fix: Remove Deface precompile on production (#76)

* feat: Add Docker on local with https * fix: Deactivate Deface procompile on local * fix: Deactivate Deface precompile on prod * lint: Fix rubocop offenses * fix: Enable letter_opener on production mode * fix: Override after_confirmation_path * fix: Add env var in .env-example * revert: "fix: Override after_confirmation_path" This reverts commit f15c8b2. --------- Co-authored-by: Pauline Bessoles <[email protected]>
OpenSourcePolitics · Nov 30, 2023 · a498258 · a498258
1 parent 69ae9f9
commit a498258
Show file tree

Hide file tree

Showing 9 changed files with 135 additions and 97 deletions.
diff --git a/.env-example b/.env-example
@@ -29,4 +29,14 @@
 # ENABLE_RACK_ATTACK=1
 
 # Deface is already precompiled in Dockerfile, default is false to prevent duplicates
-# DEFACE_ENABLED=false
+# DEFACE_ENABLED=false
+
+DECIDIM_ADMIN_PASSWORD_STRONG="false"
+# Puma server configuration
+# PUMA_MIN_THREADS=5
+# PUMA_MAX_THREADS=5
+# PUMA_WORKERS=0
+# PUMA_PRELOAD_APP=false
+
+# Override after confirmation path with custom route
+# AH_REDIRECT_AFTER_CONFIRMATION="/initiatives"
diff --git a/.gitignore b/.gitignore
@@ -95,3 +95,4 @@ vendor/cache
 yarn-debug.log*
 .yarn-integrity
 *.rubocop-https*
+certificate-https-local/
diff --git a/Dockerfile b/Dockerfile
@@ -24,8 +24,7 @@ RUN yarn install --frozen-lockfile
 COPY . .
 
 RUN bundle exec bootsnap precompile --gemfile app/ lib/ config/ bin/ db/ && \
-    bundle exec rails assets:precompile && \
-    bundle exec rails deface:precompile
+    bundle exec rails assets:precompile
 
 RUN rm -rf node_modules tmp/cache vendor/bundle spec \
     && rm -rf /usr/local/bundle/cache/*.gem \

diff --git a/Dockerfile.local b/Dockerfile.local
@@ -0,0 +1,55 @@
+# Builder Stage
+FROM ruby:3.0.6-slim as builder
+
+ENV RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy
+
+WORKDIR /app
+
+RUN apt-get update -q && \
+    apt-get install -yq libpq-dev curl git libicu-dev build-essential openssl && \
+    curl https://deb.nodesource.com/setup_16.x | bash && \
+    apt-get install -y nodejs && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    npm install --global yarn && \
+    gem install bundler:2.4.9
+
+COPY Gemfile Gemfile.lock ./
+RUN bundle config set --local without 'development test' && \
+    bundle install -j"$(nproc)"
+
+COPY package.json yarn.lock ./
+COPY packages packages
+RUN yarn install --frozen-lock
+
+COPY . .
+
+RUN bundle exec bootsnap precompile --gemfile app/ lib/ config/ bin/ db/ && \
+    bundle exec rails assets:precompile
+
+run mkdir certificate-https-local
+RUN openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=FR/ST=France/L=Paris/O=decidim/CN=decidim.eu" -keyout ./certificate-https-local/key.pem -out ./certificate-https-local/cert.pem;
+
+# Runner Stage
+FROM ruby:3.0.6-slim as runner
+
+ENV RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy \
+    RAILS_LOG_TO_STDOUT=true \
+    LD_PRELOAD="libjemalloc.so.2" \
+    MALLOC_CONF="background_thread:true,metadata_thp:auto,dirty_decay_ms:5000,muzzy_decay_ms:5000,narenas:2"
+
+WORKDIR /app
+
+RUN apt-get update -q && \
+    apt-get install -yq postgresql-client imagemagick libproj-dev proj-bin libjemalloc2 && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/* && \
+    gem install bundler:2.4.9
+
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+COPY --from=builder /app /app
+
+EXPOSE 3000
+CMD ["bundle", "exec", "rails", "server", "-b", "ssl://0.0.0.0:3000?key=/app/certificate-https-local/key.pem&cert=/app/certificate-https-local/cert.pem"]
diff --git a/Gemfile b/Gemfile
@@ -36,13 +36,13 @@ gem "deface"
 gem "faker", "~> 2.14"
 gem "fog-aws"
 gem "foundation_rails_helper", git: "https://github.com/sgruhier/foundation_rails_helper.git"
+gem "letter_opener_web", "~> 2.0"
 gem "omniauth-rails_csrf_protection", "~> 1.0"
 gem "puma", ">= 5.6.2"
 gem "rack-attack"
 gem "sys-filesystem"
 
