Updates Dockerfile to prepare for production

.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_PATH: "vendor/bundle"

.circleci/config.yml

@@ -1,21 +1,30 @@
 version: 2.1
 
+orbs:
+  docker: circleci/[email protected]
+
 jobs:
+  publish:
+    executor: docker/docker
+    steps:
+      - setup_remote_docker
+      - checkout
+      - docker/check:
+          registry: harbor.k8s.libraries.psu.edu
+      - docker/build:
+          image: library/fams-tools
+          registry: harbor.k8s.libraries.psu.edu
+          use-buildkit: true
+          tag: "$CIRCLE_SHA1"
+          extra_build_args: "--target=production"
+      - docker/push:
+          image: library/fams-tools
+          registry: harbor.k8s.libraries.psu.edu
+          tag: "$CIRCLE_SHA1"
   build:
     machine: true
     steps:
       - checkout
-      - run:
-          name: "Setup Files and Directories"
-          command: |
-            mv config/activity_insight.yml.circleci config/activity_insight.yml &&
-            mv config/database.yml.circleci config/database.yml &&
-            mv config/integration_passcode.yml.circleci config/integration_passcode.yml &&
-            mkdir app/parsing_files &&
-            mkdir spec/fixtures/post_prints &&
-            mkdir public/psu &&
-            mkdir public/log
-
       - run:
           name: "Build Container"
           command: |
@@ -31,19 +40,18 @@ jobs:
             sleep 10s &&
             docker-compose up -d
 
-      - run:
-          name: "Rubocop"
-          command: |
-            docker-compose exec web bundle exec rubocop
-
       - run:
           name: "Rspec"
           command: |
-            # download test reporter as a static binary
-            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > bin/cc-test-reporter
-            chmod +x bin/cc-test-reporter
-            # Run tests
-            docker-compose exec web bundle exec rspec
-            # Send report to Code Climate
-            bin/cc-test-reporter format-coverage -t simplecov -o codeclimate.json -p /fams_tools coverage/.resultset.json
-            bin/cc-test-reporter upload-coverage -i codeclimate.json
+            docker-compose exec web /app/bin/ci-rspec
+
+workflows:
+  version: 2
+  fams:
+    jobs:
+    - build
+    - publish:
+        requires:
+          - build
+        context:
+          - org-global

.dockerignore

@@ -1,5 +1,8 @@
 vendor/cache
+vendor/bundle
 .git
+.repos
+.cache
 public/psu
 public/log
 /log/*

.gitignore

@@ -6,6 +6,7 @@
 
 # Ignore bundler config.
 /.bundle
+!.bundle/config
 
 # Ignore the default SQLite database.
 /db/*.sqlite3
@@ -17,7 +18,6 @@
 !/log/.keep
 !/tmp/.keep
 config/secrets.yml
-config/database.yml
 spec/examples.txt
 
 /node_modules
@@ -40,3 +40,7 @@ spec/examples.txt
 /public/post_prints
 /coverage
 /vendor/bundle/**/*
+
+.env
+.cache
+.bash_history

Dockerfile

@@ -1,23 +1,53 @@
-FROM ruby:3.1.3
+FROM harbor.k8s.libraries.psu.edu/library/ruby-3.1.3-node-16:20231225 as base
+ARG UID=1001
+WORKDIR /app
 
-RUN mkdir /fams_tools
-WORKDIR /fams_tools
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-RUN apt-get clean
-RUN apt-get update
-# For zipping and unzipping
-RUN apt-get install -y zip unzip
-# Packages for webkit
-RUN apt-get install -y g++ libqt5webkit5-dev gstreamer1.0-plugins-base gstreamer1.0-tools gstreamer1.0-x xvfb
+RUN useradd -l -u ${UID} app -d /app && \
+  chown -R app /app
 
