Merge pull request #3133 from bitzesty/staging

production < staging

.dockerignore

@@ -1,2 +1,37 @@
-.env
-vendor/bundle/*
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
+
+# Ignore git directory.
+/.git/
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore all environment files (except templates).
+/.env*
+!/.env*.erb
+
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/.keep
+
+# Ignore assets.
+/node_modules/
+/app/assets/builds/*
+!/app/assets/builds/.keep
+/public/assets

.env.example

@@ -10,8 +10,6 @@ PROFILE_MODE=false
 LOG_LEVEL=info
 ASSET_HOST=http://localhost:3000/
 MAILER_HOST=localhost
-SENDGRID_USERNAME=test_smtp_username
-SENDGRID_PASSWORD=test_smtp_password
 AWS_ACCESS_KEY_ID=xxx
 AWS_SECRET_ACCESS_KEY=xxx
 AWS_REGION=xxx

.github/workflows/ci.yml

@@ -2,7 +2,7 @@ name: CI
 on: [push]
 jobs:
   test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     services:
       db:
         image: postgres:12-alpine
@@ -45,7 +45,7 @@ jobs:
           ruby-version: 3.2.2
       - uses: actions/setup-node@v2-beta
         with:
-          node-version: '16'
+          node-version: '20'
       - run: npm install -g yarn
       - uses: nanasess/setup-chromedriver@master
       - name: Build and run tests
@@ -78,7 +78,7 @@ jobs:
   deploy_dev:
     needs: [test]
     if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       max-parallel: 1
     steps:
@@ -95,7 +95,7 @@ jobs:
           ruby-version: 3.2.2
       - uses: actions/setup-node@v2-beta
         with:
-          node-version: '16'
+          node-version: '20'
       - name: 'Deploy dev'
         env:
           name: dev
@@ -121,7 +121,7 @@ jobs:
   deploy_staging:
     needs: [test]
     if: github.ref == 'refs/heads/staging'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     strategy:
       max-parallel: 1
     steps:
@@ -138,7 +138,7 @@ jobs:
           ruby-version: 3.2.2
       - uses: actions/setup-node@v2-beta
         with:
-          node-version: '16'
+          node-version: '20'
       - name: 'Deploy staging'
         env:
           name: staging

.gitignore

@@ -39,9 +39,14 @@ qae-production-worker_manifest.yml
 /public/packs-test
 /public/assets
 /node_modules
-/yarn-error.log
-yarn-debug.log*
-.yarn-integrity
+
+# Yarn
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
 
 /public/packs
 /public/packs-test

.node-version

@@ -0,0 +1 @@
+20.16.0

.tool-versions

@@ -1,2 +1,2 @@
 ruby 3.2.2
-nodejs 18.17.1
+nodejs 20.16.0

Dockerfile

@@ -1,21 +1,95 @@
-ARG RUBY_VERSION=2.5.0
+# syntax = docker/dockerfile:1
 
-FROM convox/rails
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+ARG RUBY_VERSION=3.2.2
+FROM ruby:$RUBY_VERSION-slim AS base
 
-ENV HOME=/app
-WORKDIR /app
+# Rails app lives here
+WORKDIR /rails
 
-ENV SSL_CERT_DIR=/etc/ssl/certs
-ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+ENV HOME=/home/rails
+ENV USER=rails
 
-ENV DATABASE_URL postgresql://localhost/dummy_url
-ENV AWS_ACCESS_KEY_ID dummy
-ENV AWS_SECRET_ACCESS_KEY dummy
+# Set default to production, but allow override
+ARG RAILS_ENV=production
+ENV RAILS_ENV=${RAILS_ENV}
 
-ENV CURL_CONNECT_TIMEOUT=0 CURL_TIMEOUT=0 GEM_PATH="$HOME/vendor/bundle/ruby/${RUBY_VERSION}:$GEM_PATH" LANG=${LANG:-en_US.UTF-8} PATH="$HOME/bin:$HOME/vendor/bundle/bin:$HOME/vendor/bundle/ruby/${RUBY_VERSION}/bin:$PATH" RACK_ENV=${RACK_ENV:-production} RAILS_ENV=${RAILS_ENV:-production} RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES:-enabled} SECRET_KEY_BASE=${SECRET_KEY_BASE:-PLACEHOLDERSECRETBASEKEY}
+# Set production environment
+ENV BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_PATH="/usr/local/bundle" \
+    PATH="/usr/local/bundle/bin:$PATH"
 
