Add a prod-ready target to the Dockerfile

.dockerignore

@@ -1,24 +1,15 @@
-.gitignore
-README.md
-
-log
-tmp
-openshift/
-coverage/
-.bundle
-.ruby-version
-
-.DS_Store
-.AppleDouble
-.LSOverride
-
-.dockerignore
-docker-compose.yml
-docker-compose-dev.yml
-.travis.yml
-.rubocop.yml
-.env.example
-.eslintignore
-.eslintrc
-
-app.json
+# ignore everything by default
+*
+
+!app/
+!bin/
+!config/
+!db/
+!lib/
+!public/
+!config.ru
+!Gemfile
+!Gemfile.lock
+!LICENSE.txt
+!Rakefile
+!README.md

Dockerfile

@@ -1,45 +1,81 @@
-FROM ruby:2.6.3-alpine
+FROM ruby:2.6.3-alpine as base
 
 ENV APP_ROOT /usr/src/app
 WORKDIR $APP_ROOT
 
-# =============================================
-# System layer
-
-# Will invalidate cache as soon as the Gemfile changes
-COPY Gemfile Gemfile.lock $APP_ROOT/
-
-# * Setup system
-# * Install Ruby dependencies
-RUN apk add --update \
-    build-base \
+RUN gem install bundler \
+ && apk add --no-cache \
     netcat-openbsd \
     git \
     nodejs \
     postgresql-dev \
     mysql-dev \
     tzdata \
-    curl-dev \
- && rm -rf /var/cache/apk/* \
+    curl-dev
+
+# Will invalidate cache as soon a the Gemfile changes
+COPY Gemfile Gemfile.lock $APP_ROOT/
+
+# * Setup system
+# * Install common Ruby dependencies
+RUN apk add --no-cache build-base \
  && gem install bundler foreman \
  && bundle config --global frozen 1 \
- && bundle install --without test --jobs 2
+ && bundle install \
+    --without development test production \
+    --jobs $(grep -c ^processor /proc/cpuinfo) \
+ && apk del build-base
 
-# ========================================================
-# Application layer
+# Startup
+CMD ["bin/docker-start"]
+
+####################
+
+FROM base as development
+
+# * Install development dependencies
+RUN apk add --no-cache build-base \
+ && bundle install \
+    --with development \
+    --without test production \
+    --jobs $(grep -c ^processor /proc/cpuinfo) \
+ && apk del build-base
 
 # Copy application code
 COPY . $APP_ROOT
 
-# Precompile assets for a production environment.
-# This is done to include assets in production images on Dockerhub.
-RUN RAILS_ENV=production bundle exec rake assets:precompile
-
 # * Generate the docs
 # * Make files OpenShift conformant
 RUN RAILS_ENV=development bin/rails api_docs:generate \
- && chgrp -R 0 $APP_ROOT \
+ && chown -R 1000:0 $APP_ROOT \
  && chmod -R g=u $APP_ROOT
 
-# Startup
-CMD ["bin/docker-start"]
+USER 1000
+
+####################
+
+FROM base as production
+
+# * Install production dependencies
+RUN apk add --no-cache build-base \
+ && bundle install \
+    --with production \
+    --without development test \
+    --jobs $(grep -c ^processor /proc/cpuinfo) \
+ && apk del build-base
+
+# Copy application code
+COPY . $APP_ROOT
+
+# Precompile assets for a production environment.
+# This is done to include assets in production images on Dockerhub.
+RUN RAILS_ENV=production rake assets:precompile \
+ && rm -rf /usr/src/app/tmp/cache/
+
+# * Make files OpenShift conformant
+RUN chown -R 1000:0 $APP_ROOT/ \
+ && chmod -R g=u $APP_ROOT/
+
+VOLUME $APP_ROOT/public/
+
+USER 1000

docker-compose.yml

@@ -22,9 +22,12 @@
 # Using `$ docker-compose up` will automatically merge the override file in to
 # this one.
 #
-version: '3'
+version: '3.4'
 services:
   app:
+    build:
+      context: .
+      target: development
     image: octoboxio/octobox:latest
     ports:
       - "3000:3000"
@@ -37,6 +40,8 @@ services:
       - OCTOBOX_DATABASE_PASSWORD=development
       - OCTOBOX_DATABASE_HOST=database.service.octobox.internal
       - REDIS_URL=redis://redis.service.octobox.internal
+    volumes:
+      - './:/usr/src/app'
     networks:
       - internal
     depends_on:

docs/INSTALLATION.md

@@ -78,7 +78,7 @@ Octobox uses [`encrypted_attr`](https://github.com/attr-encrypted/attr_encrypted
 