 group :development do
-  gem "letter_opener_web", "~> 2.0"
   gem "listen", "~> 3.1"
   gem "rubocop-faker"
   gem "spring", "~> 2.0"

diff --git a/Makefile b/Makefile
@@ -1,89 +1,36 @@
-#### Terraform | Scaleway provider
-init-scw:
-	terraform -chdir=deploy/providers/scaleway init
-
-plan-scw:
-	@make init-scw
-	terraform -chdir=deploy/providers/scaleway plan	
-
-deploy-scw:
-	@make init-scw
-	terraform -chdir=deploy/providers/scaleway apply
-
-destroy-scw:
-	terraform -chdir=deploy/providers/scaleway destroy
-
-### Docker usage
+run: up
+	@make create-seeds
 
-# Docker images commands
+up:
+	docker-compose -f docker-compose.local.yml up --build -d
+	@make setup-database
 
-REGISTRY := rg.fr-par.scw.cloud
-NAMESPACE := decidim-app
-VERSION := latest
-IMAGE_NAME := decidim-app
-TAG := $(REGISTRY)/$(NAMESPACE)/$(IMAGE_NAME):$(VERSION)
+# Stops containers and remove volumes
+teardown:
+	docker-compose -f docker-compose.local.yml down -v --rmi all
 
-login:
-	docker login $(REGISTRY) -u nologin -p $(SCW_SECRET_TOKEN)
+create-database:
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:create'
 
-build-classic:
-	docker build -t $(IMAGE_NAME):$(VERSION) .
-build-scw:
-	docker build -t $(TAG) .
-push:
-	@make build-scw
-	@make login
-	docker push $(TAG)
-pull:
-	@make build-scw
-	docker pull $(TAG)
+setup-database: create-database
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:migrate'
 
-# Bundle commands
-create-database:
-	docker-compose run app bundle exec rails db:create
-run-migrations:
-	docker-compose run app bundle exec rails db:migrate
+# Create seeds
 create-seeds:
-	docker-compose run app bundle exec rails db:seed
+	docker-compose -f docker-compose.local.yml exec app /bin/bash -c 'DISABLE_DATABASE_ENVIRONMENT_CHECK=1 /usr/local/bundle/bin/bundle exec rake db:schema:load db:seed'
 
-# Database commands 
+# Restore dump
 restore-dump:
-	bundle exec rake restore_dump 
+	bundle exec rake restore_dump
 
-# Start commands seperated by context
-start:
-	docker-compose up
-
-start-dumped-decidim:
-	@make create-database
-	@make -i restore-dump
-	@make run-migrations
-	@make start
-start-seeded-decidim:
-	@make create-database
-	@make run-migrations
-	@make create-seeds
-	@make start
-start-clean-decidim:
-	@make create-database
-	@make run-migrations
-	@make start
+shell:
+	docker-compose -f docker-compose.local.yml exec app /bin/bash
 
-# Utils commands
-rails-console:
-	docker exec -it decidim-app_app_1 rails c
-connect-app:
-	docker exec -it decidim-app_app_1 bash
+restart:
+	docker-compose -f docker-compose.local.yml up -d
 
-# Stop and delete commands
-stop:
-	docker-compose down
-delete:
-	@make stop
-	docker volume prune
+status:
+	docker-compose -f docker-compose.local.yml ps
 
-local-dev:
-	docker-compose -f docker-compose.dev.yml up -d
-	@make create-database
-	@make run-migrations
-	@make create-seeds
+logs:
+	docker-compose -f docker-compose.local.yml logs app
diff --git a/config/puma.rb b/config/puma.rb
@@ -6,8 +6,9 @@
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
 # and maximum; this matches the default thread size of Active Record.
 #
-threads_count = ENV.fetch("RAILS_MAX_THREADS", 5)
-threads threads_count, threads_count
+min_threads_count = ENV.fetch("PUMA_MIN_THREADS", 5).to_i
+max_threads_count = ENV.fetch("PUMA_MAX_THREADS", 5).to_i
+threads min_threads_count, max_threads_count
 
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
 #
@@ -22,15 +23,15 @@
 # the concurrency of the application would be max `threads` * `workers`.
 # Workers do not work on JRuby or Windows (both of which do not support
 # processes).
-#
-# workers ENV.fetch("WEB_CONCURRENCY") { 2 }
+
+workers_count = ENV.fetch("PUMA_WORKERS", -1).to_i
+workers workers_count if workers_count.positive?
 
