From 940a31035531aaf63afd05251ca0bcf137156d0f Mon Sep 17 00:00:00 2001
From: Robin Steiner <32168247+Robin481@users.noreply.github.com>
Date: Fri, 15 Mar 2024 14:08:55 +0100
Subject: [PATCH] Dockerfile and Github Build/Push (#627)

* Update Dockerfile and gems

* Add build workflow

* Update Dockerfile path

* Minimize push action

* Point github build workflow to main branch locations
---
 .github/workflows/build.yml |  27 +++++
 Dockerfile                  | 191 ++++++++++++++++++++++++++++--------
 Gemfile                     |   1 -
 Gemfile.lock                |   4 -
 4 files changed, 177 insertions(+), 46 deletions(-)
 create mode 100644 .github/workflows/build.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000..7b7f98172
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,27 @@
+name: Build
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.PUZZLE_REGISTRY }}
+          username: ${{ secrets.PUZZLE_REGISTRY_USERNAME }}
+          password: ${{ secrets.PUZZLE_REGISTRY_PASSWORD }}
+
+      - uses: docker/build-push-action@v4
+        with:
+          tags: |
+            ${{ secrets.PUZZLE_REGISTRY }}/skills:latest
+          push: true
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index be05a653e..161c25b38 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,87 @@
+#################################
+#          Variables            #
+#################################
+
+# Versioning
+ARG RUBY_VERSION="3.2.1"
+ARG BUNDLER_VERSION="2.5.6"
+ARG NODEJS_VERSION="18"
+ARG YARN_VERSION="1.22.10"
+
+# Packages
+ARG BUILD_PACKAGES="nodejs build-essential shared-mime-info"
+ARG RUN_PACKAGES="shared-mime-info postgresql"
+
+# Scripts
+ARG PRE_INSTALL_SCRIPT="curl -sL https://deb.nodesource.com/setup_${NODEJS_VERSION}.x -o /tmp/nodesource_setup.sh && bash /tmp/nodesource_setup.sh"
+ARG INSTALL_SCRIPT="node -v && npm -v && npm install -g yarn && yarn set version ${YARN_VERSION}"
+ARG PRE_BUILD_SCRIPT
+ARG BUILD_SCRIPT="yarn install && bundle exec rake assets:precompile"
+ARG POST_BUILD_SCRIPT="echo \"(built at: $(date '+%Y-%m-%d %H:%M:%S'))\" > /app-src/BUILD_INFO"
+
+# Bundler specific
+ARG BUNDLE_WITHOUT="development:metrics:test"
+
+# App specific
+ARG RAILS_ENV="production"
+ARG RACK_ENV="production"
+ARG NODE_ENV="production"
+ARG RAILS_HOST_NAME="unused.example.net"
+ARG SECRET_KEY_BASE="needs-to-be-set"
+
+# Github specific
+ARG GITHUB_SHA
+ARG GITHUB_REPOSITORY
+ARG GITHUB_REF_NAME
+ARG BUILD_COMMIT="$GITHUB_SHA"
+ARG BUILD_REPO="$GITHUB_REPOSITORY"
+ARG BUILD_REF="$GITHUB_REF_NAME"
+
+# # Gitlab specific
+# ARG CI_COMMIT_SHA
+# ARG CI_REPOSITORY_URL
+# ARG CI_COMMIT_REF_NAME
+# ARG BUILD_COMMIT="$CI_COMMIT_SHA"
+# ARG BUILD_REPO="$CI_REPOSITORY_URL"
+# ARG BUILD_REF="$CI_COMMIT_REF_NAME"
+
+# # Openshift specific
+# ARG OPENSHIFT_BUILD_COMMIT
+# ARG OPENSHIFT_BUILD_SOURCE
+# ARG OPENSHIFT_BUILD_REFERENCE
+# ARG BUILD_COMMIT="$OPENSHIFT_BUILD_COMMIT"
+# ARG BUILD_REPO="$OPENSHIFT_BUILD_SOURCE"
+# ARG BUILD_REF="$OPENSHIFT_BUILD_REFERENCE"
+
+# Runtime ENV vars
+ARG SENTRY_CURRENT_ENV
+ARG PS1="$SENTRY_CURRENT_ENV > "
+ARG TZ="Europe/Zurich"
+
+
 #################################
 #          Build Stage          #
 #################################
 
