Integrate Env Variable Check in Metadata Form Workflow

[sorochak]

Issue Summary

The Metadata Entry Form currently lacks a check for necessary Authentication environment variables required by Firebase functions. This can lead to deployments with missing or incorrect configurations, potentially causing runtime errors.

This issue was inspired by a similar problem encountered in cioos-siooc/metadata-entry-form#307, where the automatic GitHub issue creation feature for records submissions was found to be broken, due to missing the GITHUB_AUTH env variable. There have been other previous occurrences where functions authentication has been broken due to missing env variables.

When a maintainer deploys Firebase functions from their local machine, if their local .env is missing any required variables, the deployed functions may lose access to credentials.

Proposed Solution

To prevent such issues in our deployments, I propose updating README instructions to instruct maintainers not to deploy Firebase functions from their local, and to run the Deploy Firebase Functions workflow on their feature branch.

Since the above solution won't prevent functions from being deployed from a local machine (potentially missing env variable creds), some kind of automated environment variable check is also required.

Perhaps when a user first visits the Metadata Form, an automated check can run to ensure the Firebase functions don't have any authentication errors, if an auth error is found, then a notification mechanism (Sentry?) is triggered to alert Team members.

Required Environment Variables (can someone confirm the below list encompasses all required variables?)

• FIREBASE_TOKEN
• GMAIL_USER
• GMAIL_PASS
• DATACITE_USER
• DATACITE_PASS (unsure if USER & PASS is required, or just the Auth Hash below, I think the Auth hash contains both user and pass, the Datacite functions use DATACITE_AUTH_HASH as Auth in their Post header, but the Deploy Firebase Functions workflow includes DATACITE_USER and DATACITE_PASS but not DATACITE_AUTH_HASH - potential problem there?)
• DATACITE_AUTH_HASH
• AWS_REGION
• AWS_ACCESSKEYID
• AWS_SECRETACCESSKEY
• GITHUB_AUTH

Action Items

• Update README to include Firebase functions deployment guidelines
• Confirm list of required Environment Variables (will likely evolve over time as new features are added)
• Propose solution for automated functions creds check and notification mechanism
• Implement automated cred check and auth error notification

[sorochak]

@fostermh @n-a-t-e any input/thoughts on this issue?

[fostermh]

we could consider switching to parameterized config settings? https://firebase.google.com/docs/functions/config-env?gen=2nd#params