When we started this journey, I had the following requirements to open this repository:
- All machines need to be completely automated (provisioned using terraform/ansible/puppet/docker), with automated security patches. In case I lose one machine, it doesn’t require me any special knowledge to recreate them
- All systems that store relevant data should have backups, stored off site
- All passwords and secrets used previously needed to be rotated.
With a ton of help from @permissionerror, we finally managed to do it! I cannot express how happy I am!
- we upgraded docker, ansible and puppet to recent versions (cc @raff and @burke)
- we migrated all machines from Digital Ocean (one less thing to pay for)
- there’s only one private repository in our github, but I think it should be either public or moved to our archive (cc @dkayiwa). That could allow us to stop paying for Github as well.
- I rotated a bunch of passwords in our CI. Let me know if any of them breaks:
- Maven repository credentials
- transifex credentials
- sonar credentials
- sourceforge deployment key
- github write permissions
- ssh key for internal servers (deployment)
Let me know if you find any issues.