-RUN gem install bundler --no-document -v '2.1.4'
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install -y --no-install-recommends g++ \
+    libqt5webkit5-dev \ 
+    zip \
+    unzip \
+    gstreamer1.0-plugins-base \
+    gstreamer1.0-tools \
+    gstreamer1.0-x \
+    libmariadb-dev \
+    libmariadbclient-dev \
+    xvfb \
+    qt5-default \
+    && rm -rf /var/lib/apt/lists/* 
 
-COPY Gemfile /fams_tools/Gemfile
-COPY Gemfile.lock /fams_tools/Gemfile.lock
-RUN bundle install
-COPY . /fams_tools
+USER app 
+COPY --chown=app Gemfile Gemfile.lock /app/
+COPY --chown=app .bundle/config /app/.bundle/config
+# in the event that bundler runs outside of docker, we get in sync with it's bundler version
+RUN gem install bundler -v "$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1)"
 
-COPY entrypoint.sh /usr/bin/
-RUN chmod +x /usr/bin/entrypoint.sh
-ENTRYPOINT ["entrypoint.sh"]
-EXPOSE 3000
+# - - - - - - - - - - - -
+FROM base as dev 
+WORKDIR /app
+USER app
+COPY --chown=app . /app
+CMD ["/app/bin/startup"]
+
+# - - - - - - - - - - - -
+FROM base as production
+WORKDIR /app
+
+COPY --chown=app . /app
+
+RUN bundle install --without development test && \
+  bundle clean && \
+  rm -rf /app/.bundle/cache && \
+  rm -rf /app/vendor/bundle/ruby/*/cache 
+
+RUN RAILS_ENV=production \
+    SECRET_KEY_BASE=rails_bogus_key \
+    bundle exec rails assets:precompile
+
+USER app 
+CMD ["/app/bin/startup"]

Gemfile

@@ -58,6 +58,9 @@ gem 'webmock'
 # Stream xlsx files
 gem 'creek'
 
+# Dependency for bootstrap:
+gem 'popper_js', '~> 1.16.1'
+
 # UX framework
 gem 'bootstrap', '~> 4.6'
 
@@ -99,8 +102,8 @@ group :development, :test do
   gem 'rubocop', '= 1.42.0'
   gem 'rubocop-rails'
   gem 'rubocop-rspec'
-  # Code coverage
-  gem 'simplecov', '~> 0.17.0'
+  # Code coveragee
+  gem 'simplecov', '~> 0.18.0'
   # Use Puma as the app server
   # Since passenger is used in production this doesn't need to be
   # installed on the RedHat server (it fails anyway)

Gemfile.lock

@@ -353,11 +353,10 @@ GEM
       websocket (~> 1.0)
     shoulda-matchers (4.0.0.rc1)
       activesupport (>= 4.2.0)
-    simplecov (0.17.1)
+    simplecov (0.18.5)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
+      simplecov-html (~> 0.11)
+    simplecov-html (0.12.3)
     spreadsheet (1.3.0)
       ruby-ole
     spring (4.1.3)
@@ -446,6 +445,7 @@ DEPENDENCIES
   net-ldap
   nio4r (= 2.5.8)
   pdf-reader
+  popper_js (~> 1.16.1)
   puma (~> 5.6)
   racc (= 1.6.2)
   rails (~> 7.0.7.1)
@@ -458,7 +458,7 @@ DEPENDENCIES
   sass-rails (~> 6.0)
   selenium-webdriver
   shoulda-matchers (= 4.0.0.rc1)
-  simplecov (~> 0.17.0)
+  simplecov (~> 0.18.0)
   spreadsheet
   spring (~> 4)
   spring-watcher-listen (~> 2.1.0)

README.md

@@ -75,14 +75,14 @@ The courses taught data import runs automatically at 00:00 on February 1st, June
 
 The contract/grant data import runs on the second Monday of every month at 01:00.  The data is obtained from the CSV generated by the SIMS team at this endpoint: https://service.sims.psu.edu/digitalmeasures/dmresults.csv .  This integration is also dependent on the CONGRANT.csv backup obtained from this Digital Measures endpoint: https://webservices.digitalmeasures.com/login/service/v4/SchemaData:backup/INDIVIDUAL-ACTIVITIES-University .  The backup is used to detect if there are any duplicates in the current Activity Insight system and remove them before the import runs.
 