-FROM ruby:3.2 AS build
+FROM ruby:${RUBY_VERSION} AS build
+
+# arguments for steps
+ARG PRE_INSTALL_SCRIPT
+ARG BUILD_PACKAGES
+ARG INSTALL_SCRIPT
+ARG BUNDLER_VERSION
+ARG PRE_BUILD_SCRIPT
+ARG BUNDLE_WITHOUT
+ARG BUILD_SCRIPT
+ARG POST_BUILD_SCRIPT
+
+# arguments potentially used by steps
+ARG NODE_ENV
+ARG RACK_ENV
+ARG RAILS_ENV
+ARG RAILS_HOST_NAME
+ARG SECRET_KEY_BASE
+ARG TZ
 
 # Set build shell
 SHELL ["/bin/bash", "-c"]
@@ -10,23 +89,15 @@ SHELL ["/bin/bash", "-c"]
 # Use root user
 USER root
 
-ARG BUILD_PACKAGES
-ARG BUILD_SCRIPT
-ARG BUNDLE_WITHOUT='development:metrics:test'
-ARG BUNDLER_VERSION=2.4.6
-ARG POST_BUILD_SCRIPT
-
-# Get proper node version via nodesource
-RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash -
+RUN bash -vxc "${PRE_INSTALL_SCRIPT:-"echo 'no PRE_INSTALL_SCRIPT provided'"}"
 
 # Install dependencies
-RUN    apt-get update \
-    && apt-get upgrade -y \
-    && apt-get install -y ${BUILD_PACKAGES}
+RUN    export DEBIAN_FRONTEND=noninteractive \
+  && apt-get update \
+  && apt-get upgrade -y \
+  && apt-get install -y --no-install-recommends ${BUILD_PACKAGES}
 
-RUN apt-get install -y npm
-
-RUN bash -vxc "${BUILD_SCRIPT:-"echo 'no BUILD_SCRIPT provided'"}"
+RUN bash -vxc "${INSTALL_SCRIPT:-"echo 'no INSTALL_SCRIPT provided'"}"
 
 # Install specific versions of dependencies
 RUN gem install bundler:${BUNDLER_VERSION} --no-document
@@ -34,29 +105,35 @@ RUN gem install bundler:${BUNDLER_VERSION} --no-document
 # TODO: Load artifacts
 
 # set up app-src directory
-COPY . /app-src
 WORKDIR /app-src
+COPY Gemfile Gemfile.lock ./
 
-# Run deployment
+RUN bash -vxc "${PRE_BUILD_SCRIPT:-"echo 'no PRE_BUILD_SCRIPT provided'"}"
+
+# install gems and build the app
 RUN    bundle config set --local deployment 'true' \
-    && bundle config set --local without ${BUNDLE_WITHOUT} \
-    && bundle config set --local path vendor/bundle \
-    && bundle package \
-    && bundle install \
-    && bundle clean
+  && bundle config set --local without ${BUNDLE_WITHOUT} \
+  && bundle package \
+  && bundle install \
+  && bundle clean
+
+COPY . .
+
+RUN bash -vxc "${BUILD_SCRIPT:-"echo 'no BUILD_SCRIPT provided'"}"
 
 RUN bash -vxc "${POST_BUILD_SCRIPT:-"echo 'no POST_BUILD_SCRIPT provided'"}"
 
 # TODO: Save artifacts
 
-RUN rm -rf vendor/cache/ .git
+RUN rm -rf vendor/cache/ .git spec/ node_modules/
+
 
 #################################
 #           Run Stage           #
 #################################
 
 # This image will be replaced by Openshift
-FROM ruby:3.2 AS app
+FROM ruby:${RUBY_VERSION}-slim AS app
 
 # Set runtime shell
 SHELL ["/bin/bash", "-c"]
@@ -64,35 +141,67 @@ SHELL ["/bin/bash", "-c"]
 # Add user
 RUN adduser --disabled-password --uid 1001 --gid 0 --gecos "" app
 
