From 2da9ba354c860d5e107ddf871eed293bae60c296 Mon Sep 17 00:00:00 2001
From: Jesus Federico <jesus@123it.ca>
Date: Thu, 17 Mar 2022 15:32:10 -0400
Subject: [PATCH] CI/CD: multiple updates to dockerfiles, gcloud scripts and
 gems (#3302)

* CI/CD: multiple updates to dockerfiles, gcloud scripts and gems

* social_id is always updated on signin for loadbalanced accounts
---
 .github/workflows/ci.build.prerelease.yml |  4 ++--
 .github/workflows/ci.build.push.yml       |  4 ++--
 .github/workflows/ci.build.release.yml    |  4 ++--
 Dockerfile                                |  8 ++++----
 Gemfile                                   |  2 +-
 Gemfile.lock                              | 14 +++++++-------
 app/controllers/concerns/authenticator.rb |  2 +-
 app/controllers/sessions_controller.rb    |  4 ++--
 cloudbuild-dev.yaml                       | 13 ++++++++-----
 cloudbuild.yaml                           | 13 ++++++++-----
 config/environments/development.rb        |  1 +
 dockerfiles/v2/alpine                     |  4 ++--
 dockerfiles/v2/amazonlinux                | 10 +++++-----
 13 files changed, 45 insertions(+), 38 deletions(-)

diff --git a/.github/workflows/ci.build.prerelease.yml b/.github/workflows/ci.build.prerelease.yml
index b4503df0..2122fa1c 100644
--- a/.github/workflows/ci.build.prerelease.yml
+++ b/.github/workflows/ci.build.prerelease.yml
@@ -71,7 +71,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
@@ -84,7 +84,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
diff --git a/.github/workflows/ci.build.push.yml b/.github/workflows/ci.build.push.yml
index cc3c9ae3..802f3837 100644
--- a/.github/workflows/ci.build.push.yml
+++ b/.github/workflows/ci.build.push.yml
@@ -80,7 +80,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-alpine"
-          build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+          build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
@@ -93,7 +93,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-amazonlinux"
-          build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+          build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
diff --git a/.github/workflows/ci.build.release.yml b/.github/workflows/ci.build.release.yml
index 0a09dcc0..f1a475a7 100644
--- a/.github/workflows/ci.build.release.yml
+++ b/.github/workflows/ci.build.release.yml
@@ -86,7 +86,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
@@ -99,7 +99,7 @@ jobs:
           push: true
           tags: |
             "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
-          build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+          build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
 
diff --git a/Dockerfile b/Dockerfile
index 09ae4fa2..0367312f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:2.7.2-alpine AS base
+FROM ruby:2.7.5-alpine3.14 AS base
 
 # Set a variable for the install location.
 ARG RAILS_ROOT=/usr/src/app
@@ -25,8 +25,8 @@ COPY Gemfile Gemfile.lock $RAILS_ROOT/
 RUN bundle config --global frozen 1 \
     && bundle config set deployment 'true' \
     && bundle config set without 'development:test:assets' \
-    && bundle install -j4 --path=vendor/bundle \
-    && rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
+    && bundle install -j4 --path=vendor/bundle
+RUN rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
     && find vendor/bundle/ruby/2.7.0/gems/ -name "*.c" -delete \
     && find vendor/bundle/ruby/2.7.0/gems/ -name "*.o" -delete
 
