From 79571eec17ad6ad71c69d092a1952d359b437145 Mon Sep 17 00:00:00 2001 From: Owen Blacker Date: Tue, 9 Jan 2024 14:56:31 +0000 Subject: [PATCH 01/10] Attempting to Dockerise -- currently hangs on installing lograge gem --- Dockerfile | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++ Gemfile | 2 +- Gemfile.lock | 7 ++++-- README.md | 8 +++---- yarn.lock | 8 +++---- 5 files changed, 81 insertions(+), 11 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..384026d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,67 @@ +ARG ruby_version=3.2 +ARG base_image=ghcr.io/alphagov/govuk-ruby-base:$ruby_version +ARG builder_image=ghcr.io/alphagov/govuk-ruby-builder:$ruby_version + +FROM $builder_image AS builder + +WORKDIR $APP_HOME +# $APP_HOME=/app + +# RUN adduser --disabled-password ruby +# RUN mkdir /node_modules && chown ruby:ruby -R /node_modules $APP_HOME +# RUN mkdir -p /usr/local/bundle && chown :ruby -R /usr/local/bundle && chmod g+w /usr/local/bundle + +#USER ruby + +COPY Gemfile* .ruby-version ./ +#COPY --chown=ruby:ruby Gemfile* .ruby-version ./ +RUN bundle install --verbose + +COPY package.json yarn.lock ./ +# COPY --chown=ruby:ruby package.json yarn.lock ./ +RUN npm ci --ignore-scripts + +## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile +# ENV RAILS_ENV="${RAILS_ENV:-production}" \ +# NODE_ENV="${NODE_ENV:-production}" \ +# PATH="${PATH}:/home/ruby/.local/bin:/node_modules/.bin" \ +# USER="ruby" \ +# REDIS_URL="${REDIS_URL:-redis://notset/}" + +# COPY --chown=ruby:ruby . . +COPY . . + +## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile +# you can't run rails commands like assets:precompile without a secret key set +# even though the command doesn't use the value itself +RUN SECRET_KEY_BASE=dummyvalue rails assets:precompile && rm -fr log + +# Remove devDependencies once assets have been built +RUN npm ci --ignore-scripts --only=production + +CMD ["bash"] + + + +FROM $base_image + +## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile +# ENV RAILS_ENV="${RAILS_ENV:-production}" \ +# PATH="${PATH}:/home/ruby/.local/bin" \ +# USER="ruby" + +ENV GOVUK_APP_NAME=re-request-an-aws-account +WORKDIR $APP_HOME + +RUN adduser --disabled-password ruby +RUN chown ruby:ruby -R $APP_HOME + +COPY --chown=ruby:ruby bin/ ./bin +RUN chmod 0755 bin/* + +COPY --chown=ruby:ruby --from=builder /usr/local/bundle /usr/local/bundle +COPY --chown=ruby:ruby --from=builder $APP_HOME $APP_HOME + +EXPOSE 3000 + +CMD ["/bin/sh", "-o", "xtrace", "-c", "rails s -b 0.0.0.0"] \ No newline at end of file diff --git a/Gemfile b/Gemfile index ac6c36f..601cfd6 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ ruby '~> 3.2.0' gem 'dotenv-rails', groups: [:development] -gem 'lograge', '~> 0.12.0' +gem 'lograge', '~> 0.14.0' gem 'logstash-event', '~> 1.2.02' gem 'notifications-ruby-client', '~> 5.4.0' gem 'octokit', '~> 6.1.0' diff --git a/Gemfile.lock b/Gemfile.lock index 201f2bd..f3bb7a8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,7 +94,7 @@ GEM listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - lograge (0.12.0) + lograge (0.14.0) actionpack (>= 4) activesupport (>= 4) railties (>= 4) @@ -123,6 +123,8 @@ GEM net-smtp (0.3.3) net-protocol nio4r (2.5.8) + nokogiri (1.14.2-arm64-darwin) + racc (~> 1.4) nokogiri (1.14.2-x86_64-linux) racc (~> 1.4) notifications-ruby-client (5.4.0) @@ -234,12 +236,13 @@ GEM zeitwerk (2.6.7) PLATFORMS + arm64-darwin-22 x86_64-linux DEPENDENCIES dotenv-rails listen (~> 3.7) - lograge (~> 0.12.0) + lograge (~> 0.14.0) logstash-event (~> 1.2.02) notifications-ruby-client (~> 5.4.0) octokit (~> 6.1.0) diff --git a/README.md b/README.md index 36ff1b8..e32d227 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Running locally This is a rails app, with dependencies managed by bundler. To run the app locally clone this repo, then: -``` +```sh bundle install npm install bundle exec rails server @@ -18,14 +18,14 @@ If you want to test the apps interaction with third party services (e.g. GitHub and GOV.UK Notify) you'll need to set up some secrets in environment variables. The easiest way to do this in development is using a `.env` file (see [.env.example](.env.example)): -``` +```sh cp .env.example .env $EDITOR .env ``` Run the tests with: -``` +```sh bundle exec rails test ``` @@ -38,6 +38,6 @@ This is continuously deployed from master [by Github Actions](https://github.com To deploy to a separate route (e.g. for testing / previewing changes) you can push to PaaS manually: -``` +```sh cf push gds-request-an-aws-account-preview ``` diff --git a/yarn.lock b/yarn.lock index 54ba9ab..800452b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2,7 +2,7 @@ # yarn lockfile v1 -"govuk-frontend@^4.5.0": - "integrity" "sha512-gZHDqf5vdlHjmx0NGJiNT12XLyR3d5KCS4AnlC3xTWOObJ0kQROrkIFyp3w4/PY3EQiYdgacVaJ6lizzygnzYw==" - "resolved" "https://registry.npmjs.org/govuk-frontend/-/govuk-frontend-4.5.0.tgz" - "version" "4.5.0" +govuk-frontend@^4.5.0: + version "4.5.0" + resolved "https://registry.npmjs.org/govuk-frontend/-/govuk-frontend-4.5.0.tgz" + integrity sha512-gZHDqf5vdlHjmx0NGJiNT12XLyR3d5KCS4AnlC3xTWOObJ0kQROrkIFyp3w4/PY3EQiYdgacVaJ6lizzygnzYw== From 43e2daa41282ac67efa034a45813031506fad3e2 Mon Sep 17 00:00:00 2001 From: Tom Broughton Date: Wed, 24 Jan 2024 10:46:03 +0000 Subject: [PATCH 02/10] simple ruby install --- Dockerfile | 69 +++++++++--------------------------------------------- 1 file changed, 11 insertions(+), 58 deletions(-) diff --git a/Dockerfile b/Dockerfile index 384026d..5fbf1c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,67 +1,20 @@ -ARG ruby_version=3.2 -ARG base_image=ghcr.io/alphagov/govuk-ruby-base:$ruby_version -ARG builder_image=ghcr.io/alphagov/govuk-ruby-builder:$ruby_version +FROM ghcr.io/alphagov/govuk-ruby-builder:3.2 AS builder -FROM $builder_image AS builder -WORKDIR $APP_HOME -# $APP_HOME=/app +# Default directory +ENV INSTALL_PATH /opt/app +RUN mkdir -p $INSTALL_PATH -# RUN adduser --disabled-password ruby -# RUN mkdir /node_modules && chown ruby:ruby -R /node_modules $APP_HOME -# RUN mkdir -p /usr/local/bundle && chown :ruby -R /usr/local/bundle && chmod g+w /usr/local/bundle +# Install rails -#USER ruby +#RUN chown -R user:user /opt/app +WORKDIR /opt/app -COPY Gemfile* .ruby-version ./ -#COPY --chown=ruby:ruby Gemfile* .ruby-version ./ -RUN bundle install --verbose +COPY . . -COPY package.json yarn.lock ./ -# COPY --chown=ruby:ruby package.json yarn.lock ./ -RUN npm ci --ignore-scripts +RUN bundle install -## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile -# ENV RAILS_ENV="${RAILS_ENV:-production}" \ -# NODE_ENV="${NODE_ENV:-production}" \ -# PATH="${PATH}:/home/ruby/.local/bin:/node_modules/.bin" \ -# USER="ruby" \ -# REDIS_URL="${REDIS_URL:-redis://notset/}" -# COPY --chown=ruby:ruby . . -COPY . . -## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile -# you can't run rails commands like assets:precompile without a secret key set -# even though the command doesn't use the value itself -RUN SECRET_KEY_BASE=dummyvalue rails assets:precompile && rm -fr log - -# Remove devDependencies once assets have been built -RUN npm ci --ignore-scripts --only=production - -CMD ["bash"] - - - -FROM $base_image - -## From