Prepare new Dockerfile for K8s Compatibility

.dockerignore

@@ -1,3 +1,4 @@
 tmp/
 data/
 log/*
+.bundle

Dockerfile-k8s

@@ -0,0 +1,85 @@
+# syntax = docker/dockerfile:1
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+ARG RUBY_VERSION=3.3.0
+FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim-bookworm as base
+
+# Rails app lives here
+WORKDIR /app
+
+# Set default (production) values. Override ex: --build-arg="RAILS_ENV='development'"
+ARG RAILS_ENV="production" \
+    BUNDLE_WITHOUT="development" \
+    USER_ID=1000
+
+# Set environment
+ENV RAILS_ENV=$RAILS_ENV \
+    BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_PATH="/usr/local/bundle" \
+    BUNDLE_WITHOUT=$BUNDLE_WITHOUT \
+    BUNDLER_VERSION=2.5.7
+
+# Create group and nonroot user
+RUN groupadd --gid $USER_ID gi-bill-data-service && \
+    useradd --uid $USER_ID --gid gi-bill-data-service --create-home --shell /bin/bash gi-bill-data-service
+
+# Throw-away build stage to reduce size of final image
+FROM base as build
+
+# Install packages needed to build gems
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libpq-dev pkg-config
+
+# Install application gems
+RUN gem install bundler:${BUNDLER_VERSION} --no-document
+
+COPY Gemfile Gemfile.lock ./
+
+RUN bundle install && \
+    # Add bundler (required for bundle-audit)
+    bundle binstubs bundler --force --path "${BUNDLE_PATH}/bin" && \
+    # Add binstubs for `bundle-audit`, `rails console`, `rspec`, `rake ci`, etc
+    bundle binstubs bundler-audit railties rspec-core rake --path "${BUNDLE_PATH}/bin" && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
+    bundle exec bootsnap precompile --gemfile
+
+# Copy application code, changing ownership to nonroot user/group
+COPY --chown=gi-bill-data-service:gi-bill-data-service . .
+RUN mkdir -p /app/coverage && chown gi-bill-data-service:gi-bill-data-service /app/coverage
+
+# Don't include /sample_csvs in production 
+RUN if [ "$RAILS_ENV" = "production" ]; then rm -rf ./sample_csvs; fi
+
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
+
+# Final stage for app image
+FROM base
+
+# Install packages needed for deployment
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y git curl libvips postgresql-client nodejs && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Copy built artifacts: gems, application
+COPY --from=build --chown=gi-bill-data-service:gi-bill-data-service /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=gi-bill-data-service:gi-bill-data-service /app /app
+
+# TODO - maybe perform in Base layer?
+# Clone platform-va-ca-certificate and copy certs
+WORKDIR /tmp
+RUN git clone --depth 1 https://github.com/department-of-veterans-affairs/platform-va-ca-certificate && \
+    cp platform-va-ca-certificate/VA*.cer . && \
+    /bin/bash platform-va-ca-certificate/debian-ubuntu/install-certs.sh && \
+    rm -rf /tmp/*
+
+WORKDIR /app
+
+USER gi-bill-data-service:gi-bill-data-service
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/app/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["./bin/rails", "server", "--binding", "0.0.0.0"]

Makefile

@@ -1,5 +1,7 @@
 $stdout.sync = true
 
+# Specify arg by appending to command:
+# $ make build env=dev
 ifdef env
     ENV_ARG  := $(env)
 else
@@ -34,7 +36,11 @@ console:
 
 .PHONY: db
 db:
+ifeq ($(ENV_ARG), dev)
 	@$(BASH_DEV) "bin/rails db:setup db:migrate"
+else
+	@$(BASH_TEST) "bin/rails db:setup db:migrate"
+endif
 
 .PHONY: guard
 guard: db
@@ -49,7 +55,8 @@ security: db
 	@$(BASH_DEV) "bin/rails security"
 
 .PHONY: spec
-spec: db
+spec: 
+	@$(MAKE) db ENV_ARG=$(ENV_ARG)
 ifeq ($(ENV_ARG), dev)
 	@$(BASH_DEV) "bin/rails spec"
 else

bin/docker-entrypoint

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+# If running the rails server then create or migrate existing database
+if [ "${1}" == "./bin/rails" ] && [ "${2}" == "server" ]; then
+  ./bin/rails db:prepare
+fi
+
+exec "${@}"

docker-compose.test.yml

@@ -10,7 +10,10 @@ services:
   gibct:
     build:
       context: .
-      target: builder
+      dockerfile: Dockerfile-k8s
+      args:
+        RAILS_ENV: "test"
+        BUNDLE_WITHOUT: ""
     image: "gibct:${DOCKER_IMAGE:-latest}"
     ports:
       - 3000:3000
@@ -19,7 +22,7 @@ services:
       ADMIN_PW: 'something...'
       CC_TEST_REPORTER_ID: 'b2bfddfeacb799e6c25db347d97406262860380eb1feb21884d5151f818165f5'
       CI: "true"
-      DATABASE_URL: "postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-gibct_development}?pool=4"
+      DATABASE_URL: "postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-gibct_test}?pool=4"
       DEPLOYMENT_ENV: 'vagov-staging'
       GIBCT_URL: https://www.example.com
       SANDBOX_URL: https://www.example.com

docker-compose.yml

@@ -12,15 +12,17 @@ services:
   gibct:
     build:
       context: .
-      target: development
+      dockerfile: Dockerfile-k8s
+      args:
+        RAILS_ENV: "development"
+        BUNDLE_WITHOUT: ""
     image: "gibct:${DOCKER_IMAGE:-latest}"
     volumes:
       - ".:/srv/gi-bill-data-service/src/:cached"
-      - dev_bundle:/usr/local/bundle
     ports:
       - 3000:3000
     environment:
-      DATABASE_URL: "postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_development}?pool=4"
+      DATABASE_URL: "postgres://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-gibct_development}?pool=4"
       POSTGRES_PORT: "${POSTGRES_PORT:-5432}"
       POSTGRES_USER: "${POSTGRES_USER:-postgres}"
       POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-password}"
@@ -39,6 +41,3 @@ services:
       - postgres
     links:
       - postgres
-    command: bash --login -c "bundle exec rails s"
-volumes:
-  dev_bundle:

docker-entrypoint.sh

@@ -1,5 +1,8 @@
 #!/bin/bash -e
 
+# TODO: Remove me after Dockerfile is replaced by Dockerfile-k8s, which points 
+# to /bin/docker-entrypoint
+
 # note this logic is duplciated in the Dockerfile for prod builds,
 # if you make major alteration here, please check that usage as well
 bundle check || bundle install --binstubs="${BUNDLE_APP_CONFIG}/bin"