-## Development
+## Development 
 
   After running the container, any changes to the code on your local machine will change in the container.  Sometimes the rails server needs to be restarted to pick up certain changes.  To do this run:
 
   `bundle exec rails restart`
 
   from inside the web container.
-  
+
 ## Testing
 
   From within the web container

bin/ci-rspec

@@ -0,0 +1,28 @@
+#!/bin/bash
+# script to run rspec as CI would 
+
+set -e
+
+export RAILS_ENV=test
+
+# Setup app configuration and ensure directories
+cp config/activity_insight.yml.circleci config/activity_insight.yml
+# cp config/databse.yml.circleci config/database.yml
+cp config/integration_passcode.yml.circleci config/integration_passcode.yml
+mkdir app/parsing_files
+mkdir spec/fixtures/post_prints
+mkdir public/psu
+mkdir public/log
+
+## check bundle 
+bundle check || bundle 
+
+## setup databse 
+bundle exec rails db:create db:migrate
+
+
+## run rubocop
+bundle exec rubocop
+
+## run rspec 
+bundle exec rspec

bin/startup

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+if [ -f /vault/secrets/config ]; then 
+  . /vault/secrets/config
+fi
+
+if [ "${RAILS_ENV:-development}" != 'production' ]; then 
+  bundle check || bundle
+  bundle exec rails db:create db:migrate
+fi
+
+rm -f /app/tmp/pids/server.pid
+
+exec bundle exec rails s -p 3000 -b '0.0.0.0'

config/cable.yml

@@ -6,5 +6,5 @@ test:
 
 production:
   adapter: redis
-  url: redis://localhost:6379/1
-  channel_prefix: ai_integration_production
+  url: <%= ENV.fetch("REDIS_URI") { "redis://localhost:6379/1" } %>
+  channel_prefix: <% ENV.fetch("CHANNEL_PREFIX") { "ai_integration_production" } %>

config/database.yml

@@ -0,0 +1,21 @@
+default: &default
+  adapter: mysql2
+  encoding: utf8mb4
+  pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+  username: <%= ENV.fetch("MYSQL_USER") { "root" } %>
+  password: <%= ENV.fetch("MYSQL_PASSWORD") { "root" } %>
+  host: <%= ENV.fetch("MYSQL_HOST") { "127.0.0.1" } %>
+  port: 3306
+
+development:
+  <<: *default
+  database: <%= ENV.fetch("MYSQL_DATABASE") { "ai_integration" } %>
+
+production:
+  <<: *default
+  database: <%= ENV.fetch("MYSQL_DATABASE") { "ai_integration" } %>
+
+
+test:
+  <<: *default
+  database: <%= ENV.fetch("MYSQL_DATABASE") { "ai_integration" } %>_test

docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.2'
+version: '3.3'
 services:
   db:
     environment:
@@ -10,8 +10,15 @@ services:
     - ai-integration-data:/var/lib/mysql
   web:
     environment:
+      # RAILS_ENV: production # The startup script defaults to development, change to production if need be
       MYSQL_HOST: db
-    build: .
+      MYSQL_PASSWORD: ai_integration 
+    build: 
+      args:
+        UID: "${UID:-1001}"
+      context: .
+      target: dev 
+      dockerfile: Dockerfile
     ports:
     - "3000:3000"
     depends_on:
@@ -22,7 +29,11 @@ services:
     - type: bind
       consistency: cached
       source: .
-      target: /fams_tools/
-
+      target: /app/
+networks:                                
+  default:                               
+    driver: bridge                       
+    driver_opts:                         
+      com.docker.network.driver.mtu: 1400
 volumes:
-  ai-integration-data:
+  ai-integration-data: {}