 Therefore to install and launch Octobox, you must provide a 32 byte encryption key as the env var `OCTOBOX_ATTRIBUTE_ENCRYPTION_KEY`
 
-Protip: To generate a key, you can use `bin/rails secret | cut -c1-32`
+Protip: To generate a key, you can use `bin/rails secret | cut -c1-32`. With docker: `docker run --rm -it akerouanton/octobox:latest bin/rails secret | cut -c1-32`.
 
 ## Local installation
 
@@ -149,19 +149,11 @@ First, [install Docker](https://docs.docker.com/engine/installation/). If you've
 
 > If you have Windows Home Edition, you'll need to download and run [Docker Toolbox](https://www.docker.com/products/docker-toolbox).
 
-### Trying out Octobox
-
-If you're just giving Octobox a try, you can simply download the
-`docker-compose.yml` file from
-[here](https://raw.githubusercontent.com/octobox/octobox/master/docker-compose.yml), then run:
+Then, you have to [install docker-compose](https://docs.docker.com/compose/install/).
 
-```bash
-$ GITHUB_CLIENT_ID=yourclientid GITHUB_CLIENT_SECRET=yourclientsecret docker-compose up --build
-```
-
-This will pull the latest image from Docker Hub and set everything up! Octobox will be running in a development configuration on [http://localhost:3000](http://localhost:3000).
+### Trying out Octobox
 
-**Note**: You can add environment variables such as `GITHUB_CLIENT_ID` and `GITHUB_CLIENT_SECRET` to a `.env` file instead of supplying them directly on the command-line.
+If you're just giving Octobox a try, check out the production configuration below.
 
