
# related.
capture_source: true
# To stop specific errors from reporting to New Relic, set this property
# to comma-separated values. Default is to ignore routing errors,
# which are how 404's get triggered.
ignore_errors: ActionController::RoutingError
# (Advanced) Uncomment this to ensure the CPU and memory samplers
# won't run. Useful when you are using the agent to monitor an
# external resource
# disable_samplers: true
# If you aren't interested in visibility in these areas, you can
# disable the instrumentation to reduce overhead.
#
# disable_view_instrumentation: true
# disable_activerecord_instrumentation: true
# disable_memcache_instrumentation: true
# disable_dj: true
# Certain types of instrumentation such as GC stats will not work if
# you are running multi-threaded. Please let us know.
# multi_threaded = false
# Application Environments
# ------------------------------------------
# Environment-specific settings are in this section.
# For Rails applications, RAILS_ENV is used to determine the environment.
# For Java applications, pass -Dnewrelic.environment <environment> to set
# the environment.
# NOTE if your application has other named environments, you should
# provide newrelic configuration settings for these environments here.
development:
<<: *default_settings
# Turn off communication to New Relic service in development mode (also
# 'enabled').
# NOTE: for initial evaluation purposes, you may want to temporarily
# turn agent communication on in development mode.
monitor_mode: false
# Rails Only - when running in Developer Mode, the New Relic Agent will
# present performance information on the last 100 transactions you have
# executed since starting the app server.
# NOTE: There is substantial overhead when running in developer mode.
# Do not use for production or load testing.
developer_mode: true
# Enable textmate links
# textmate: true
test:
<<: *default_settings
# It almost never makes sense to turn on the agent when running
# unit, functional or integration tests or the like.
monitor_mode: false
# Turn on the agent in production for 24x7 monitoring. New Relic
# testing shows an average performance impact of < 5 ms per
# transaction, so you can leave this on all the time without
# incurring any user-visible performance degradation.
production:
<<: *default_settings
monitor_mode: true
# Many applications have a staging environment which behaves
# identically to production. Support for that environment is provided
# here. By default, the staging environment has the agent turned on.
staging:
<<: *default_settings
monitor_mode: true
app_name: ABF (Staging)