From 2da9ba354c860d5e107ddf871eed293bae60c296 Mon Sep 17 00:00:00 2001 From: Jesus Federico <jesus@123it.ca> Date: Thu, 17 Mar 2022 15:32:10 -0400 Subject: [PATCH] CI/CD: multiple updates to dockerfiles, gcloud scripts and gems (#3302) * CI/CD: multiple updates to dockerfiles, gcloud scripts and gems * social_id is always updated on signin for loadbalanced accounts --- .github/workflows/ci.build.prerelease.yml | 4 ++-- .github/workflows/ci.build.push.yml | 4 ++-- .github/workflows/ci.build.release.yml | 4 ++-- Dockerfile | 8 ++++---- Gemfile | 2 +- Gemfile.lock | 14 +++++++------- app/controllers/concerns/authenticator.rb | 2 +- app/controllers/sessions_controller.rb | 4 ++-- cloudbuild-dev.yaml | 13 ++++++++----- cloudbuild.yaml | 13 ++++++++----- config/environments/development.rb | 1 + dockerfiles/v2/alpine | 4 ++-- dockerfiles/v2/amazonlinux | 10 +++++----- 13 files changed, 45 insertions(+), 38 deletions(-) diff --git a/.github/workflows/ci.build.prerelease.yml b/.github/workflows/ci.build.prerelease.yml index b4503df0..2122fa1c 100644 --- a/.github/workflows/ci.build.prerelease.yml +++ b/.github/workflows/ci.build.prerelease.yml @@ -71,7 +71,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine" - build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}" + build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -84,7 +84,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux" - build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}" + build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new diff --git a/.github/workflows/ci.build.push.yml b/.github/workflows/ci.build.push.yml index cc3c9ae3..802f3837 100644 --- a/.github/workflows/ci.build.push.yml +++ b/.github/workflows/ci.build.push.yml @@ -80,7 +80,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-alpine" - build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}" + build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -93,7 +93,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-amazonlinux" - build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}" + build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new diff --git a/.github/workflows/ci.build.release.yml b/.github/workflows/ci.build.release.yml index 0a09dcc0..f1a475a7 100644 --- a/.github/workflows/ci.build.release.yml +++ b/.github/workflows/ci.build.release.yml @@ -86,7 +86,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine" - build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}" + build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new @@ -99,7 +99,7 @@ jobs: push: true tags: | "${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux" - build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}" + build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}" cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache-new diff --git a/Dockerfile b/Dockerfile index 09ae4fa2..0367312f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.2-alpine AS base +FROM ruby:2.7.5-alpine3.14 AS base # Set a variable for the install location. ARG RAILS_ROOT=/usr/src/app @@ -25,8 +25,8 @@ COPY Gemfile Gemfile.lock $RAILS_ROOT/ RUN bundle config --global frozen 1 \ && bundle config set deployment 'true' \ && bundle config set without 'development:test:assets' \ - && bundle install -j4 --path=vendor/bundle \ - && rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \ + && bundle install -j4 --path=vendor/bundle +RUN rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \ && find vendor/bundle/ruby/2.7.0/gems/ -name "*.c" -delete \ && find vendor/bundle/ruby/2.7.0/gems/ -name "*.o" -delete @@ -38,7 +38,7 @@ RUN rm -rf tmp/cache spec ############### Build step done ############### -FROM ruby:2.7.2-alpine +FROM base # Set a variable for the install location. ARG RAILS_ROOT=/usr/src/app diff --git a/Gemfile b/Gemfile index c8af47af..f34d966c 100644 --- a/Gemfile +++ b/Gemfile @@ -29,7 +29,7 @@ gem 'omniauth', '~> 1.9.1' gem 'omniauth-bn-launcher', '~> 0.1.3' gem 'omniauth-bn-office365', '~> 0.1.1' gem 'omniauth-google-oauth2', '~> 0.7.0' -gem 'omniauth_openid_connect', '~> 0.3.5' +gem 'omniauth_openid_connect', '~> 0.4.0' gem 'omniauth-twitter', '~> 1.4.0' gem 'pagy', '~> 3.11.0' gem 'pluck_to_hash', '~> 1.0.2' diff --git a/Gemfile.lock b/Gemfile.lock index f714f3db..8bfe7fa8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -260,11 +260,11 @@ GEM omniauth-twitter (1.4.0) omniauth-oauth (~> 1.1) rack - omniauth_openid_connect (0.3.5) + omniauth_openid_connect (0.4.0) addressable (~> 2.5) - omniauth (~> 1.9) + omniauth (>= 1.9, < 3) openid_connect (~> 1.1) - openid_connect (1.2.0) + openid_connect (1.3.0) activemodel attr_required (>= 1.0.0) json-jwt (>= 1.5.0) @@ -289,7 +289,7 @@ GEM nio4r (~> 2.0) racc (1.6.0) rack (2.2.3) - rack-oauth2 (1.16.0) + rack-oauth2 (1.19.0) activesupport attr_required httpclient @@ -410,7 +410,7 @@ GEM activesupport (>= 5.2) sprockets (>= 3.0.0) sqlite3 (1.3.13) - swd (1.2.0) + swd (1.3.0) activesupport (>= 3) attr_required (>= 0.0.5) httpclient (>= 2.4) @@ -445,7 +445,7 @@ GEM activemodel (>= 5.0) bindex (>= 0.4.0) railties (>= 5.0) - webfinger (1.1.0) + webfinger (1.2.0) activesupport httpclient (>= 2.4) webmock (3.12.1) @@ -492,7 +492,7 @@ DEPENDENCIES omniauth-bn-office365 (~> 0.1.1) omniauth-google-oauth2 (~> 0.7.0) omniauth-twitter (~> 1.4.0) - omniauth_openid_connect (~> 0.3.5) + omniauth_openid_connect (~> 0.4.0) pagy (~> 3.11.0) pg (~> 0.18) pluck_to_hash (~> 1.0.2) diff --git a/app/controllers/concerns/authenticator.rb b/app/controllers/concerns/authenticator.rb index 10b1eee6..45150f52 100644 --- a/app/controllers/concerns/authenticator.rb +++ b/app/controllers/concerns/authenticator.rb @@ -86,7 +86,7 @@ module Authenticator # Check if the user exists under the same email with no social uid and that social accounts are allowed def auth_changed_to_social?(email) Rails.configuration.loadbalanced_configuration && - User.exists?(email: email, provider: @user_domain, social_uid: nil) && + User.exists?(email: email, provider: @user_domain) && !allow_greenlight_accounts? end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index ec68c566..764ded94 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -266,9 +266,9 @@ flash: { alert: I18n.t("registration.insecure_password") } unless User.secure_pa # Set the user's social id to the new id being passed def switch_account_to_social - user = User.find_by(email: @auth['info']['email'], provider: @user_domain, social_uid: nil) + user = User.find_by(email: @auth['info']['email'], provider: @user_domain) - logger.info "Switching account to social account for #{user.uid}" + logger.info "Switching social account for #{user.uid}" # Set the user's social id to the one being returned from auth user.update_attribute(:social_uid, @auth['uid']) diff --git a/cloudbuild-dev.yaml b/cloudbuild-dev.yaml index 835daa55..977fb2c5 100644 --- a/cloudbuild-dev.yaml +++ b/cloudbuild-dev.yaml @@ -16,18 +16,21 @@ steps: '--cache-from', 'gcr.io/$PROJECT_ID/${_URL}:latest', '.'] + timeout: 1200s - name: 'gcr.io/cloud-builders/kubectl' args: [ - 'set', - 'image', - 