CI/CD: multiple updates to dockerfiles, gcloud scripts and gems (#3302)

* CI/CD: multiple updates to dockerfiles, gcloud scripts and gems * social_id is always updated on signin for loadbalanced accounts

CI/CD: multiple updates to dockerfiles, gcloud scripts and gems (#3302)
2da9ba35 · Jesus Federico · GitHub · 44f6ef7e · 2da9ba35 · 2da9ba35
Unverified Commit 2da9ba35 authored Mar 17, 2022 by Jesus Federico Committed by GitHub Mar 17, 2022
--- a/.github/workflows/ci.build.prerelease.yml
+++ b/.github/workflows/ci.build.prerelease.yml
@@ -71,7 +71,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new

@@ -84,7 +84,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new


--- a/.github/workflows/ci.build.push.yml
+++ b/.github/workflows/ci.build.push.yml
@@ -80,7 +80,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-alpine"
-          build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+          build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new

@@ -93,7 +93,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-amazonlinux"
-          build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+          build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new


--- a/.github/workflows/ci.build.release.yml
+++ b/.github/workflows/ci.build.release.yml
@@ -86,7 +86,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new

@@ -99,7 +99,7 @@ jobs:
          push: true
          tags: |
            "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new


--- a/Dockerfile
+++ b/Dockerfile
-FROM ruby:2.7.2-alpine AS base
+FROM ruby:2.7.5-alpine3.14 AS base

 # Set a variable for the install location.
 ARG RAILS_ROOT=/usr/src/app
@@ -25,8 +25,8 @@ COPY Gemfile Gemfile.lock $RAILS_ROOT/
 RUN bundle config --global frozen 1 \
    && bundle config set deployment 'true' \
    && bundle config set without 'development:test:assets' \
-    && bundle install -j4 --path=vendor/bundle \
-    && rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
+    && bundle install -j4 --path=vendor/bundle
+RUN rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
    && find vendor/bundle/ruby/2.7.0/gems/ -name "*.c" -delete \
    && find vendor/bundle/ruby/2.7.0/gems/ -name "*.o" -delete

@@ -38,7 +38,7 @@ RUN rm -rf tmp/cache spec

 ############### Build step done ###############

-FROM ruby:2.7.2-alpine
+FROM base

 # Set a variable for the install location.
 ARG RAILS_ROOT=/usr/src/app

--- a/Gemfile
+++ b/Gemfile
@@ -29,7 +29,7 @@ gem 'omniauth', '~> 1.9.1'
 gem 'omniauth-bn-launcher', '~> 0.1.3'
 gem 'omniauth-bn-office365', '~> 0.1.1'
 gem 'omniauth-google-oauth2', '~> 0.7.0'
-gem 'omniauth_openid_connect', '~> 0.3.5'
+gem 'omniauth_openid_connect', '~> 0.4.0'
 gem 'omniauth-twitter', '~> 1.4.0'
 gem 'pagy', '~> 3.11.0'
 gem 'pluck_to_hash', '~> 1.0.2'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -260,11 +260,11 @@ GEM
    omniauth-twitter (1.4.0)
      omniauth-oauth (~> 1.1)
      rack
-    omniauth_openid_connect (0.3.5)
+    omniauth_openid_connect (0.4.0)
      addressable (~> 2.5)
-      omniauth (~> 1.9)
+      omniauth (>= 1.9, < 3)
      openid_connect (~> 1.1)
-    openid_connect (1.2.0)
+    openid_connect (1.3.0)
      activemodel
      attr_required (>= 1.0.0)
      json-jwt (>= 1.5.0)
@@ -289,7 +289,7 @@ GEM
      nio4r (~> 2.0)
    racc (1.6.0)
    rack (2.2.3)
-    rack-oauth2 (1.16.0)
+    rack-oauth2 (1.19.0)
      activesupport
      attr_required
      httpclient
@@ -410,7 +410,7 @@ GEM
      activesupport (>= 5.2)
      sprockets (>= 3.0.0)
    sqlite3 (1.3.13)
-    swd (1.2.0)
+    swd (1.3.0)
      activesupport (>= 3)
      attr_required (>= 0.0.5)
      httpclient (>= 2.4)
@@ -445,7 +445,7 @@ GEM
      activemodel (>= 5.0)
      bindex (>= 0.4.0)
      railties (>= 5.0)
-    webfinger (1.1.0)
+    webfinger (1.2.0)
      activesupport
      httpclient (>= 2.4)
    webmock (3.12.1)
@@ -492,7 +492,7 @@ DEPENDENCIES
  omniauth-bn-office365 (~> 0.1.1)
  omniauth-google-oauth2 (~> 0.7.0)
  omniauth-twitter (~> 1.4.0)
-  omniauth_openid_connect (~> 0.3.5)
+  omniauth_openid_connect (~> 0.4.0)
  pagy (~> 3.11.0)
  pg (~> 0.18)
  pluck_to_hash (~> 1.0.2)

