Preview and Production Deployments

Important GitHub Actions

reviewdog: used to lint and format code
amondnet/vercel-action: used for preview and production deployments in Vercel

Vercel

The tech team uses Vercel to host deployments of the IrvineHacks website. We use the amondnet/vercel-action to trigger a preview deployment on every push to a branch that has a pull request open. Once the pull request is merged, a production deployment will be triggered.

Staging Domain

Authentication is notoriously difficult to test on preview deployments as it is not possible to configure UCI Shibboleth to redirect logins on a preview deployment back to the exact same preview deployment. Thus, we set up a staging domain located at https://staging.irvinehacks.com and configured Shibboleth logins on staging to redirect back on this domain. However, it is still possible to log in as a guest and test many of the features that require a user to be logged in.

It is possible to assign the staging domain to a preview deployment although to process to do so is somewhat cumbersome. For some reason that is still unknown to us, the vercel alias command of the Vercel CLI is supposed to accomplish this, yet the command fails because Vercel believes we do not have access to this domain, despite it already being valid and verified in the Vercel GUI. The workaround we have discovered is to directly send a request to Vercel's API to change the domain.

Environment Variables

For deployment, the following environment variables need to be set in Vercel:

PYTHONPATH=src/api to properly import Python modules
SP_KEY, the private key for SAML authentication
JWT_KEY, the secret key used to sign JWTs
AUTH_KEY_SALT, the salt used when encrypting guest authentication tokens
SENDGRID_API_KEY, the API key needed to use the SendGrid API
RESUMES_FOLDER_ID, the ID of the Google Drive folder to upload to
Either SERVICE_ACCOUNT_FILE or GOOGLE_SERVICE_ACCOUNT_CREDENTIALS: We use a Google service account in tandem with aiogoogle to automatically upload resumes when submitting a form. The keys are JSON that can either be stored in a file, in which case the path of the file should be stored in SERVICE_ACCOUNT_FILE, or be stored directly in GOOGLE_SERVICE_ACCOUNT_CREDENTIALS. For local development, it is recommended to take the SERVICE_ACCOUNT_FILE approach.
DOCUSIGN_HMAC_KEY, the HMAC key for validating DocuSign Connect webhook event payloads.

For staging, the following environment variables should also be set:

DEPLOYMENT=staging

For local, the following environment variables should also be set:

DEPLOYMENT=local

PreviousAdministrative Routes NextRemaining Issues

Last updated 1 year ago