https://github.com/alphagov/forms-runner/blob/main/Dockerfile -# ENV RAILS_ENV="${RAILS_ENV:-production}" \ -# PATH="${PATH}:/home/ruby/.local/bin" \ -# USER="ruby" - -ENV GOVUK_APP_NAME=re-request-an-aws-account -WORKDIR $APP_HOME - -RUN adduser --disabled-password ruby -RUN chown ruby:ruby -R $APP_HOME - -COPY --chown=ruby:ruby bin/ ./bin -RUN chmod 0755 bin/* - -COPY --chown=ruby:ruby --from=builder /usr/local/bundle /usr/local/bundle -COPY --chown=ruby:ruby --from=builder $APP_HOME $APP_HOME - -EXPOSE 3000 - -CMD ["/bin/sh", "-o", "xtrace", "-c", "rails s -b 0.0.0.0"] \ No newline at end of file +# Run a shell +CMD ["/bin/bash"] From a50e02113b06a7a6cfa2c5041a70e80631ec4bb2 Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Wed, 24 Jan 2024 14:43:55 +0000 Subject: [PATCH 03/10] work in progress --- Dockerfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5fbf1c5..483a808 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ -FROM ghcr.io/alphagov/govuk-ruby-builder:3.2 AS builder - +FROM ruby:3.2-bullseye +RUN apt-get update && apt-get install -y nodejs npm + # Default directory ENV INSTALL_PATH /opt/app RUN mkdir -p $INSTALL_PATH @@ -13,8 +14,13 @@ WORKDIR /opt/app COPY . . RUN bundle install +RUN npm install # Run a shell -CMD ["/bin/bash"] +#CMD ["bundle", "exec", "rails", "server"] +CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0", "--port", "8888"] + + + From 566e08781a60ff7791af6313508f6c60d5a9e38e Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Thu, 1 Feb 2024 08:36:56 +0000 Subject: [PATCH 04/10] Yaml file for GHCR --- .github/workflows/ghcr.yml | 48 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 .github/workflows/ghcr.yml diff --git a/.github/workflows/ghcr.yml b/.github/workflows/ghcr.yml new file mode 100644 index 0000000..0810811 --- /dev/null +++ b/.github/workflows/ghcr.yml @@ -0,0 +1,48 @@ +# +name: Create and publish a Docker image + +# Configures this workflow to run every time a PR is raised to the branch called `main`. +on: + pull_request: + branches: ['main'] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} From d589ce738d87b3ce4514626924bbc07d5e56907c Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Thu, 1 Feb 2024 09:20:57 +0000 Subject: [PATCH 05/10] updated docker file --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 483a808..b702dfd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,8 @@ COPY . . RUN bundle install RUN npm install - +# Expose both port 3000 and 8888 +EXPOSE 3000 8888 # Run a shell #CMD ["bundle", "exec", "rails", "server"] From 20ed1d73d7bc5753a2ab497c7c4cdb8a3ff742a1 Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Thu, 1 Feb 2024 09:25:20 +0000 Subject: [PATCH 06/10] exposing only port 8888 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b702dfd..4613384 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ COPY . . RUN bundle install RUN npm install -# Expose both port 3000 and 8888 -EXPOSE 3000 8888 +# Expose port 8888 +EXPOSE 8888 # Run a shell #CMD ["bundle", "exec", "rails", "server"] From 611f06a11e0ecd955153e61521808df937a4104c Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Thu, 1 Feb 2024 14:24:30 +0000 Subject: [PATCH 07/10] work in progress --- .github/workflows/publish-docker-image.yaml | 61 +++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/publish-docker-image.yaml diff --git a/.github/workflows/publish-docker-image.yaml b/.github/workflows/publish-docker-image.yaml new file mode 100644 index 0000000..4d85e56 --- /dev/null +++ b/.github/workflows/publish-docker-image.yaml @@ -0,0 +1,61 @@ +name: Publish image to Docker Hub + +on: + push: + branches: + - 'main' + - 'releases/**' + +jobs: + push_to_registry: + name: Push Docker image to Docker Hub + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: governmentdigitalservice/ee-request-aws-account + tags: | + type=semver,pattern={{version}} + type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=short + type=raw,value=latest,enable={{is_default_branch}} + + - name: Output tags + run: | + echo "::notice tags: ${{steps.meta.outputs.tags}}" + + - name: Build and push Docker image + id: docker_image + uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 + with: + context: . + file: ./Dockerfile + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Push Docker image into ECR + uses: docker://ghcr.io/kciter/aws-ecr-action:latest + with: + access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + account_id: ${{ secrets.AWS_ACCOUNT_ID }} + repo: docker/repo + region: eu-west-2 + tags: latest,${{ github.sha }} + create_repo: true + image_scanning_configuration: true + set_repo_policy: true + repo_policy_file: repo-policy.json + + From 64ca392103fa0668e197efbb6e88a7f54e616d44 Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Wed, 7 Feb 2024 12:03:27 +0000 Subject: [PATCH 08/10] wip: changed port to 3000 --- .github/workflows/build.yaml | 21 +++++++++++++++++++++ Dockerfile | 4 ++-- 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..3ff796f --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,21 @@ + +name: Tests +on: + workflow_dispatch: + push: + branches: + - 'master' + - 'main' + - 'dockerise' + - 'publish-to-dockerhub' + - 'push-to-ghcr-and-ecr' + - 'dockerise-basic' + pull_request: + branches: + - 'master' + - 'main' + - 'dockerise' + - 'publish-to-dockerhub' + - 'push-to-ghcr-and-ecr' + - 'dockerise-basic' +jobs: diff --git a/Dockerfile b/Dockerfile index 483a808..9bee818 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,11 +16,11 @@ COPY . . RUN bundle install RUN npm install - +EXPOSE 3000 # Run a shell #CMD ["bundle", "exec", "rails", "server"] -CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0", "--port", "8888"] +CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0", "--port", "3000"] From c35bc85a98330506d19c508640282ea3e985020e Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Wed, 7 Feb 2024 14:11:23 +0000 Subject: [PATCH 09/10] updated Dockerfile --- Dockerfile | 5 ----- 1 file changed, 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5aefaf..9bee818 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,12 +16,7 @@ COPY . . RUN bundle install RUN npm install -<<<<<<< HEAD EXPOSE 3000 -======= -# Expose port 8888 -EXPOSE 8888 ->>>>>>> origin/dockerise-basic # Run a shell #CMD ["bundle", "exec", "rails", "server"] From 4a39637b8e699f698f9ff5e2a4b0f8042307de1b Mon Sep 17 00:00:00 2001 From: Hauwa Muhammad Date: Fri, 9 Feb 2024 14:02:02 +0000 Subject: [PATCH 10/10] upgraded octokit version from 6.1.0 to 8.1.0 --- Gemfile | 2 +- Gemfile.lock | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 601cfd6..b879109 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,7 @@ gem 'dotenv-rails', groups: [:development] gem 'lograge', '~> 0.14.0' gem 'logstash-event', '~> 1.2.02' gem 'notifications-ruby-client', '~> 5.4.0' -gem 'octokit', '~> 6.1.0' +gem 'octokit', '~> 8.1.0' gem 'omniauth-google-oauth2', '~> 1.1.1' gem 'omniauth-rails_csrf_protection', '~> 1.0.1' gem 'rails', '~> 7.0.4.3' diff --git a/Gemfile.lock b/Gemfile.lock index f3bb7a8..7b69226 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -237,6 +237,7 @@ GEM PLATFORMS arm64-darwin-22 + arm64-darwin-23 x86_64-linux DEPENDENCIES