From 2da9ba354c860d5e107ddf871eed293bae60c296 Mon Sep 17 00:00:00 2001
From: Jesus Federico <jesus@123it.ca>
Date: Thu, 17 Mar 2022 15:32:10 -0400
Subject: [PATCH] CI/CD: multiple updates to dockerfiles, gcloud scripts and
gems (#3302)
* CI/CD: multiple updates to dockerfiles, gcloud scripts and gems
* social_id is always updated on signin for loadbalanced accounts
---
.github/workflows/ci.build.prerelease.yml | 4 ++--
.github/workflows/ci.build.push.yml | 4 ++--
.github/workflows/ci.build.release.yml | 4 ++--
Dockerfile | 8 ++++----
Gemfile | 2 +-
Gemfile.lock | 14 +++++++-------
app/controllers/concerns/authenticator.rb | 2 +-
app/controllers/sessions_controller.rb | 4 ++--
cloudbuild-dev.yaml | 13 ++++++++-----
cloudbuild.yaml | 13 ++++++++-----
config/environments/development.rb | 1 +
dockerfiles/v2/alpine | 4 ++--
dockerfiles/v2/amazonlinux | 10 +++++-----
13 files changed, 45 insertions(+), 38 deletions(-)
diff --git a/.github/workflows/ci.build.prerelease.yml b/.github/workflows/ci.build.prerelease.yml
index b4503df0..2122fa1c 100644
--- a/.github/workflows/ci.build.prerelease.yml
+++ b/.github/workflows/ci.build.prerelease.yml
@@ -71,7 +71,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
- build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+ build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
@@ -84,7 +84,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
- build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+ build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
diff --git a/.github/workflows/ci.build.push.yml b/.github/workflows/ci.build.push.yml
index cc3c9ae3..802f3837 100644
--- a/.github/workflows/ci.build.push.yml
+++ b/.github/workflows/ci.build.push.yml
@@ -80,7 +80,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-alpine"
- build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+ build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
@@ -93,7 +93,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:${{ steps.ci_branch_name.outputs.branch }}-amazonlinux"
- build-args: "VERSION_CODE=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
+ build-args: "version_code=${{ steps.ci_branch_name.outputs.branch }}-${{ steps.ci_commit_short_sha.outputs.short_sha }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
diff --git a/.github/workflows/ci.build.release.yml b/.github/workflows/ci.build.release.yml
index 0a09dcc0..f1a475a7 100644
--- a/.github/workflows/ci.build.release.yml
+++ b/.github/workflows/ci.build.release.yml
@@ -86,7 +86,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-alpine"
- build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+ build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
@@ -99,7 +99,7 @@ jobs:
push: true
tags: |
"${{ steps.ci_docker_repository.outputs.repository }}:v${{ steps.ci_tag_release_version.outputs.tag }}-amazonlinux"
- build-args: "VERSION_CODE=release-${{ steps.ci_tag_release_version.outputs.tag }}"
+ build-args: "version_code=release-${{ steps.ci_tag_release_version.outputs.tag }}"
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
diff --git a/Dockerfile b/Dockerfile
index 09ae4fa2..0367312f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:2.7.2-alpine AS base
