- A static website using a generator (like Jekyll)
- Comments are in a folder, one comment = one JSON file (attached to article based on path + filename)
- website is versionned using git, repository hosted by github (cool for pull-requests)
OK here we need some dynamism ;)
- A light server listening on port X, Nginx redirects "/comments" to this port (or whatever)
- When receiving a new comment, here are the steps:
- validate input
- create the comment:
- go to a local git clone of website repository (not the served one, that could be dangerous)
- git stash -u -k
- git checkout -b comment-XXX (may use a UUID here)
- create the new JSON file for comment, unicity must be guaranteed to ease merging (use UUID)
- git add
- git commit
- git checkout original-branch
- git stash pop
- git push origin comment-XXX
- create the pull request:
- use github API to create a PR comment-XXX → master (with some nice info in title & body, like "comment from … about …")
- as we're here, assign the PR and add a nice label ("comments")
Moderation consists of:
- Accept comment = merge PR
- Edit comment = local checkout, edit, commit, push, then merge
- Refuse comment = close PR
Edition is not nice in this scenario, but it's the most rare action.
We need to regenerate the website, but this could be automated!
- The same light server could also accept GitHub payloads
- We just have to declare the web hook in github repository
- When a push is received from merging a pull-request with head like "comment-…", we know it's a new comment
- go to the specific repository (you know, not the one in production)
- git pull
- regenerate files
- copy new files (typically 2: the blog post and the comments rss) to production
And yes, this is the right place to talk about continuous integration of your static website ;)
- Beware the dead locks when working on git repository. We may duplicate repositories, clone, keep a lock, whatever, but think about it.
- All comments must be moderated. Extra work :( but we could easily add another bot here that will automatically merge pull requests from trusted users.
- GitHub is notably unreliable: APIs not responding quite often, so when a PR cannot be created for some reason, it must be kept somewhere to try again later.
It's all good:
- Posting a comment can be done with no JS at all (the server just has to answer with a 302)
- List of comments is static HTML, glory :)