'deployment', - '${_APP_NAME}', + 'set', + 'image', + 'deployment', + '${_APP_NAME}', '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}' ] + timeout: 1200s env: - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}' - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}' images: [ 'gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}', 'gcr.io/$PROJECT_ID/${_URL}:latest' -] \ No newline at end of file +] +timeout: 3600s diff --git a/cloudbuild.yaml b/cloudbuild.yaml index 04a48d93..4be97b5d 100644 --- a/cloudbuild.yaml +++ b/cloudbuild.yaml @@ -16,18 +16,21 @@ steps: '--cache-from', 'gcr.io/$PROJECT_ID/${_URL}:latest', '.'] + timeout: 1200s - name: 'gcr.io/cloud-builders/kubectl' args: [ - 'set', - 'image', - 'deployment', - '${_APP_NAME}', + 'set', + 'image', + 'deployment', + '${_APP_NAME}', '${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}' ] + timeout: 1200s env: - 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}' - 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}' images: [ 'gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}', 'gcr.io/$PROJECT_ID/${_URL}:latest' -] \ No newline at end of file +] +timeout: 3600s diff --git a/config/environments/development.rb b/config/environments/development.rb index cb7ebb18..469bf202 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -80,4 +80,5 @@ Rails.application.configure do config.file_watcher = ActiveSupport::EventedFileUpdateChecker config.hosts = nil + config.web_console.whiny_requests = false end diff --git a/dockerfiles/v2/alpine b/dockerfiles/v2/alpine index be19c384..acf510cf 100644 --- a/dockerfiles/v2/alpine +++ b/dockerfiles/v2/alpine @@ -45,8 +45,8 @@ COPY . ./ FROM base ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true -ARG VERSION_CODE -ENV VERSION_CODE=$VERSION_CODE +ARG version_code +ENV VERSION_CODE=$version_code COPY --from=builder $RAILS_ROOT $RAILS_ROOT diff --git a/dockerfiles/v2/amazonlinux b/dockerfiles/v2/amazonlinux index 4928d7fb..c4f37304 100644 --- a/dockerfiles/v2/amazonlinux +++ b/dockerfiles/v2/amazonlinux @@ -1,4 +1,4 @@ -FROM amazonlinux:2.0.20211001.0 AS amazonlinux +FROM amazonlinux:2.0.20220218.1 AS amazonlinux ARG RAILS_ROOT=/usr/src/app ENV RAILS_ROOT=${RAILS_ROOT} @@ -20,7 +20,7 @@ RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash - RUN yum -y install nodejs # Install Ruby & Rails RUN curl -sL -o /etc/yum.repos.d/yarn.repo https://dl.yarnpkg.com/rpm/yarn.repo -RUN amazon-linux-extras enable ruby2.6 \ +RUN amazon-linux-extras enable ruby3.0 \ && yum -y install git tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel postgresql-devel ruby-devel rubygems-devel rubygem-bundler rubygem-io-console rubygem-irb rubygem-json rubygem-minitest rubygem-net-http-persistent rubygem-net-telnet rubygem-power_assert rubygem-rake rubygem-test-unit rubygem-thor rubygem-xmlrpc rubygem-bigdecimal \ && gem install rails RUN yum -y install python3 python3-pip shadow-utils @@ -36,8 +36,8 @@ COPY . ./ FROM base ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true -ARG VERSION_CODE -ENV VERSION_CODE=$VERSION_CODE +ARG version_code +ENV VERSION_CODE=$version_code COPY --from=builder $RAILS_ROOT $RAILS_ROOT @@ -45,7 +45,7 @@ EXPOSE 80 # FIXME / to remove / https://github.com/nahi/httpclient/issues/445 RUN cat /etc/ssl/certs/ca-bundle.crt \ - >/usr/src/app/vendor/bundle/ruby/2.6.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem + >/usr/src/app/vendor/bundle/ruby/3.0.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem RUN chmod +x bin/start CMD [ "bin/start" ] -- GitLab