per-user dev virtual hosts on crm-int-01 / civicrm

so i discussed some problems with the deployment process on crm-int with @eric today. some background: they do not have a local development, partly because that is their process, but also because we do not want to exfiltrate that confidential user database out of the server. GR had a process that would sanitize that database before extraction, but we actually like the idea of just not relying on that process at all in the future, so dev actually happens on the TPO servers now.

(there's something to be said about having a separate dev server too, but that's another story.)

one major problem with the current setup is that the dev/stage/prod directories are only accessible to the role user, torcivicrm. so right now what's happening is that the Openflows people are committing as the role user, which show up like this:

commit d3734709d2418c54619e8caeb0dba733406fe94c
Author: torcivicrm role account <torcivicrm@crm-int-01.torproject.org>
Date:   Fri May 28 22:33:27 2021 +0000

    moving modified files to custom directory instead of modified core civi files

and that's ... not great.

one way around that problem would be to have per-user development sites. so instead of having a single htdocs-dev site, you could have (say) htdocs-dev-lottie, and htdocs-dev-ericg sites. each site would be owned by their respective users, and therefore could commit with the right username (and push with those credentials as well). those would not be owned by the torcivicrm group: that would be reserved the stage/prod deployments.

those could map to, say dev-lottie.crm.torproject.org and dev-ericg.crm.torproject.org as websites.

comits would flow from those "dev" sites to the staging sites by way of the git repository: commits would be pushed there as the "dev users" (e.g. lottie and ericg) and pulled as the role user (ie. torcivicrm).

does that make sense?

this is a lighter version of #40262 (closed).