mozilla / api.webmaker.org

Services for Webmaker
https://api.webmaker.org
17 stars 14 forks source link

Setup deployment to Heroku & AWS #32

Closed thisandagain closed 9 years ago

thisandagain commented 9 years ago

We should deploy the develop and master branches to heroku on staging and production instances (respectively). I have this seutp on https://github.com/mozilla/webmaker-desktop for reference.

@jbuck re: PGSQL did you want us to use RDS or should we use Heroku's Postgres options? To keep things light I think I'd prefer to just do all of this within Heroku. Thoughts?

/cc @simonwex

jbuck commented 9 years ago

In an ideal world, webmaker-desktop never uses a database :) I think we're required to use RDS because Heroku addons have not been reviewed by opsec.

simonwex commented 9 years ago

Heroku postgres can be used provided there's no non-public PII (email addresses etc).

https://mana.mozilla.org/wiki/display/SECURITY/Heroku

thisandagain commented 9 years ago

@jbuck @simonwex Looks like we should have no problem not using a DB for webmaker-desktop .. just curious about the API. Sounds like we'll need to use RDS based on our requirements.

/cc @cadecairos

cadecairos commented 9 years ago

If I'm not mistaken, the user table will contain a username and most likely the OAuth token, so heroku postgre is probably not the place to host the DB

jbuck commented 9 years ago

the API will definitely need to be hosted on RDS

cadecairos commented 9 years ago

The nightly builds are going to break, due to the id.wmo integration that removed the hard coded testing tokens. we're going to want to make sure that the app itself gets id.wmo integration before shipping one or the other.

thisandagain commented 9 years ago

Not sure I 100% understand. We'll need to have this up and running on either environment before the end of the sprint (beta ship date). What is blocking getting a production instance up and running?

cadecairos commented 9 years ago

the android app is using hard coded tokens that the api accepted before it was integrated with id.webmaker.org

if we put the two together before adding real logins to the android app, all requests to the api it makes right now are going to 403

thisandagain commented 9 years ago

Got it. Can we keep that token as acceptable just on the staging instance? That should keep existing stable and nightly releases from breaking while avoiding strange security loopholes in production.

cadecairos commented 9 years ago

we'll have to manually hmac it with the staging secret and insert in into the database

cadecairos commented 9 years ago

Working on "Dockerizing" the app in #65

cadecairos commented 9 years ago

Before I can set up a prod env, I need a PG database on AWS and connection string (ping @jbuck)

cadecairos commented 9 years ago

Fixed by #85