-# Cache bundler
-COPY Gemfile /app/Gemfile
-COPY Gemfile.lock /app/Gemfile.lock
-COPY . /app
-RUN bundle install --without development test --jobs 4 && RAILS_ENV=production bundle exec rake assets:precompile
+# Conditionally set bundle config based on RAILS_ENV
+RUN if [ "$RAILS_ENV" = "production" ]; then \
+    echo "Setting production bundle config"; \
+    bundle config set --local deployment 'true'; \
+    bundle config set --local without 'development test'; \
+    else \
+    echo "Setting development bundle config"; \
+    bundle config set --local deployment 'false'; \
+    fi
+
+# Update gems and bundler
+RUN gem update --system --no-document && \
+    gem install -N bundler
+
+# Install packages needed for both production and development
+RUN --mount=type=cache,id=dev-apt-cache,sharing=locked,target=/var/cache/apt \
+    --mount=type=cache,id=dev-apt-lib,sharing=locked,target=/var/lib/apt \
+    apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl build-essential libpq-dev libvips node-gyp pkg-config python-is-python3 imagemagick libjemalloc2 postgresql-client
+
+# Install Node.js
+ARG NODE_VERSION=20.16.0
+ENV PATH=/usr/local/node/bin:$PATH
+RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \
+    /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
+    rm -rf /tmp/node-build-master
+
+# Install yarn
+ARG YARN_VERSION=1.22.22
+RUN npm install -g yarn@$YARN_VERSION
+
+# Copy application code
+COPY . .
+RUN chmod +x /rails/bin/*
+
+# Install dependencies
+COPY --link Gemfile Gemfile.lock ./
+RUN bundle install
+
+# Install node modules
+COPY --link package.json yarn.lock ./
+RUN yarn install --frozen-lockfile
+
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN if [ "$RAILS_ENV" = "production" ]; then \
+    SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile; \
+    fi
+
+# Create rails user and set correct permissions
+RUN groupadd -r rails && useradd -r -g rails rails
+RUN mkdir -p $HOME && chown -R $USER:$USER $HOME /rails
+
+# Verify user creation and permissions
+RUN id rails && ls -la /rails/bin
+
+# Switch to rails user
+USER $USER
+
+# Add this line to ensure the HOME env is available to all processes
+ENV HOME=$HOME
+
+# Deployment options
+ENV LD_PRELOAD="libjemalloc.so.2" \
+    MALLOC_CONF="dirty_decay_ms:1000,narenas:2,background_thread:true" \
+    RAILS_LOG_TO_STDOUT="1" \
+    RAILS_SERVE_STATIC_FILES="true" \
+    RUBY_YJIT_ENABLE="1"
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["./bin/rails", "server"]

Gemfile

@@ -158,6 +158,7 @@ group :development do
   gem "standard", require: false
   # Fixes https://github.com/rails/rails/issues/26658#issuecomment-255590071
   gem "rb-readline"
+  gem "dockerfile-rails", ">= 1.6"
 end
 
 group :development, :test do

Gemfile.lock

@@ -177,6 +177,8 @@ GEM
       zxcvbn (~> 0.1.7)
     diff-lcs (1.5.0)
     docile (1.4.0)
+    dockerfile-rails (1.6.17)
+      rails (>= 3.0.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     dotenv (2.8.1)
@@ -362,6 +364,8 @@ GEM
       activerecord (>= 4.0.0)
       activesupport (>= 4.0.0)
     nio4r (2.5.9)
+    nokogiri (1.16.5-aarch64-linux)
+      racc (~> 1.4)
     nokogiri (1.16.5-arm64-darwin)
       racc (~> 1.4)
     nokogiri (1.16.5-x86_64-darwin)
@@ -705,6 +709,7 @@ GEM
     zxcvbn (0.1.9)
 
 PLATFORMS
+  aarch64-linux
   arm64-darwin-21
   arm64-darwin-22
   arm64-darwin-23
@@ -733,6 +738,7 @@ DEPENDENCIES
   devise-authy (>= 1.10.0)
   devise-security (~> 0.18.0)
   devise_zxcvbn (>= 4.4.1)
+  dockerfile-rails (>= 1.6)
   dotenv-rails
   draper (~> 4.0)
   email_validator

README.md

@@ -8,10 +8,11 @@
 
 - Ruby 3.2.2
   - `gem install bundler -v 2.5.6`
-- Node.js
+- Node.js LTS
 - Rails 7.0
 - Postgresql 9.5+ with `hstore` extension
 - Redis 4+
+- Docker
 
 ### Running the application
 
@@ -21,30 +22,39 @@ There are environment variables that you may want to modify in the `.env` file.
 cp .env.example .env
 ```
 
-Ensure the postgres database and redis server are running.
+This ensures the necessary environment variables set before running the Docker commands.
 
-```
-./bin/setup
-```
+#### Running with docker
 
-Run the application with the following commands:
+1. Build the containers:
+
+   ```
+   docker-compose build
+   ```
 
-```
-bundle exec rails s
-bundle exec sidekiq -C config/sidekiq.yml
-```
+2. In a new terminal, set up and migrate the database:
+
+   ```
+   docker-compose run --rm web bundle exec rails db:prepare
+   ```
 
-or with foreman:
+3. Run the containers:
 
-```
-foreman start
-```
+   ```
+   docker-compose up
+   ```
 
-### Running with docker
+Your application should now be running at http://localhost:3000
 
-    $ cp Dockerfile.local Dockerfile
-    $ cp docker-compose.yml.local docker-compose.yml
-    $ docker-compose up
+##### Running Rails with the production config
+
+Locally the docker image will run Rails in development, if you need to run as production
+then specify the production file `docker-compose -f docker-compose.prod.yml`
+
+You will need to generate a local ssl certificate for nginx.
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./certs/privkey.pem -out ./certs/fullchain.pem
+
+Your application should now be running at https://localhost/
 
 ### Installing Poxa
 
@@ -75,6 +85,7 @@ software, and may be redistributed under the terms specified in the
 [license]: https://github.com/bitzesty/qae/blob/master/LICENSE
 
 ## Helpful links
+
 - [GDS service standards](https://www.gov.uk/service-manual/service-standard)
 - [GDS design principles](https://www.gov.uk/design-principles)
 
@@ -83,4 +94,3 @@ software, and may be redistributed under the terms specified in the
 ![Bit Zesty](https://bitzesty.com/wp-content/uploads/2017/01/logo_dark.png)
 
 QAE is maintained by [Bit Zesty Limited](https://bitzesty.com/).
-

app/assets/stylesheets/admin/forms.scss

@@ -59,3 +59,7 @@ input.form-control, select.form-control,
     }
   }
 }
+
+.qae-form { 
+  margin-bottom: 50px;
+}