@@ -38,7 +38,7 @@ RUN rm -rf tmp/cache spec
 
 ############### Build step done ###############
 
-FROM ruby:2.7.2-alpine
+FROM base
 
 # Set a variable for the install location.
 ARG RAILS_ROOT=/usr/src/app
diff --git a/Gemfile b/Gemfile
index c8af47af..f34d966c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -29,7 +29,7 @@ gem 'omniauth', '~> 1.9.1'
 gem 'omniauth-bn-launcher', '~> 0.1.3'
 gem 'omniauth-bn-office365', '~> 0.1.1'
 gem 'omniauth-google-oauth2', '~> 0.7.0'
-gem 'omniauth_openid_connect', '~> 0.3.5'
+gem 'omniauth_openid_connect', '~> 0.4.0'
 gem 'omniauth-twitter', '~> 1.4.0'
 gem 'pagy', '~> 3.11.0'
 gem 'pluck_to_hash', '~> 1.0.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index f714f3db..8bfe7fa8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -260,11 +260,11 @@ GEM
     omniauth-twitter (1.4.0)
       omniauth-oauth (~> 1.1)
       rack
-    omniauth_openid_connect (0.3.5)
+    omniauth_openid_connect (0.4.0)
       addressable (~> 2.5)
-      omniauth (~> 1.9)
+      omniauth (>= 1.9, < 3)
       openid_connect (~> 1.1)
-    openid_connect (1.2.0)
+    openid_connect (1.3.0)
       activemodel
       attr_required (>= 1.0.0)
       json-jwt (>= 1.5.0)
@@ -289,7 +289,7 @@ GEM
       nio4r (~> 2.0)
     racc (1.6.0)
     rack (2.2.3)
-    rack-oauth2 (1.16.0)
+    rack-oauth2 (1.19.0)
       activesupport
       attr_required
       httpclient
@@ -410,7 +410,7 @@ GEM
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
     sqlite3 (1.3.13)
-    swd (1.2.0)
+    swd (1.3.0)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
@@ -445,7 +445,7 @@ GEM
       activemodel (>= 5.0)
       bindex (>= 0.4.0)
       railties (>= 5.0)
-    webfinger (1.1.0)
+    webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
     webmock (3.12.1)
@@ -492,7 +492,7 @@ DEPENDENCIES
   omniauth-bn-office365 (~> 0.1.1)
   omniauth-google-oauth2 (~> 0.7.0)
   omniauth-twitter (~> 1.4.0)
-  omniauth_openid_connect (~> 0.3.5)
+  omniauth_openid_connect (~> 0.4.0)
   pagy (~> 3.11.0)
   pg (~> 0.18)
   pluck_to_hash (~> 1.0.2)
diff --git a/app/controllers/concerns/authenticator.rb b/app/controllers/concerns/authenticator.rb
index 10b1eee6..45150f52 100644
--- a/app/controllers/concerns/authenticator.rb
+++ b/app/controllers/concerns/authenticator.rb
@@ -86,7 +86,7 @@ module Authenticator
   # Check if the user exists under the same email with no social uid and that social accounts are allowed
   def auth_changed_to_social?(email)
     Rails.configuration.loadbalanced_configuration &&
-      User.exists?(email: email, provider: @user_domain, social_uid: nil) &&
+      User.exists?(email: email, provider: @user_domain) &&
       !allow_greenlight_accounts?
   end
 
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index ec68c566..764ded94 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -266,9 +266,9 @@ flash: { alert: I18n.t("registration.insecure_password") } unless User.secure_pa
 
   # Set the user's social id to the new id being passed
   def switch_account_to_social
-    user = User.find_by(email: @auth['info']['email'], provider: @user_domain, social_uid: nil)
+    user = User.find_by(email: @auth['info']['email'], provider: @user_domain)
 
-    logger.info "Switching account to social account for #{user.uid}"
+    logger.info "Switching social account for #{user.uid}"
 
