Generated Docker Image - Build on PR

.dockerignore

@@ -0,0 +1,43 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
+
+# Ignore git directory.
+/.git/
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore all environment files (except templates).
+/.env*
+!/.env*.erb
+
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/.keep
+
+# Ignore assets.
+/node_modules/
+/app/assets/builds/*
+!/app/assets/builds/.keep
+/public/assets
+
+# Vite Ruby
+/public/vite*
+# Vite uses dotenv and suggests to ignore local-only env files. See
+# https://vitejs.dev/guide/env-and-mode.html#env-files
+*.local

.github/workflows/build-and-push-on-pr.yml

@@ -0,0 +1,48 @@
+name: Create and publish a Docker image
+
+on:
+  pull_request:
+    branches:
+      - main
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      # 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          file: Dockerfile

.node-version

@@ -0,0 +1 @@
+18.18.0

Dockerfile

@@ -0,0 +1,150 @@
+# syntax = docker/dockerfile:1
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+ARG RUBY_VERSION=3.1.0
+FROM ruby:$RUBY_VERSION-slim as base
+
+# Rails app lives here
+WORKDIR /rails
+
+# Set production environment
+ENV BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_PATH="/usr/local/bundle" \
+    BUNDLE_WITHOUT="development:test" \
+    RAILS_ENV="production"
+
+# Update gems and bundler
+RUN gem update --system --no-document && \
+    gem install -N bundler
+
+# Install packages needed to install nodejs
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Install Node.js
+ARG NODE_VERSION=18.18.0
+ENV PATH=/usr/local/node/bin:$PATH
+RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \
+    /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
+    rm -rf /tmp/node-build-master
+
+
+# Throw-away build stages to reduce size of final image
+FROM base as prebuild
+
+# Install packages needed to build gems and node modules
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libpq-dev node-gyp pkg-config python-is-python3
+
+
+FROM prebuild as node
+
+# Install yarn
+ARG YARN_VERSION=1.22.21
+RUN npm install -g yarn@$YARN_VERSION
+RUN npm install -g node-gyp
+
+# Install node modules
+COPY --link package.json yarn.lock ./
+RUN yarn install --frozen-lockfile
+
+
+FROM prebuild as build
+
+# Build options
+ENV PATH="/usr/local/node/bin:$PATH"
+
+# Install application gems
+COPY --link Gemfile Gemfile.lock ./
+RUN bundle install && \
+    bundle exec bootsnap precompile --gemfile && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+
+# Copy node modules
+COPY --from=node /rails/node_modules /rails/node_modules
+COPY --from=node /usr/local/node /usr/local/node
+ENV PATH=/usr/local/node/bin:$PATH
+
+# Copy application code
+COPY --link . .
+
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
+
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile
+
+
+# Final stage for app image
+FROM base
+
+# Install packages needed for deployment
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl nginx postgresql-client ruby-foreman && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# configure nginx
+RUN gem install foreman && \
+    sed -i 's|pid /run|pid /rails/tmp/pids|' /etc/nginx/nginx.conf && \
+    sed -i 's/access_log\s.*;/access_log \/dev\/stdout;/' /etc/nginx/nginx.conf && \
+    sed -i 's/error_log\s.*;/error_log \/dev\/stderr info;/' /etc/nginx/nginx.conf
+
+COPY <<-"EOF" /etc/nginx/sites-available/default
+server {
+  listen 3000 default_server;
+  listen [::]:3000 default_server;
+  access_log /dev/stdout;
+
+  root /rails/public;
+
+  location /cable {
+    proxy_pass http://localhost:8082/cable;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+    proxy_set_header Host $host;
+  }
+
+  location / {
+    try_files $uri @backend;
+  }
+
+  location @backend {
+    proxy_pass http://localhost:3001;
+    proxy_set_header Host $http_host;
+  }
+}
+EOF
+
+# Copy built artifacts: gems, application
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /rails /rails
+
+RUN mkdir /rails/tmp/pids
+
+# Run and own only the runtime files as a non-root user for security
+ARG UID=1000 \
+    GID=1000
+RUN groupadd -f -g $GID rails && \
+    useradd -u $UID -g $GID rails --create-home --shell /bin/bash && \
+    chown rails:rails /var/lib/nginx /var/log/nginx/* && \
+    chown -R rails:rails db log storage tmp
+USER rails:rails
+
+# Deployment options
+ENV PORT="3001" \
+    RAILS_LOG_TO_STDOUT="1"
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Build a Procfile for production use
+COPY <<-"EOF" /rails/Procfile.prod
+nginx: /usr/sbin/nginx -g "daemon off;"
+rails: ./bin/rails server -p 3001
+EOF
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["foreman", "start", "--procfile=Procfile.prod"]

