Framering

brandnewbox · Mar 19, 2024 · 3b044b3 · 3b044b3
1 parent b4b54a2
commit 3b044b3
Show file tree

Hide file tree

Showing 13 changed files with 494 additions and 216 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -1,63 +1,93 @@
 version: 2.1
-commands:
-  restore_caches:
-    steps:
-      - restore_cache:
-          keys:
-            - rubygems-{{ checksum "_rubygems_cache_key" }}-{{ checksum "Gemfile.lock" }}
-            - rubygems-{{ checksum "_rubygems_cache_key" }}-
-  create_cache_key_files:
-    steps:
-      - run: echo $CIRCLECI_RUBYGEMS_CACHE_KEY
-      - run:
-          name: Write the rubygems cache key to a file
-          command: |
-            echo $CIRCLECI_RUBYGEMS_CACHE_KEY > _rubygems_cache_key
-            cat _rubygems_cache_key
-  save_caches:
-    steps:
-      - save_cache:
-          paths:
-            - vendor
-          key: rubygems-{{ checksum "_rubygems_cache_key" }}-{{ checksum "Gemfile.lock" }}
-  install_gems:
-    steps:
-      - run: gem update --system "$RUBYGEMS_VERSION"
-      - run: gem install bundler --version "$BUNDLER_VERSION" --force
-      - run: bundle config set clean true --local
-      - run: bundle config set jobs 4 --local
-      - run: bundle config set path vendor/bundle --local
-      - run: bundle config set retry 3 --local
-      - run: bundle install
+orbs:
+  drydock: brandnewbox/[email protected]
+parameters:
+  registry:
+    type: string
+    default: registry.digitalocean.com
+  builder-image:
+    type: string
+    default: brandnewbox/errbit-builder
+  final-image:
+    type: string
+    default: brandnewbox/errbit
+  rancher-context:
+    type: string
+    default: 'c-tmnrk:p-l87zj'
+  rancher-namespace:
+    type: string
+    default: errbit
+  working-directory:
+    type: string
+    default: /home/bnb/app
+workflows:
+  devops_flow:
+    jobs:
+      - drydock/run-danger:
+          context: GITHUB
+      - drydock/build-and-push:
+          name: build-and-push-builder
+          built-image: << pipeline.parameters.registry >>/<< pipeline.parameters.builder-image >>:${CIRCLE_SHA1}
+          build-target: production-builder
+          working-directory: << pipeline.parameters.working-directory >>
+          cache-assets: true
+          cache-packs: false
+          docker-version: default
+          build-args: >-
+            --build-arg RAILS_MASTER_KEY=${RAILS_PRODUCTION_KEY}
+            --build-arg RAILS_ENV=production
+          context: DO_BNB_REGISTRY
+      - test:
+          image: << pipeline.parameters.registry >>/<< pipeline.parameters.builder-image >>:${CIRCLE_SHA1}
+          context: DO_BNB_REGISTRY
+          requires:
+            - build-and-push-builder
+      - drydock/build-and-push:
+          name: build-and-push-production
+          built-image: << pipeline.parameters.registry >>/<< pipeline.parameters.final-image >>:${CIRCLE_SHA1}
+          build-target: production
+          working-directory: << pipeline.parameters.working-directory >>
+          cache-assets: true
+          cache-packs: false
+          docker-version: default
+          build-args: >-
+            --build-arg RAILS_MASTER_KEY=${RAILS_PRODUCTION_KEY}
+            --build-arg RAILS_ENV=production
+          context: DO_BNB_REGISTRY
+          filters:
+            branches:
+              only: /^(main)$/
+          requires:
+            - build-and-push-builder
+      - drydock/create-deployment:
+          name: puma-deployment
+          rancher-deployment: errbit-deployment
+          rancher-container: errbit-container
+          rancher-namespace: << pipeline.parameters.rancher-namespace >>
+          rancher-context: << pipeline.parameters.rancher-context >>
+          image: << pipeline.parameters.registry >>/<< pipeline.parameters.final-image >>:${CIRCLE_SHA1}
+          context: DO_BNB_REGISTRY
+          filters:
+            branches:
+              only: /^(main)$/
+          requires:
+            - build-and-push-production
+            - test
 jobs:
-  mongo-ruby:
-    environment:
-      CIRCLECI_RUBYGEMS_CACHE_KEY: '2022060600'
-      RUBYGEMS_VERSION: 3.3.21
-      BUNDLER_VERSION: 2.3.21
+  test:
     parameters:
-      mongo_version:
+      image:
+        description: The image to test
         type: string
     docker:
-      - image: cimg/ruby:2.7.6-browsers
-      - image: circleci/mongo:<< parameters.mongo_version >>-ram
+      - image: << parameters.image >>
+        auth:
+          username: $PRIVATE_REGISTRY_USERNAME
+          password: $PRIVATE_REGISTRY_PASSWORD
+        environment:
+          RAILS_ENV: test
+          MONGO_URL: mongodb://localhost:27017/my_database
+      - image: circleci/mongo:4
+    working_directory: << pipeline.parameters.working-directory >>
     steps:
-      - checkout
-      - create_cache_key_files
-      - restore_caches
-      - install_gems
-      - save_caches
-      - run: ruby -v
-      - run: gem -v
-      - run: bundle -v
-      - run: bundle exec rubocop -v
-      - run: bundle exec rake errbit:bootstrap
-      - run: bundle exec rspec
-      - run: bundle exec rubocop
-workflows:
-  workflow:
-    jobs:
-      - mongo-ruby:
-          matrix:
-            parameters:
-              mongo_version: ["4.0", "4.2", "4.4", "5.0"]
+      - drydock/default-test-steps
diff --git a/.dockerdev/.bashrc b/.dockerdev/.bashrc
@@ -0,0 +1 @@
+alias be="bundle exec"
diff --git a/.dockerdev/.psqlrc b/.dockerdev/.psqlrc
@@ -0,0 +1,26 @@
+-- Don't display the "helpful" message on startup.