     # Set the user's social id to the one being returned from auth
     user.update_attribute(:social_uid, @auth['uid'])
diff --git a/cloudbuild-dev.yaml b/cloudbuild-dev.yaml
index 835daa55..977fb2c5 100644
--- a/cloudbuild-dev.yaml
+++ b/cloudbuild-dev.yaml
@@ -16,18 +16,21 @@ steps:
          '--cache-from',
          'gcr.io/$PROJECT_ID/${_URL}:latest',
          '.']
+  timeout: 1200s
 - name: 'gcr.io/cloud-builders/kubectl'
   args: [
-   'set', 
-   'image', 
-   'deployment', 
-   '${_APP_NAME}', 
+   'set',
+   'image',
+   'deployment',
+   '${_APP_NAME}',
    '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}'
   ]
+  timeout: 1200s
   env:
   - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
   - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
 images: [
     'gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}',
     'gcr.io/$PROJECT_ID/${_URL}:latest'
-]
\ No newline at end of file
+]
+timeout: 3600s
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index 04a48d93..4be97b5d 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -16,18 +16,21 @@ steps:
          '--cache-from',
          'gcr.io/$PROJECT_ID/${_URL}:latest',
          '.']
+  timeout: 1200s
 - name: 'gcr.io/cloud-builders/kubectl'
   args: [
-   'set', 
-   'image', 
-   'deployment', 
-   '${_APP_NAME}', 
+   'set',
+   'image',
+   'deployment',
+   '${_APP_NAME}',
    '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}'
   ]
+  timeout: 1200s
   env:
   - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
   - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
 images: [
     'gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}',
     'gcr.io/$PROJECT_ID/${_URL}:latest'
-]
\ No newline at end of file
+]
+timeout: 3600s
diff --git a/config/environments/development.rb b/config/environments/development.rb
index cb7ebb18..469bf202 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -80,4 +80,5 @@ Rails.application.configure do
   config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 
   config.hosts = nil
+  config.web_console.whiny_requests = false
 end
diff --git a/dockerfiles/v2/alpine b/dockerfiles/v2/alpine
index be19c384..acf510cf 100644
--- a/dockerfiles/v2/alpine
+++ b/dockerfiles/v2/alpine
@@ -45,8 +45,8 @@ COPY . ./
 FROM base
 ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true
 
-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code
 
 COPY --from=builder $RAILS_ROOT $RAILS_ROOT
 
diff --git a/dockerfiles/v2/amazonlinux b/dockerfiles/v2/amazonlinux
index 4928d7fb..c4f37304 100644
--- a/dockerfiles/v2/amazonlinux
+++ b/dockerfiles/v2/amazonlinux
@@ -1,4 +1,4 @@
-FROM amazonlinux:2.0.20211001.0 AS amazonlinux
+FROM amazonlinux:2.0.20220218.1 AS amazonlinux
 
 ARG RAILS_ROOT=/usr/src/app
 ENV RAILS_ROOT=${RAILS_ROOT}
@@ -20,7 +20,7 @@ RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash -
 RUN yum -y install nodejs
 # Install Ruby & Rails
 RUN curl -sL -o /etc/yum.repos.d/yarn.repo https://dl.yarnpkg.com/rpm/yarn.repo
-RUN amazon-linux-extras enable ruby2.6 \
+RUN amazon-linux-extras enable ruby3.0 \
   && yum -y install git tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel postgresql-devel ruby-devel rubygems-devel rubygem-bundler rubygem-io-console rubygem-irb rubygem-json rubygem-minitest rubygem-net-http-persistent rubygem-net-telnet rubygem-power_assert rubygem-rake rubygem-test-unit rubygem-thor rubygem-xmlrpc rubygem-bigdecimal \
   && gem install rails
 RUN yum -y install python3 python3-pip shadow-utils
@@ -36,8 +36,8 @@ COPY . ./
 FROM base
 ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true
 
-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code
 
 COPY --from=builder $RAILS_ROOT $RAILS_ROOT
 
@@ -45,7 +45,7 @@ EXPOSE 80
 
 # FIXME / to remove / https://github.com/nahi/httpclient/issues/445
 RUN cat /etc/ssl/certs/ca-bundle.crt \
-    >/usr/src/app/vendor/bundle/ruby/2.6.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
+    >/usr/src/app/vendor/bundle/ruby/3.0.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
 
 RUN chmod +x bin/start
 CMD [ "bin/start" ]
-- 
GitLab