Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve support for multiple environments (e.g., dev, staging, prod) #416

Open
hispanic opened this issue Mar 21, 2021 · 0 comments
Open

Improve support for multiple environments (e.g., dev, staging, prod) #416

hispanic opened this issue Mar 21, 2021 · 0 comments

Comments

@hispanic
Copy link

Staticman is architected with two configuration files:

  1. A YAML-formatted "site/repo" file that is meant to be found in a git service (such as GitHub or GitLab).
  2. A JSON-formatted "server" file (which may be overridden/supplemented using environmental variables).

With this architecture, multiple web sites (each with their own source git repository) may leverage a single "community" Staticman instance. Unfortunately, this architecture hinders the implementation of a more "robust" development lifecycle that features promotion through, for example, development, test, staging, and production environments.

For example, the schema for the YAML-formatted "site/repo" file currently requires that a value be set for the branch property and defaults to master. However, this precludes the ability for the YAML-formatted "site/repo" file to be promoted, without change, on the way to production. Similarly, with Staticman currently only allowing for Akismet to be enabled/disabled via the akismet.enabled property in the YAML-formatted "site/repo" file, Akismet cannot be cleanly disabled in dev or test (but remain enabled in prod) without requiring a modification to source code during code promotion.

In order to address this shortcoming, several properties should be added to the schema for the JSON-formatted "server" file, which could be shadowed by their YAML-formatted "site/repo" file counterparts:

  • akismet.enabled
  • branch
  • githubWebhookSecret
  • gitlabWebhookSecret

The goal would be to allow for any environment-specific configuration to be specified someplace other than the YAML-formatted "site/repo" file.

Once support for multiple environments is improved, a follow-on concern is cross-talk between tiers/layers of different environments. For example:

  • A dev site accidentally pointed at a prod Staticman instance.
  • A staging Staticman instance pointing at a prod Mailgun mailing list.
  • Webhooks triggered on a dev branch being processed by a prod Staticman instance.

In order to prevent/identify this cross-talk, logic checks should be added to the codebase. For example:

  • Verify that the branch specified in the webhook payload matches the value specified in the configuration(s).
  • Verify that the branch specified in the REST request matches the value specified in the configuration(s).
  • Verify that the origin request header sent to the entry endpoint matches one or more expected values.

Beyond preventative steps, the various artifacts generated by Staticman could be "tagged" with their source environment. For example:

  • Name and subject in notification emails.
  • Content and commit messages in pull/merge requests.
  • Address, name, and description in mailing lists.

This would make it obvious which notification emails, pull/merge requests, and mailing lists are aligned with which environments.
hispanic pushed a commit to hispanic/staticwoman that referenced this issue Mar 21, 2021
Address Staticman issue eduardoboucas#416 - "Improve support for mult…
db62e71 
…iple environments (e.g., dev, staging, prod)"

- Add configuration properties that allow for code promotion (without modification of staticman.yml) through different environments.
- Add logic checks that help prevent cross-talk between tiers/layers of different environments. For example, Staticman dev and Mailgun prod.
- Flag config properties as sensitive, where appropriate.
- Prepend various artifacts such as commit messages, mailing list addresses, email subjects, etc. with a value to help identify the source environment.
- Allow for the "entry" endpoint to be "locked down" to specific origins.
@hispanic hispanic mentioned this issue Mar 21, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hispanic