+FROM ruby:2.7.5-alpine3.14 AS base
# Set a variable for the install location.
ARG RAILS_ROOT=/usr/src/app
@@ -25,8 +25,8 @@ COPY Gemfile Gemfile.lock $RAILS_ROOT/
RUN bundle config --global frozen 1 \
&& bundle config set deployment 'true' \
&& bundle config set without 'development:test:assets' \
- && bundle install -j4 --path=vendor/bundle \
- && rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
+ && bundle install -j4 --path=vendor/bundle
+RUN rm -rf vendor/bundle/ruby/2.7.0/cache/*.gem \
&& find vendor/bundle/ruby/2.7.0/gems/ -name "*.c" -delete \
&& find vendor/bundle/ruby/2.7.0/gems/ -name "*.o" -delete
@@ -38,7 +38,7 @@ RUN rm -rf tmp/cache spec
############### Build step done ###############
-FROM ruby:2.7.2-alpine
+FROM base
# Set a variable for the install location.
ARG RAILS_ROOT=/usr/src/app
diff --git a/Gemfile b/Gemfile
index c8af47af..f34d966c 100644
--- a/Gemfile
+++ b/Gemfile
@@ -29,7 +29,7 @@ gem 'omniauth', '~> 1.9.1'
gem 'omniauth-bn-launcher', '~> 0.1.3'
gem 'omniauth-bn-office365', '~> 0.1.1'
gem 'omniauth-google-oauth2', '~> 0.7.0'
-gem 'omniauth_openid_connect', '~> 0.3.5'
+gem 'omniauth_openid_connect', '~> 0.4.0'
gem 'omniauth-twitter', '~> 1.4.0'
gem 'pagy', '~> 3.11.0'
gem 'pluck_to_hash', '~> 1.0.2'
diff --git a/Gemfile.lock b/Gemfile.lock
index f714f3db..8bfe7fa8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -260,11 +260,11 @@ GEM
omniauth-twitter (1.4.0)
omniauth-oauth (~> 1.1)
rack
- omniauth_openid_connect (0.3.5)
+ omniauth_openid_connect (0.4.0)
addressable (~> 2.5)
- omniauth (~> 1.9)
+ omniauth (>= 1.9, < 3)
openid_connect (~> 1.1)
- openid_connect (1.2.0)
+ openid_connect (1.3.0)
activemodel
attr_required (>= 1.0.0)
json-jwt (>= 1.5.0)
@@ -289,7 +289,7 @@ GEM
nio4r (~> 2.0)
racc (1.6.0)
rack (2.2.3)
- rack-oauth2 (1.16.0)
+ rack-oauth2 (1.19.0)
activesupport
attr_required
httpclient
@@ -410,7 +410,7 @@ GEM
activesupport (>= 5.2)
sprockets (>= 3.0.0)
sqlite3 (1.3.13)
- swd (1.2.0)
+ swd (1.3.0)
activesupport (>= 3)
attr_required (>= 0.0.5)
httpclient (>= 2.4)
@@ -445,7 +445,7 @@ GEM
activemodel (>= 5.0)
bindex (>= 0.4.0)
railties (>= 5.0)
- webfinger (1.1.0)
+ webfinger (1.2.0)
activesupport
httpclient (>= 2.4)
webmock (3.12.1)
@@ -492,7 +492,7 @@ DEPENDENCIES
omniauth-bn-office365 (~> 0.1.1)
omniauth-google-oauth2 (~> 0.7.0)
omniauth-twitter (~> 1.4.0)
- omniauth_openid_connect (~> 0.3.5)
+ omniauth_openid_connect (~> 0.4.0)
pagy (~> 3.11.0)
pg (~> 0.18)
pluck_to_hash (~> 1.0.2)
diff --git a/app/controllers/concerns/authenticator.rb b/app/controllers/concerns/authenticator.rb
index 10b1eee6..45150f52 100644
--- a/app/controllers/concerns/authenticator.rb
+++ b/app/controllers/concerns/authenticator.rb
@@ -86,7 +86,7 @@ module Authenticator
# Check if the user exists under the same email with no social uid and that social accounts are allowed
def auth_changed_to_social?(email)
Rails.configuration.loadbalanced_configuration &&
- User.exists?(email: email, provider: @user_domain, social_uid: nil) &&
+ User.exists?(email: email, provider: @user_domain) &&
!allow_greenlight_accounts?
end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index ec68c566..764ded94 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -266,9 +266,9 @@ flash: { alert: I18n.t("registration.insecure_password") } unless User.secure_pa
# Set the user's social id to the new id being passed
def switch_account_to_social
- user = User.find_by(email: @auth['info']['email'], provider: @user_domain, social_uid: nil)
+ user = User.find_by(email: @auth['info']['email'], provider: @user_domain)
- logger.info "Switching account to social account for #{user.uid}"
+ logger.info "Switching social account for #{user.uid}"
# Set the user's social id to the one being returned from auth
user.update_attribute(:social_uid, @auth['uid'])
diff --git a/cloudbuild-dev.yaml b/cloudbuild-dev.yaml
index 835daa55..977fb2c5 100644
--- a/cloudbuild-dev.yaml
+++ b/cloudbuild-dev.yaml
@@ -16,18 +16,21 @@ steps:
'--cache-from',
'gcr.io/$PROJECT_ID/${_URL}:latest',
'.']