 ### Configuring a development environment
 
@@ -174,24 +166,34 @@ that, you can override the `docker-compose.yml` configuration by adding a
 version: '3'
 services:
   app:
-    build:
-      context: .
-      dockerfile: Dockerfile
+    env:
+      - FETCH_SUBJECT=true
+      - CUSTOM_ENV=...
 ```
 
 Using `docker-compose up` automatically merges the override file in to the base configuration.
+For more about override files and merging configurations, see [https://docs.docker.com/compose/extends/](https://docs.docker.com/compose/extends/)
 
 ### Configuring a production environment
 
-The `docker-compose.yml` file provided is for a _development_ configuration;
-there are are a number of things you'll want to configure differently for
-production use, like setting the Rails application for production and setting
-up a reverse proxy such as Apache or Nginx to serve static assets. You can use the
-`docker-compose.yml` file as an example to write your own or simply override
-the existing configuration with `docker-compose.override.yml`. Both the
-override file and `docker-compose.production.yml` are gitignored.
+The `docker-compose.yml` file provided at the root of the project is for a
+_development_ configuration only. However, you can download the example
+`docker-compose.yml` file from [here](https://raw.githubusercontent.com/octobox/octobox/master/docs/examples/docker-compose.yml).
+It's specifically tailored for production use.
 
-For more about override files and merging configurations, see [https://docs.docker.com/compose/extends/](https://docs.docker.com/compose/extends/)
+Then you have to set up environment variables to configure Octobox. For that, you
+can use the example .env file available [here](https://raw.githubusercontent.com/octobox/octobox/master/docs/examples/.env.example).
+It contains the full list of environment variables available to configure
+Octobox, but only the minimal set of configurations are enabled.
+
+Finally, run:
+
+```bash
+$ docker-compose up -d
+```
+
+This will pull the latest image from Docker Hub and set everything up! Octobox
+will be available on [http://localhost:80](http://localhost:80).
 
 ### Upgrading docker image:
 
@@ -390,10 +392,10 @@ As of 4th January 2019, Octobox can sync subjects from open source repositories
 
 ## API Documentation
 
-API Documentation will be generated from the application's controllers using `bin/rake api_docs:generate`. Once generated it will be automatically listed in the Header dropdown.
-
-This is included by default in the container build using `Dockerfile`. To include in your build, simply run the command listed above before deploy.
+API Documentation will be generated from the application's controllers using `bin/rake api_docs:generate`.
+It's provided with the development environment (see above), but it's not included in the production image available through the Docker Hub.
 
+To include in your build, simply run the command listed above before deploy.
 
 ## Google Analytics
 

docs/examples/docker-compose/.env.example

@@ -0,0 +1,57 @@
+COMPOSE_PROJECT_NAME=octobox
+
+# This is a comma seperated list of GitHub IDs for folks who need "admin" access to your instance
+ADMIN_GITHUB_IDS=
+
+OCTOBOX_DATABASE_NAME=octobox
+OCTOBOX_DATABASE_USERNAME=octobox
+OCTOBOX_DATABASE_PASSWORD=
+
+GITHUB_CLIENT_ID=
+GITHUB_CLIENT_SECRET=
+
+OCTOBOX_BACKGROUND_JOBS_ENABLED=1
+
+# Used to sign cookies, should be 32 bytes long at least
+# see the recommend method to generate a secret key for
+# OCTOBOX_ATTRIBUTE_ENCRYPTION_KEY and use a length of 128
+SECRET_KEY_BASE=
+
+# Encrypt user access tokens and personal tokens:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#encryption-key
+# OCTOBOX_ATTRIBUTE_ENCRYPTION_KEY=
+
+# Running Octobox for GitHub Enterprise:
+# GITHUB_DOMAIN=https://github.foobar.com
+
+# Allow periodic notification refreshes:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#allowing-periodic-notification-refreshes
+# MINIMUM_REFRESH_INTERVAL=1
+# OCTOBOX_SIDEKIQ_SCHEDULE_ENABLED=1
+
+# Restrict who can sign-up to your Octobox instance:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#limiting-access
+# RESTRICTED_ACCESS_ENABLED=1
+# GITHUB_ORGANIZATION_ID=
+# GITHUB_TEAM_ID=
+# GITHUB_SCOPE=notifications,read:org,repo
+
+# Download extra informations from Github about each notifications (experimental feature):
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#downloading-subjects
+# FETCH_SUBJECT=true
+
+# Run Octobox as a Gihub App:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#running-octobox-as-a-github-app
+# GITHUB_APP_ID=
+# GITHUB_APP_SLUG=
+# GITHUB_APP_CLIENT_ID=
+# GITHUB_APP_CLIENT_SECRET=
+# GITHUB_WEBHOOK_SECRET=
+
+# Open link in the same tab:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#open-links-in-the-same-tab
+# OPEN_IN_SAME_TAB=1
+
+# Enable live updates:
+# see https://github.com/octobox/octobox/blob/master/docs/INSTALLATION.md#live-updates
+# PUSH_NOTIFICATIONS=

docs/examples/docker-compose/Dockerfile.nginx

@@ -0,0 +1,3 @@
+FROM nginx:1.15.6
+
+COPY nginx.conf /etc/nginx/nginx.conf

docs/examples/docker-compose/docker-compose.yml

@@ -0,0 +1,57 @@
+version: '2'
+
+services:
+  nginx:
+    build:
+      context: .
+      dockerfile: Dockerfile.nginx
+    restart: unless-stopped
+    ports:
+      - "80:80"
+    volumes_from:
+      - 'app'
+    networks:
+      - internal
+    depends_on:
+      - app
+
+  app:
+    image: akerouanton/octobox:latest
+    restart: unless-stopped
+    env_file: '.env'
+    environment:
+      - OCTOBOX_DATABASE_HOST=database.service.octobox.internal
+      - REDIS_URL=redis://redis.service.octobox.internal
+      - RAILS_ENV=production
+      - RAILS_LOG_TO_STDOUT=1
+      - PORT=5000
+    networks:
+      - internal
+    depends_on:
+      - database.service.octobox.internal
+      - redis.service.octobox.internal
+
+  database.service.octobox.internal:
+    image: postgres:9.6-alpine
+    restart: unless-stopped
+    volumes:
+      - pg_data:/var/lib/postgresql/data
+    networks:
+      - internal
+    environment:
+      - POSTGRES_USER=${OCTOBOX_DATABASE_USERNAME}
+      - POSTGRES_DB=${OCTOBOX_DATABASE_NAME}
+      - POSTGRES_PASSWORD=${OCTOBOX_DATABASE_PASSWORD}
+
+  redis.service.octobox.internal:
+    image: redis:3.2-alpine
+    restart: unless-stopped
+    networks:
+      - internal
+
+volumes:
+  pg_data:
+
+networks:
+  internal:
+    driver: bridge