+\set QUIET 1
+
+-- Allow specifying the path to history file via `PSQL_HISTFILE` env variable
+-- (and fallback to the default $HOME/.psql_history otherwise)
+\set HISTFILE `[ -z $PSQL_HISTFILE ] && echo $HOME/.psql_history || echo $PSQL_HISTFILE`
+
+-- Show how long each query takes to execute
+\timing
+
+-- Use best available output format
+\x auto
+
+-- Verbose error reports
+\set VERBOSITY verbose
+
+-- If a command is run more than once in a row,
+-- only store it once in the history
+\set HISTCONTROL ignoredups
+\set COMP_KEYWORD_CASE upper
+
+-- By default, NULL displays as an empty space. Is it actually an empty
+-- string, or is it null? This makes that distinction visible
+\pset null '[NULL]'
+
+\unset QUIET
diff --git a/.dockerdev/Dockerfile b/.dockerdev/Dockerfile
@@ -0,0 +1,203 @@
+ARG RUBY_VERSION=2.7.6
+ARG RUBYGEMS_VERSION=3.3.20
+ARG PG_MAJOR=14
+ARG NODE_MAJOR=20
+ARG YARN_VERSION=1.22.17
+ARG DISTRO_NAME=bullseye
+
+# Here we add the the name of the stage ("base")
+FROM ruby:$RUBY_VERSION-slim-$DISTRO_NAME AS base
+
+# A recommended memory optimization for Ruby apps https://devcenter.heroku.com/articles/tuning-glibc-memory-behavior
+ENV MALLOC_ARENA_MAX=2
+
+# Install application dependencies and then clean up after ourselves
+RUN apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    build-essential \
+    curl \
+    gnupg2 \
+    less \
+    tzdata \
+    time \
+    locales \
+    shared-mime-info \
+    libjemalloc2 \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log \
+  && update-locale LANG=C.UTF-8 LC_ALL=C.UTF-8
+
+ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2 \
+  MALLOC_CONF="dirty_decay_ms:1000,narenas:2,background_thread:true"
+
+ARG DISTRO_NAME
+ARG PG_MAJOR
+RUN curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | \
+    gpg --dearmor -o /usr/share/keyrings/postgres-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/postgres-archive-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/" \
+    $DISTRO_NAME-pgdg main $PG_MAJOR | tee /etc/apt/sources.list.d/postgres.list > /dev/null
+RUN apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    libpq-dev \
+    postgresql-client-$PG_MAJOR \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
+
+WORKDIR /app
+
+EXPOSE 3000
+CMD ["/usr/bin/bash"]
+
+FROM base as builder
+
+# Install tools that are necessary for building but are not necessary in the built image
+RUN apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    git \
+    python \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
+
+
+ARG NODE_MAJOR
+ARG YARN_VERSION
+# Install NodeJS and Yarn
+RUN mkdir -p /etc/apt/keyrings \ 
+  && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+  && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+RUN apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade && \
+  DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    nodejs \
+    && apt-get clean \
+    && rm -rf /var/cache/apt/archives/* \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+    && truncate -s 0 /var/log/*log
+RUN npm install -g yarn@$YARN_VERSION
+
+
+
+
+
+# Then, we define the "development" stage from the builder one
+FROM builder AS development
+
+# The major difference from the base image is that we may have development-only system
+# dependencies (like Vim or graphviz).
