can we make opennews.org work via https?

[ryanpitts]

Currently sad-facing: https://opennews.org

[jbuck]

Looking at the configuration here, opennews.org is a static site hosted on S3. Switching this over to HTTPS will be easy to do with Cloudfront.

• Get a certificate for opennews.org
• Upload cert to AWS
• Create cloudfront distribution for opennews.org
• Point opennews.org DNS at cloudfront distro

[ryanpitts]

Nice!

[jbuck]

I've placed the certificate request with Digicert and filed a tracking bug in Bugzilla so MoCo can track it there: https://bugzilla.mozilla.org/show_bug.cgi?id=1161705 . It needs Extended Validation approval so it might take a bit longer to get this certificate processed.

[jbuck]

@ryanpitts Okay, I'm finally ready to roll on this. Looking at https://github.com/mozilla/mozilla-opennews I think the best way to get this rolling would be to setup Travis CI to handle deployment to S3. This is a change from your current Jenkins-based deployment though. How would you and the Open News gang feel about that?

[ryanpitts]

I think we'd feel pretty great about that -- one question, though. Is there an API endpoint that we can hit to trigger a build?

That was one of the nice discoveries about Jenkins, that you can enable an endpoint to trigger builds. Currently we have automatic deploy to staging upon changes to the repo, and then we have a Slackbot to trigger deploy to prod by hitting the Jenkins endpoint. Could we replicate that kind of workflow?

[ryanpitts]

Also, I bet you already know all this, but this guide to serving an S3 site via SSL was interesting to me: http://knightlab.northwestern.edu/2015/05/21/implementing-ssl-on-amazon-s3-static-websites/

[jbuck]

@ryanpitts That's exactly how I deploy all of our static sites now, I just do it with a cloudformation template: https://github.com/MozillaFoundation/mofo-devops/blob/master/AWS/cloudformation-templates/s3-and-cloudfront.json

[jbuck]

@ryanpitts that should be possible, though I'm not entirely certain how. What we've done for other sites is have two branches, one for staging, and one for production. And configure Travis to deploy to the appropriate environment based on the branch name.

Doing some sort of external trigger to deploy to production sounds neat, I'd like to figure out how to do that!

[ryanpitts]

Super easy with the /build endpoint in Jenkins: https://github.com/ryanpitts/membot/blob/master/membot/apps/membot/commands/build_opennews_site.py

We have a Slackbot that responds to commands like this:

[jbuck]

@ryanpitts Okay, I've edited the deploy script on jenkins so this all works now. Hooray!

[ryanpitts]

Whoa look at that! Awesome, thanks @jbuck!