+ timeout: 1200s
- name: 'gcr.io/cloud-builders/kubectl'
args: [
- 'set',
- 'image',
- 'deployment',
- '${_APP_NAME}',
+ 'set',
+ 'image',
+ 'deployment',
+ '${_APP_NAME}',
'${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}'
]
+ timeout: 1200s
env:
- 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
- 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
images: [
'gcr.io/$PROJECT_ID/${_URL}:${BRANCH_NAME}.${SHORT_SHA}',
'gcr.io/$PROJECT_ID/${_URL}:latest'
-]
\ No newline at end of file
+]
+timeout: 3600s
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index 04a48d93..4be97b5d 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -16,18 +16,21 @@ steps:
'--cache-from',
'gcr.io/$PROJECT_ID/${_URL}:latest',
'.']
+ timeout: 1200s
- name: 'gcr.io/cloud-builders/kubectl'
args: [
- 'set',
- 'image',
- 'deployment',
- '${_APP_NAME}',
+ 'set',
+ 'image',
+ 'deployment',
+ '${_APP_NAME}',
'${_IMAGE_NAME}=gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}'
]
+ timeout: 1200s
env:
- 'CLOUDSDK_COMPUTE_ZONE=${_COMPUTE_ZONE}'
- 'CLOUDSDK_CONTAINER_CLUSTER=${_CLUSTER_NAME}'
images: [
'gcr.io/$PROJECT_ID/${_URL}:${TAG_NAME}.${SHORT_SHA}',
'gcr.io/$PROJECT_ID/${_URL}:latest'
-]
\ No newline at end of file
+]
+timeout: 3600s
diff --git a/config/environments/development.rb b/config/environments/development.rb
index cb7ebb18..469bf202 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -80,4 +80,5 @@ Rails.application.configure do
config.file_watcher = ActiveSupport::EventedFileUpdateChecker
config.hosts = nil
+ config.web_console.whiny_requests = false
end
diff --git a/dockerfiles/v2/alpine b/dockerfiles/v2/alpine
index be19c384..acf510cf 100644
--- a/dockerfiles/v2/alpine
+++ b/dockerfiles/v2/alpine
@@ -45,8 +45,8 @@ COPY . ./
FROM base
ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true
-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code
COPY --from=builder $RAILS_ROOT $RAILS_ROOT
diff --git a/dockerfiles/v2/amazonlinux b/dockerfiles/v2/amazonlinux
index 4928d7fb..c4f37304 100644
--- a/dockerfiles/v2/amazonlinux
+++ b/dockerfiles/v2/amazonlinux
@@ -1,4 +1,4 @@
-FROM amazonlinux:2.0.20211001.0 AS amazonlinux
+FROM amazonlinux:2.0.20220218.1 AS amazonlinux
ARG RAILS_ROOT=/usr/src/app
ENV RAILS_ROOT=${RAILS_ROOT}
@@ -20,7 +20,7 @@ RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash -
RUN yum -y install nodejs
# Install Ruby & Rails
RUN curl -sL -o /etc/yum.repos.d/yarn.repo https://dl.yarnpkg.com/rpm/yarn.repo
-RUN amazon-linux-extras enable ruby2.6 \
+RUN amazon-linux-extras enable ruby3.0 \
&& yum -y install git tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel postgresql-devel ruby-devel rubygems-devel rubygem-bundler rubygem-io-console rubygem-irb rubygem-json rubygem-minitest rubygem-net-http-persistent rubygem-net-telnet rubygem-power_assert rubygem-rake rubygem-test-unit rubygem-thor rubygem-xmlrpc rubygem-bigdecimal \
&& gem install rails
RUN yum -y install python3 python3-pip shadow-utils
@@ -36,8 +36,8 @@ COPY . ./
FROM base
ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true
-ARG VERSION_CODE
-ENV VERSION_CODE=$VERSION_CODE
+ARG version_code
+ENV VERSION_CODE=$version_code
COPY --from=builder $RAILS_ROOT $RAILS_ROOT
@@ -45,7 +45,7 @@ EXPOSE 80
# FIXME / to remove / https://github.com/nahi/httpclient/issues/445
RUN cat /etc/ssl/certs/ca-bundle.crt \
- >/usr/src/app/vendor/bundle/ruby/2.6.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
+ >/usr/src/app/vendor/bundle/ruby/3.0.0/gems/httpclient-2.8.3/lib/httpclient/cacert.pem
RUN chmod +x bin/start
CMD [ "bin/start" ]
--
GitLab