pdxdiver
commented
7 years ago Working on test cluster w/workflow: ETA 2/27/
Closed MikeTheCanuck closed 7 years ago
pdxdiver
commented
7 years ago Working on test cluster w/workflow: ETA 2/27/
MikeTheCanuck
commented
7 years ago After discussions with @BrianHGrant and @terciero tonight, it appears that hands-free methods of deploying secrets (Django secret, database password, AWS creds) still end up ultimately depending on env vars configured in the CI system of choice.
With that in mind, the simplest approach seems best: add all secrets as environment variables in the Travis repo config, and let the build proceed that way. Those secrets could eventually include:
The only challenge with this approach appears to be where to put the resulting container image. If we can push it directly to our AWS environment, then that would work great. If not, then we should investigate a private registry (which I'll file as a separate issue).
MikeTheCanuck
commented
7 years ago Background reading suggested by @terciero, for alternative approaches, includes:
MikeTheCanuck
commented
7 years ago Tonight at Budget Team meeting, @meganmckissack confirmed that we are formally authorized to start spinning up a minimal ECS footprint in which to deploy the backend containers for all projects.
We'll need @pdxdiver's assistance to issue credentials that are authorized to manage an ECS instance in the Hack Oregon organization.
pdxdiver
commented
7 years ago This is done. See https://github.com/hackoregon/backend-service-pattern
We have a minimal API stack as of this commit.
We now need to integrate with TravisCI, performing build (and whatever trivial test we can steal from another project - or Dan's assignments) and deploy.
We'll need an ECS destination and credentials to be able to make the deploy work. Is this something we are allocating across the projects at this time?