+RUN apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get -yq dist-upgrade \
+  && DEBIAN_FRONTEND=noninteractive apt-get install -yq --no-install-recommends \
+    git \
+    vim \
+    nano \
+    sudo \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
+
+# Create a non-root user which matches the UID of the host machine
+# in order to have file permissions work out of the box.
+# Make that user a sudoer so you can still do root operations in the container if necessary.
+ARG UID
+RUN useradd --uid ${UID} --shell /bin/bash --create-home bnb \
+  && echo 'bnb ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
+USER bnb
+# The mounted volume will be owned by root unless we pre-create the folder here. The base ruby image automatically
+# handles the /usr/local/bundle folder we just need to handle other volumes that we create.
+RUN sudo mkdir /app/node_modules \
+  && sudo chown -R bnb:bnb /app/node_modules \
+  && sudo mkdir -p /app/tmp/cache \
+  && sudo chown -R bnb:bnb /app/tmp/cache
+
+
+
+# The production-builder image is responsible for installing dependencies and compiling assets
+FROM builder as production-builder
+
+# First, we create and configure a dedicated user to run our application
+# DUP: user setup
+RUN groupadd --gid 1005 bnb \
+  && useradd --uid 1005 --gid bnb --shell /bin/bash --create-home bnb
+USER bnb
+RUN mkdir /home/bnb/app
+WORKDIR /home/bnb/app
+
+# Then, we re-configure Bundler
+ARG RAILS_ENV=production
+ENV RAILS_ENV=$RAILS_ENV \
+  LANG=C.UTF-8 \
+  BUNDLE_JOBS=4 \
+  BUNDLE_RETRY=3 \
+  BUNDLE_APP_CONFIG=/home/bnb/bundle \
+  BUNDLE_PATH=/home/bnb/bundle \
+  GEM_HOME=/home/bnb/bundle
+
+# Install Ruby gems
+COPY --chown=bnb:bnb Gemfile Gemfile.lock ./
+RUN mkdir $BUNDLE_PATH \
+  && bundle config --local deployment 'true' \
+  && bundle config --local path "${BUNDLE_PATH}" \
+  && bundle config --local without 'development test' \
+  && bundle config --local clean 'true' \
+  && bundle config --local no-cache 'true' \
+  && bundle install --jobs=${BUNDLE_JOBS} \
+  && rm -rf $BUNDLE_PATH/ruby/3.1.0/cache/* \
+  && rm -rf /home/bnb/.bundle/cache/*
+
+# Install JS packages
+COPY --chown=bnb:bnb package.json yarn.lock ./
+RUN yarn install --check-files
+
+# Copy code
+COPY --chown=bnb:bnb . .
+
+# Precompile assets
+# NOTE: The command may require adding some environment variables (e.g., SECRET_KEY_BASE) if you're not using
+# credentials.
+ARG RAILS_MASTER_KEY
+RUN RAILS_MASTER_KEY=$RAILS_MASTER_KEY bundle exec rails assets:precompile
+
+
+
+
+
+# Finally, our production image definition
+FROM base AS production
+
+# Upgrade RubyGems
+ARG RUBYGEMS_VERSION
+RUN gem update --system $RUBYGEMS_VERSION
+
+# Create and configure a dedicated user (use the same name as for the production-builder image)
+# DUP: user setup
+RUN groupadd --gid 1005 bnb \
+  && useradd --uid 1005 --gid bnb --shell /bin/bash --create-home bnb
+RUN mkdir /home/bnb/app
+WORKDIR /home/bnb/app
+USER bnb
+
+# Ruby/Rails env configuration
+ARG RAILS_ENV=production
+ENV RAILS_ENV=$RAILS_ENV \
+  BUNDLE_APP_CONFIG=/home/bnb/bundle \
+  BUNDLE_PATH=/home/bnb/bundle \
+  GEM_HOME=/home/bnb/bundle \
+  PATH="/home/bnb/app/bin:${PATH}" \
+  LANG=C.UTF-8 \
+  LC_ALL=C.UTF-8
+
+# Copy code
+COPY --chown=bnb:bnb . .
+
+# Copy artifacts
+# 1) Installed gems
+COPY --from=production-builder $BUNDLE_PATH $BUNDLE_PATH
+# 2) Compiled assets
+COPY --from=production-builder /home/bnb/app/public/assets /home/bnb/app/public/assets
+# 3) We can even copy the Bootsnap cache to speed up our Rails server load!
+COPY --chown=bnb:bnb --from=production-builder /home/bnb/app/tmp/cache/bootsnap* /home/bnb/app/tmp/cache/
+
+CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"]