--- a/app/controllers/concerns/authenticator.rb
+++ b/app/controllers/concerns/authenticator.rb
@@ -86,7 +86,7 @@ module Authenticator
  # Check if the user exists under the same email with no social uid and that social accounts are allowed
  def auth_changed_to_social?(email)
    Rails.configuration.loadbalanced_configuration &&
-      User.exists?(email: email, provider: @user_domain, social_uid: nil) &&
+      User.exists?(email: email, provider: @user_domain) &&
      !allow_greenlight_accounts?
  end


--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -266,9 +266,9 @@ flash: { alert: I18n.t("registration.insecure_password") } unless User.secure_pa

  # Set the user's social id to the new id being passed
  def switch_account_to_social
-    user = User.find_by(email: @auth['info']['email'], provider: @user_domain, social_uid: nil)
+    user = User.find_by(email: @auth['info']['email'], provider: @user_domain)

-    logger.info "Switching account to social account for #{user.uid}"
+    logger.info "Switching social account for #{user.uid}"

    # Set the user's social id to the one being returned from auth
    user.update_attribute(:social_uid, @auth['uid'])

--- a/cloudbuild-dev.yaml
+++ b/cloudbuild-dev.yaml
@@ -16,6 +16,7 @@ steps:
         '--cache-from',
         'gcr.io/$PROJECT_ID/${_URL}:latest',
         '.']
+  timeout: 1200s
 - name: 'gcr.io/cloud-builders/kubectl'
  args: [
   'set',
@@ -24,6 +25,7 @@ steps:
   '${_APP_NAME}',
   '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}'
  ]
+  timeout: 1200s
  env:
  - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
@@ -31,3 +33,4 @@ images: [
    'gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}',
    'gcr.io/$PROJECT_ID/${_URL}:latest'
 ]
+timeout: 3600s
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -16,6 +16,7 @@ steps:
         '--cache-from',
         'gcr.io/$PROJECT_ID/${_URL}:latest',
         '.']
+  timeout: 1200s
 - name: 'gcr.io/cloud-builders/kubectl'
  args: [
   'set',
@@ -24,6 +25,7 @@ steps:
   '${_APP_NAME}',
   '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}'
  ]
+  timeout: 1200s
  env:
  - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
  - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
@@ -31,3 +33,4 @@ images: [
    'gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}',
    'gcr.io/$PROJECT_ID/${_URL}:latest'
 ]
+timeout: 3600s
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -80,4 +80,5 @@ Rails.application.configure do
  config.file_watcher = ActiveSupport::EventedFileUpdateChecker

  config.hosts = nil
+  config.web_console.whiny_requests = false
 end
--- a/dockerfiles/v2/alpine
+++ b/dockerfiles/v2/alpine
@@ -45,8 +45,8 @@ COPY . ./
 FROM base
 ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true

-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code

 COPY --from=builder $RAILS_ROOT $RAILS_ROOT


--- a/dockerfiles/v2/amazonlinux
+++ b/dockerfiles/v2/amazonlinux
-FROM amazonlinux:2.0.20211001.0 AS amazonlinux
+FROM amazonlinux:2.0.20220218.1 AS amazonlinux

 ARG RAILS_ROOT=/usr/src/app
 ENV RAILS_ROOT=${RAILS_ROOT}
@@ -20,7 +20,7 @@ RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash -
 RUN yum -y install nodejs
 # Install Ruby & Rails
 RUN curl -sL -o /etc/yum.repos.d/yarn.repo https://dl.yarnpkg.com/rpm/yarn.repo
-RUN amazon-linux-extras enable ruby2.6 \
+RUN amazon-linux-extras enable ruby3.0 \
  && yum -y install git tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel postgresql-devel ruby-devel rubygems-devel rubygem-bundler rubygem-io-console rubygem-irb rubygem-json rubygem-minitest rubygem-net-http-persistent rubygem-net-telnet rubygem-power_assert rubygem-rake rubygem-test-unit rubygem-thor rubygem-xmlrpc rubygem-bigdecimal \
  && gem install rails
 RUN yum -y install python3 python3-pip shadow-utils
@@ -36,8 +36,8 @@ COPY . ./
 FROM base
 ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true

-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code

 COPY --from=builder $RAILS_ROOT $RAILS_ROOT

@@ -45,7 +45,7 @@ EXPOSE 80

 # FIXME / to remove / https://github.com/nahi/httpclient/issues/445
 RUN cat /etc/ssl/certs/ca-bundle.crt \
-    >/usr/src/app/vendor/bundle/ruby/2.6.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
+    >/usr/src/app/vendor/bundle/ruby/3.0.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem

 RUN chmod +x bin/start
 CMD [ "bin/start" ]