Weekly engineering meeting jan 14 2020

Puru Dahal:

1. Development application.yml was exposed AGAIN after last fix. Also, this will not happen after we push encrypted credentials, but please be really careful before you upload any files, not all file upload to s3 are private. As a matter of fact 99% of our aws uploads are not private. Only app form responses are private. So please be careful.
2. Insecure S3 File Upload (public-read) vs Secure File Upload (authenticated-read)
3. This weekly engineering meeting, i would like everybody of us to setup local Rails 5.2 credentials. We will all do it together, prolly will take about 5/10 mins. https://powr.gitlab.io/docs/engineering/303

Yerassyl Diyas:

1. heroku review app: add review-app to commit message when you want review app for your mr. you deploy it manually, you and [email protected] will have access to to review app in heroku dashboard (and via heroku cli) and url will be of the form powr-review-MR_ID.herokuapp.com https://i.imgur.com/nnBIL9U.png

Puru Dahal: I think we should add all engineers or atleast leads to have access.

Yerassyl Diyas: yep, we can add all engineers, just thought that it might confuse engineer to see so many apps in his heroku dashboard

Sergey Tyan: can we make an api call to cloudflare to switch DNS?

Yerassyl Diyas: sorry, I meant to use admin interface in powr

Sergey Tyan 1.Rollout

Pilar Sterne 1.PM / Design / Marketing approval process

• ensure you get your ❤️ (PM), 🎨(design) and ✏️(marketing) emojis when relevant on your MR