- Full stack ES8+ with Babel
- Node LTS support (verified working on 14.x, 16.x and 18.x LTS releases)
- Express server
- Logging with Winston and Morgan
- React client with Webpack
- Client-side routing with React Router
- Linting with ESLint and Prettier
- Dev mode (watch modes for client and server, proxy to avoid CORS issues)
- Production build (single deployment artifact, React loaded via CDN)
- Render deployment
- Cloud Foundry deployment
- Docker build
- Postgres database with node-postgres
Pick one member of the team to own the repository and pipeline. That person should do the following:
- Click the "Use this template" button above (see GitHub's docs) to create your team repository and name it something appropriate for your project.
- In your repo, click the "Deploy to Render" button at the top of the README and log in using GitHub when prompted.
- Fill in a service group name for your application and then click "Apply".
- Once it has deployed successfully, click the "managed resources" link to view the application details.
Whenever you commit to main (or e.g. merge a pull request) it will get automatically deployed!
You should now make sure all of the project team are collaborators on the repository.
Various scripts are provided in the package file, but many are helpers for other scripts; here are the ones you'll commonly use:
dev: starts the frontend and backend in dev mode, with file watching (note that the backend runs on port 3100, and the frontend is proxied to it).lint: runs ESLint and Prettier against all the code in the project.serve: builds and starts the app in production mode locally.
While running the dev mode using npm run dev, you can attach the Node debugger to the server process via port 9229.
If you're using VS Code, a debugging configuration is provided for this.
There is also a VS Code debugging configuration for the Chrome debugger, which requires the recommended Chrome extension, for debugging the client application.
If the project handles any kind of Personally Identifiable Information (PII) then make sure the following principles are followed:
- Only collect strictly necessary PII;
- Access to PII should be as restricted as possible;
- Access to PII should only be possible after authentication. Authentication must be done via GitHub. Ad hoc authentication solutions are not allowed;
- Admins must be able to control who has access to the platform and at which levels using only GitHub groups;
- There must be an audit mechanism in place. It is required by law to know who accessed what and when;
- Code must be reviewed by senior developers before being pushed to production;
- APIs must be secure. Make sure we are not handling security on the frontend.
See the guidance in the wiki.