-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4be026c
commit c1d1104
Showing
1 changed file
with
50 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| # NYTimes Tech Guild Library | ||
|
|
||
| This repository is responsible for the configuration and deployment | ||
| of the [Library](https://github.com/nytimes/library.git) instance | ||
| for the NYTimes Tech Guild. As of 12/23/2022, this repository actually | ||
| deploys the | ||
| [newsguildny/library](https://github.com/newsguildny/library.git) | ||
| fork of Library in order to support hosting Library at a subpath of | ||
| [https://nytimesguild.org/](nytimesguild.org). Once | ||
| [the PR](https://github.com/nytimes/library/pull/334) to add this | ||
| support upstream is merged, the .github/workflows/deploy.yml | ||
| configuration can be updated to use the upstream repo. | ||
|
|
||
| ## How it works | ||
|
|
||
| ### Customizing Library | ||
|
|
||
| The docs for how customization works in Library can be found | ||
| [here](https://github.com/nytimes/library/blob/master/custom/README.md). | ||
|
|
||
| The `styles/` directory and `strings.yaml` file are the standard | ||
| UI customization entrypoints. Changes to these files will change the | ||
| styles and markup rendered by the Library backend. | ||
|
|
||
| ### User authentication | ||
|
|
||
| By default, Library uses Google OAuth and passport to authenticate users. | ||
| For our NYTimes Guild Library sites, we prefer to use Google's | ||
| [Identity-Aware Proxy](https://cloud.google.com/iap/docs/concepts-overview) | ||
| (IAP), which allows us to give arbitrary principals (in the form of | ||
| individual users and Google groups) access to each Library instance as | ||
| needed, through the Google Cloud Console. | ||
|
|
||
| IAP executes its own OAuth flow, so we implement our own custom | ||
| `userAuth.js` that simply validates the JWT authentication tokens it | ||
| receives from IAP. | ||
|
|
||
| ### Deployment | ||
|
|
||
| This repo also contains a GitHub Action for deploying the Library instance | ||
| to Google App Engine. The load balancer and IAP are configured separately | ||
| in GCP; this repo is only concerned with deploying this App Engine service. | ||
|
|
||
| The actual application code for Library doesn't live in this repository; | ||
| instead, the Action clones the Library repo and configures this repo as the | ||
| customization repo. | ||
|
|
||
| The Action configures the deployed environment via a `.env` file. The values | ||
| are all either hard coded or stored in GitHub Repository Secrets. It then uses | ||
| the GCloud CLI to deploy the app. |