Gemfile

@@ -113,3 +113,5 @@ gem "net-smtp", require: false
 gem "strscan", "3.0.1"
 
 gem "vite_rails", "~> 3.0"
+
+gem "dockerfile-rails", ">= 1.6", group: :development

Gemfile.lock

@@ -199,6 +199,8 @@ GEM
     diff-lcs (1.5.0)
     digest (3.1.0)
     docile (1.4.0)
+    dockerfile-rails (1.6.6)
+      rails (>= 3.0.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     dot-properties (0.1.4)
@@ -330,6 +332,10 @@ GEM
     nokogiri (1.15.4)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
+    nokogiri (1.15.4-aarch64-linux)
+      racc (~> 1.4)
+    nokogiri (1.15.4-x86_64-linux)
+      racc (~> 1.4)
     omniauth (1.9.2)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
@@ -614,7 +620,9 @@ GEM
     zeitwerk (2.6.12)
 
 PLATFORMS
+  aarch64-linux
   ruby
+  x86_64-linux
 
 DEPENDENCIES
   archivesspace-client
@@ -641,6 +649,7 @@ DEPENDENCIES
   debug (~> 1.8)
   devise (>= 4.7.1)
   devise-guests (~> 0.6)
+  dockerfile-rails (>= 1.6)
   dotenv-rails
   ed25519
   email_validator

bin/docker-entrypoint

@@ -0,0 +1,8 @@
+#!/bin/bash -e
+
+# If running the production procfile then create or migrate existing database
+if [ "${*}" == "foreman start --procfile=Procfile.prod" ]; then
+  ./bin/rails db:prepare
+fi
+
+exec "${@}"

config/database.yml

@@ -5,11 +5,11 @@ default: &default
   pool: <%= Integer(ENV.fetch("DB_POOL", 40)) %>
   reaping_frequency: <%= Integer(ENV.fetch("DB_REAPING_FREQUENCY", 10)) %>
   timeout: 5000
-  host: <%= ENV["lando_pulfalight_database_conn_host"] || ENV["PULFALIGHT_DB_HOST"] || "localhost" %>
-  port: <%= ENV["lando_pulfalight_database_conn_port"] || 5432 %>
-  username: <%= ENV["lando_pulfalight_database_creds_user"] || ENV["PULFALIGHT_DB_USERNAME"] %>
-  password: <%= ENV["lando_pulfalight_database_creds_password"] || ENV["PULFALIGHT_DB_PASSWORD"] %>
-  database: <%= ENV['PULFALIGHT_DB'] %>
+  host: <%= ENV["lando_pulfalight_database_conn_host"] || ENV["PULFALIGHT_DB_HOST"] || ENV["DB_HOST"] || "localhost" %>
+  port: <%= ENV["lando_pulfalight_database_conn_port"] || ENV["DB_PORT"] || 5432 %>
+  username: <%= ENV["lando_pulfalight_database_creds_user"] || ENV["PULFALIGHT_DB_USERNAME"] || ENV["DB_USERNAME"] %>
+  password: <%= ENV["lando_pulfalight_database_creds_password"] || ENV["PULFALIGHT_DB_PASSWORD"] || ENV["DB_PASSWORD"] %>
+  database: <%= ENV['PULFALIGHT_DB'] || ENV["DB_NAME"] %>
 
 development:
   <<: *default

config/dockerfile.yml

@@ -0,0 +1,7 @@
+# generated by dockerfile-rails
+
+---
+options:
+  compose: true
+  nginx: true
+  parallel: true

config/redis.yml

@@ -5,9 +5,9 @@ test:
   host: localhost
   port: 6379
 production: &production
-  host: <%= ENV['PULFALIGHT_REDIS_URL'] || 'localhost' %>
-  port: <%= ENV['PULFALIGHT_REDIS_PORT'] || '6379' %>
-  db: <%= ENV['PULFALIGHT_REDIS_DB'] || 1 %>
+  host: <%= ENV['PULFALIGHT_REDIS_URL'] || ENV["REDIS_URL"] || 'localhost' %>
+  port: <%= ENV['PULFALIGHT_REDIS_PORT'] || ENV["REDIS_PORT"] || '6379' %>
+  db: <%= ENV['PULFALIGHT_REDIS_DB'] || ENV["REDIS_DB"] || 1 %>
   timeout: 30
 staging:
   <<: *production

config/secrets.yml

@@ -2,7 +2,7 @@
 # instead read values from the environment.
 
 production: &production
-  secret_key_base: <%= ENV["PULFALIGHT_SECRET_KEY_BASE"] %>
+  secret_key_base: <%= ENV["PULFALIGHT_SECRET_KEY_BASE"] || ENV["SECRET_KEY_BASE"] %>
 staging:
   <<: *production
 qa: