Update docker env

.dockerignore

@@ -1,9 +1,11 @@
 .bundle/
+.dockerignore
 .git/
 .gitignore
-vendor/
-.dockerignore
+.vagrant/
+db/*.sqlite3
 docker-compose.yml
 Gemfile.lock
-db/*.sqlite3
-log/*.log
+node_modules/
+screenshots/
+vendor/

.env

@@ -0,0 +1 @@
+DEVELOP=0

.github/workflows/build_docker.yml

@@ -0,0 +1,45 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -56,3 +56,6 @@ package-lock.json
 
 # Git repo clones
 /repos
+
+# Vagrant
+/.vagrant

DOCKER.md

@@ -0,0 +1,106 @@
+# hdm_env for docker
+
+to have all the hdm external parts together we recommend to put this into a folder called `hdm_env`.
+The structure might look like this:
+
+    hdm_env/
+      ├── certs
+      │   ├── puppetdb.ca.pem
+      │   ├── puppetdb.cert.pem
+      │   └── puppetdb.key.pem
+      ├── database.yml
+      ├── db
+      │   ├── development.sqlite3
+      │   ├── ...
+      │   └── production.sqlite3
+      ├── hdm.yml
+      ├── hiera
+      │   └── hiera files ...
+      └── hiera.yaml
+
+If you are running this directly on the puppet compiler the hiera directory might not be needed. But if you have hiera as a seperate repository this might be helpfull. You also can mount it directly in the compose file.
+
+To avoid any trouble with access to the cert files, it might be better to copy them to certs/ directory and adjust the mode so you can use them for sure.
+
+The db folder might be a volume mounted into your container to save the user database outside of the container.
+
+## hdm config example
+
+This file is used inside the container, so paths have to match to your mounted docker volume.
+
+    development:
+      read_only: true
+      allow_encryption: false
+      puppet_db:
+        server: "https://puppetdb.example.com:8081"
+        pem:
+          key: "/hdm_env/certs/puppet.key.pem"
+          cert: "/hdm_env/certs/puppet.cert.pem"
+          ca_file: "/hdm_env/certs/puppet.ca.pem"
+      config_dir: "/etc/puppetlabs/code"
+
+      # if not set, the default value 'hiera.yaml' of your environment is used
+      hiera_config_file: "/hdm_env/hiera.yaml"
+
+
+## hdm database config example
+
+This file is used inside the container, so paths have to match to your mounted docker volume.
+
+To save the SQLite DB files outside of the container, we habe to inject a different database.yml to change the path.
+
+    default: &default
+      adapter: sqlite3
+      pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %>
+      timeout: 5000
+
+    development:
+      <<: *default
+      database: /hdm_env/db/development.sqlite3
+
+    test:
+      <<: *default
+      database: /hdm_env/db/test.sqlite3
+
+    production:
+      <<: *default
+      database: /hdm_env/db/production.sqlite3
+
+## hdm hiera config example (Optional)
+
+This file is used inside the container, so paths have to match to your mounted docker volume.
+
+This file can be used as default file for all or only one environment. You dont need this if you have this already in your environment. But it can be usefull if you have a seperate hiera repository and only mounting pseudo environments into your docker (see [docker-compose](docker-compose.yaml) example).
+
+    ---
+    version: 5
+    defaults:
+      datadir: 'data'
+      data_hash: 'yaml_data'
+
+    hierarchy:
+      - name: "Hiera general Yaml"
+        paths:
+          - "os/%{::os.name}-%{::os.release.full}.yaml"
+          - "os/%{::os.name}-%{::os.release.major}.yaml"
+          - "os/%{::os.name}.yaml"
+          - "os/%{::os.family}-%{::os.release.major}.yaml"
+          - "os/%{::os.family}.yaml"
+
+      - name: "Puppet Environments"
+        path: "env/%{::environment}.yaml"
+
+      - name: "Common Yaml"
+        path: "common.yaml"
+
+# Docker Compose
+
+See [`docker-compose.yaml`](docker-compose.yaml).
+
+# Build the container
+
+If you want to build the container locally, use the Dockerfile from this repo.
+If you don't use BuildKit yet, give it a try.
+
+    cd hdm
+    DOCKER_BUILDKIT=1 docker build -t hdm .

Dockerfile

@@ -1,22 +1,45 @@
-FROM ruby:2.5.8
+FROM ruby:2.5.8-alpine as build
 
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" >> /etc/apt/sources.list.d/yarn.list
-RUN apt-get update && apt-get install -y build-essential npm nodejs yarn
-RUN gem install bundler -v 2.2.15
+RUN apk add --update --no-cache \
+      nodejs \
+      yarn
 
 ENV APP_HOME /hdm
-RUN mkdir $APP_HOME
 WORKDIR $APP_HOME
 
-COPY Gemfile $APP_HOME/
-RUN bundle config set --local path 'vendor/bundle' && bundle install
+COPY package.json $APP_HOME
+COPY yarn.lock $APP_HOME
+RUN yarn install --check-files
 
 COPY . $APP_HOME
 COPY config/hdm.yml.template $APP_HOME/config/hdm.yml
 
-RUN yarn install --check-files
+FROM ruby:2.5.8-alpine
+
+RUN apk add --update --no-cache \
+      binutils-gold \
+      build-base \
+      g++ \
+      gcc \
+      libstdc++ \
+      libffi-dev \
+      libc-dev \
+      libxml2-dev \
+      libxslt-dev \
+      libgcrypt-dev \
+      make \
+      sqlite \
+      sqlite-dev \
+      # not needed for gems, but for runtime
+      git \
+      # yarn \ # works without this but produces a short error, that yarn is not found
+      tzdata
+
+RUN gem install bundler -v 2.3.6
+
+COPY --from=build /hdm /hdm
+WORKDIR /hdm
 
-EXPOSE 3000
+RUN bundle check || bundle install --without test
 
 CMD ["/hdm/bin/entry.sh"]

Gemfile.lock

@@ -268,6 +268,7 @@ GEM
 
 PLATFORMS
   x86_64-darwin-20
+  x86_64-darwin-21
   x86_64-linux
 
 DEPENDENCIES
@@ -301,4 +302,4 @@ RUBY VERSION
    ruby 2.5.8p224
 
 BUNDLED WITH
-   2.2.17
+   2.3.6

README.md

@@ -121,29 +121,7 @@ The example development puppet configuration can be found in the directory
 
 ## Docker
 
-### Build
-
-There is a Dockerfile to build a container. This can be done with:
-
-    cd hdm
-    docker build -t hdm .
-
-### Docker Compose
-
-For docker-compose see `docker-compose.yaml` or use this example:
-
-    ---
-    version: '3.5'
-    services:
-      hdm:
-        image: example42/hdm:latest
-        container_name: hdm
-        volumes:
-          # keep db outside of container
-          - /srv/data/hdm/db:/hdm/data/db
-        ports:
-          - 3000:3000
-        restart: unless-stopped
+See [DOCKER.md](DOCKER.md)
 
 ## Use git repositories instead of "live" yaml files
 
@@ -188,4 +166,3 @@ Any changes made to files from a git repository will be commited and pushed back
 to the origin repository. Please note that HDM will not pull updates from the
 origin repository and is **not** able to resolve possible conflicts, so you might
 want to make sure that your repository is only edited by HDM.
-

Vagrantfile

@@ -0,0 +1,27 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  config.vm.box = "betadots/centos8p6"
+  config.vm.network "forwarded_port", guest: 3000, host: 3000, host_ip: "127.0.0.1"
+
+  config.vm.synced_folder "../hdm_env", "/hdm_env"
+  config.vm.synced_folder ".", "/hdm"
+
+  config.vm.provider "virtualbox" do |vb|
+    vb.memory = "4096"
+    vb.cpus = 4
+  end
+
+  config.vm.provision "shell", inline: <<-SHELL
+    sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    sudo yum install -y docker-ce docker-ce-cli docker-compose-plugin containerd.io
+    sudo mkdir -p /etc/docker
+    sudo echo '{ "features": { "buildkit": true } }' > /etc/docker/daemon.json
+    sudo systemctl enable --now docker.service
+  SHELL
+end

bin/entry.sh

@@ -1,7 +1,11 @@
-#!/usr/bin/env bash
+#!/usr/bin/env sh
 
 bundle exec rails db:create
 bundle exec rails db:migrate
+
+if [[ $DEVELOP -eq 1 ]]; then
 bundle exec rails db:seed
 ./bin/fake_puppet_db &
+fi
+
 bundle exec rails server -b 0.0.0.0

docker-compose.yaml

@@ -2,16 +2,31 @@
 version: "3.5"
 services:
   hdm:
-    image: example42/hdm:latest
+    image: ghcr.io/betadots/hdm:main
     container_name: hdm
     environment:
-      - PUID=1001
-      - PGID=1001
-      - USER_UID=1001
-      - USER_GID=1001
       - TZ=Europe/Berlin
+      # whether to enable dev mode with fake puppetdb or not
+      # - DEVELOP=1
     # volumes:
-    #   - /srv/data/hdm/db:/app/data/db
+    #   #### folder to save the user sqlite db
+    #   - /hdm_env/db:/hdm_env/db
+    #   #### certs for talking to the puppetdb
+    #   - /hdm_env/certs:/hdm_env/certs:ro
+    #   #### hdm main config
+    #   - { type: 'bind', source: '/hdm_env/hdm.yml', target: '/hdm/config/hdm.yml', read_only: true }
+    #   #### hdm database config
+    #   - { type: 'bind', source: '/hdm_env/database.yml', target: '/hdm/config/database.yml', read_only: true }
+
+    #   #### mount hiera as data dir in each pseudo env, if you have a seperate hiera repo
+    #   - /hdm_env/hiera:/etc/puppetlabs/code/environments/pre_development/data:ro
+    #   - /hdm_env/hiera:/etc/puppetlabs/code/environments/development/data:ro
+    #   - /hdm_env/hiera:/etc/puppetlabs/code/environments/test/data:ro
+    #   - /hdm_env/hiera:/etc/puppetlabs/code/environments/production/data:ro
+
+    #   #### mount actual code directory from puppetserver
+    #   - /etc/puppetlabs/code/environments:/etc/puppetlabs/code/environments:ro
+
     ports:
       - 3000:3000
     restart: unless-stopped