-ARG BUNDLE_WITHOUT='development:metrics:test'
+# arguments for steps
 ARG RUN_PACKAGES
-ARG BUNDLER_VERSION=2.4.6
-
-# Install specific versions of dependencies
-RUN gem install bundler:${BUNDLER_VERSION} --no-document
+ARG BUNDLER_VERSION
+ARG BUNDLE_WITHOUT
+
+# arguments potentially used by steps
+ARG NODE_ENV
+ARG RACK_ENV
+ARG RAILS_ENV
+
+# data persisted in the image
+ARG PS1
+ARG TZ
+ARG BUILD_COMMIT
+ARG BUILD_REPO
+ARG BUILD_REF
+
+ENV PS1="${PS1}" \
+  TZ="${TZ}" \
+  BUILD_REPO="${BUILD_REPO}" \
+  BUILD_REF="${BUILD_REF}" \
+  BUILD_COMMIT="${BUILD_COMMIT}" \
+  NODE_ENV="${NODE_ENV}" \
+  RAILS_ENV="${RAILS_ENV}" \
+  RACK_ENV="${RACK_ENV}"
 
 # Install dependencies, remove apt!
-RUN    apt-get update \
-    && apt-get upgrade -y \
-    && apt-get install -y ${RUN_PACKAGES} \
-    && apt-get install ca-certificates
+RUN    export DEBIAN_FRONTEND=noninteractive \
+  && apt-get update \
+  && apt-get upgrade -y \
+  && apt-get install -y ${RUN_PACKAGES} vim curl less \
+  && apt-get clean \
+  && rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
 
 # Copy deployment ready source code from build
 COPY --from=build /app-src /app-src
 WORKDIR /app-src
 
-# Set group permissions to app folder
-RUN    chgrp -R 0 /app-src \
-    && chmod -R u+w,g=u /app-src
+# Create pids folder for puma and
+# set group permissions to folders that need write permissions
+RUN mkdir -p tmp/pids \
+  && chgrp 0 /app-src \
+  && chgrp -R 0 /app-src/tmp \
+  && chgrp -R 0 /app-src/log \
+  && chmod u+w,g=u /app-src \
+  && chmod -R u+w,g=u /app-src/tmp \
+  && chmod -R u+w,g=u /app-src/log
 
-ENV HOME=/app-src
+# support bin-stubs
+ENV HOME=/app-src \
+  PATH=/app-src/bin:$PATH
+
+# Install specific versions of dependencies
+RUN gem install bundler:${BUNDLER_VERSION} --no-document
 
 # Use cached gems
 RUN    bundle config set --local deployment 'true' \
-    && bundle config set --local without ${BUNDLE_WITHOUT} \
-    && bundle config set --local path vendor/bundle \
-    && bundle
+  && bundle config set --local without ${BUNDLE_WITHOUT} \
+  && bundle install
 
 USER 1001
 
-CMD ["bundle", "exec", "puma", "-t", "8"]
+CMD ["bundle", "exec", "puma"]
diff --git a/Gemfile b/Gemfile
index 8fe3d4a62..5df1cb378 100644
--- a/Gemfile
+++ b/Gemfile
@@ -21,7 +21,6 @@ gem 'i18n_data'
 gem 'jsbundling-rails'
 gem 'keycloak-api-rails'
 gem 'language_list'
-gem 'mimemagic', '~> 0.3.6'
 gem 'mini_magick'
 gem 'net-imap', require: false
 gem 'net-ldap', '~> 0.16.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2e1999d53..6dfdfbaef 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -241,9 +241,6 @@ GEM
     mime-types (3.5.2)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2024.0206)
-    mimemagic (0.3.10)
-      nokogiri (~> 1)
-      rake
     mini_magick (4.12.0)
     mini_mime (1.1.5)
     minitest (5.22.2)
@@ -499,7 +496,6 @@ DEPENDENCIES
   keycloak-api-rails
   language_list
   listen (~> 3.0.5)
-  mimemagic (~> 0.3.6)
   mini_magick
   net-imap
   net-ldap (~> 0.16.0)