-
Notifications
You must be signed in to change notification settings - Fork 1
Preview and Production Deployments
- reviewdog: used to lint and format code
- amondnet/vercel-action: used for preview and production deployments in Vercel
The tech team uses Vercel to host deployments of the IrvineHacks website. We use the amondnet/vercel-action to trigger a preview deployment on every push to a branch that has a pull request open. Once the pull request is merged, a production deployment will be triggered.
Authentication is notoriously difficult to test on preview deployments as it is not possible to configure UCI Shibboleth to redirect logins on a preview deployment back to the exact same preview deployment. Thus, we set up a staging domain located at https://staging.irvinehacks.com and configured Shibboleth logins on staging to redirect back on this domain. However, it is still possible to log in as a guest and test many of the features that require a user to be logged in both on the staging domain and locally provided that the developer has a SendGrid API key.
It is possible to assign the staging domain to a preview deployment although to process to do so is somewhat cumbersome. For some reason that is still unknown to us, the vercel alias command of the Vercel CLI is supposed to accomplish this, yet the command fails because Vercel believes we do not have access to this domain, despite it already being valid and verified in the Vercel GUI. The workaround we have discovered is to directly send a request to Vercel's API to change the domain.
For deployment, the following environment variables need to be set in Vercel:
-
PYTHONPATH=src/apito properly import Python modules -
SP_KEY, the private key for SAML authentication -
JWT_KEY, the secret key used to sign JWTs -
AUTH_KEY_SALT, the salt used when encrypting guest authentication tokens -
SENDGRID_API_KEY, the API key needed to use the SendGrid API -
RESUMES_FOLDER_ID, the ID of the Google Drive folder to upload to - Either
SERVICE_ACCOUNT_FILEorGOOGLE_SERVICE_ACCOUNT_CREDENTIALS: We use a Google service account in tandem withaiogoogleto automatically upload resumes when submitting a form. The keys are JSON that can either be stored in a file, in which case the path of the file should be stored inSERVICE_ACCOUNT_FILE, or be stored directly as a string inGOOGLE_SERVICE_ACCOUNT_CREDENTIALS. For local development, it is recommended to take theSERVICE_ACCOUNT_FILEapproach. -
DOCUSIGN_HMAC_KEY, the HMAC key for validating DocuSign Connect webhook event payloads.
For staging, the following environment variables should also be set:
DEPLOYMENT=staging
For developing locally, the following environment variables should also be set:
DEPLOYMENT=local