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write
 # process behavior so workers use less memory.
-#
-# preload_app!
+preload_app! if ENV.fetch("PUMA_PRELOAD_APP", "false") == "true"
 
 # Allow puma to be restarted by `rails restart` command.
 plugin :tmp_restart
diff --git a/config/routes.rb b/config/routes.rb
@@ -8,7 +8,7 @@
     mount Sidekiq::Web => "/sidekiq"
   end
 
-  mount LetterOpenerWeb::Engine, at: "/letter_opener" if Rails.env.development?
+  mount LetterOpenerWeb::Engine, at: "/letter_opener" if Rails.env.development? || ENV.fetch("ENABLE_LETTER_OPENER", "0") == "1"
 
   mount Decidim::Core::Engine => "/"
   # mount Decidim::Map::Engine => '/map'

diff --git a/docker-compose.dev.yml → docker-compose.local.yml b/docker-compose.dev.yml → docker-compose.local.yml
@@ -19,34 +19,59 @@ services:
   sidekiq:
     build:
       context: .
+      dockerfile: Dockerfile.local
     command: [ "bundle", "exec", "sidekiq", "-C", "config/sidekiq.yml" ]
     environment:
-      - REDIS_URL=redis://redis:6379
-      - MEMCACHE_SERVERS=memcached:11211
       - DATABASE_HOST=database
       - DATABASE_USERNAME=postgres
+      - DECIDIM_HOST=localhost
+      - REDIS_URL=redis://redis:6379
+      - MEMCACHE_SERVERS=memcached:11211
+      - RAILS_SERVE_STATIC_FILES=true
+      - RAILS_LOG_TO_STDOUT=true
+      - ASSET_HOST=localhost:3000
+      - FORCE_SSL=1
+      - ENABLE_LETTER_OPENER=1
+      - SEED=true
+      - DEFACE_ENABLED=true
+      - QUESTION_CAPTCHA_HOST=
+      - ENABLE_RACK_ATTACK=0
+      - PUMA_MIN_THREADS=5
+      - PUMA_MAX_THREADS=5
+      - PUMA_WORKERS=-1
+      - PUMA_PRELOAD_APP=false
     depends_on:
       - app
+    volumes:
+      - shared-volume:/app
     links:
       - database
       - redis
   app:
     build:
       context: .
-    volumes:
-      - .:/app
-      - node_modules:/app/node_modules
+      dockerfile: Dockerfile.local
     environment:
       - DATABASE_HOST=database
       - DATABASE_USERNAME=postgres
-      - DECIDIM_HOST=0.0.0.0
+      - DECIDIM_HOST=localhost
       - REDIS_URL=redis://redis:6379
       - MEMCACHE_SERVERS=memcached:11211
       - RAILS_SERVE_STATIC_FILES=true
       - RAILS_LOG_TO_STDOUT=true
-      - FORCE_SSL="0"
-      - LETTER_OPENER_ENABLED="true"
+      - ASSET_HOST=localhost:3000
+      - FORCE_SSL=1
+      - ENABLE_LETTER_OPENER=1
       - SEED=true
+      - DEFACE_ENABLED=true
+      - QUESTION_CAPTCHA_HOST=
+      - ENABLE_RACK_ATTACK=0
+      - PUMA_MIN_THREADS=5
+      - PUMA_MAX_THREADS=5
+      - PUMA_WORKERS=-1
+      - PUMA_PRELOAD_APP=false
+    volumes:
+      - shared-volume:/app
     ports:
       - 3000:3000
     depends_on:
@@ -55,6 +80,6 @@ services:
       - memcached
 
 volumes:
-  node_modules: { }
+  shared-volume: { }
   pg-data: { }
   redis-data: { }