Skip to content

Latest commit

 

History

History
87 lines (68 loc) · 4.32 KB

README.md

File metadata and controls

87 lines (68 loc) · 4.32 KB

Starter Kit

Deploy to Heroku

Setup

Pick one member of the team to own the repository and pipeline. That person should do the following:

  1. Click the "Use this template" button above (see GitHub's docs) to create your team repository, select "Include all branches" and name it something appropriate for your project.
  2. In your new repo, go to "Settings", then "Branches", then switch the default branch to postgres (optional: you can now delete the old main branch and rename postgres to main, master or whatever else you'd like) - see GitHub's docs again
  3. In your repo, click the "Deploy to Heroku" button at the top of the README and create a Heroku account when prompted.
  4. Fill in the name of the application, select Europe and then click "Deploy App".
  5. Once it has deployed successfully, click the "Manage app" button to view the application details.
  6. Go to the "Deploy" tab, select "Connect to GitHub" and choose your repo.
  7. Click "Enable automatic deploys".

Whenever you commit to main (or e.g. merge a pull request) it will get automatically deployed!

You should now make sure all of the project team are collaborators on the repository.

Scripts

Various scripts are provided in the package file, but many are helpers for other scripts; here are the ones you'll commonly use:

  • dev: starts the frontend and backend in dev mode, with file watching (note that the backend runs on port 3100, and the frontend is proxied to it).
  • lint: runs ESLint and Prettier against all the code in the project.
  • serve: builds and starts the app in production mode locally.

Debugging

While running the dev mode using npm run dev, you can attach the Node debugger to the server process via port 9229. If you're using VS Code, a debugging configuration is provided for this.

There is also a VS Code debugging configuration for the Chrome debugger, which requires the recommended Chrome extension, for debugging the client application.

Security

If the project handles any kind of Personally Identifiable Information (PII) then make sure the following principles are followed:

  • Only collect strictly necessary PII;
  • Access to PII should be as restricted as possible;
  • Access to PII should only be possible after authentication. Authentication must be done via GitHub. Ad hoc authentication solutions are not allowed;
  • Admins must be able to control who has access to the platform and at which levels using only GitHub groups;
  • There must be an audit mechanism in place. It is required by law to know who accessed what and when;
  • Code must be reviewed by senior developers before being pushed to production;
  • APIs must be secure. Make sure we are not handling security on the frontend.

Troubleshooting

See the guidance in the wiki.