-
Notifications
You must be signed in to change notification settings - Fork 172
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replace Chef with ECS Deployment (#8314)
* ready files ecs transition * Non Infrastructure Related variables * Add more terraform files * Add ELB and Subnet Files * add s3 and redis * Add everything needed to create a staging server * Add shared module as variable * Ready to deploy shared resources * added sidekiq Dockerfile * switch vault to using an ECS Task role instead of an EC2 instance role * fixed typo in S3_avatars_bucket * fixed typo in S3_AVATARS_ASSET_HOST * switch to 172. local address for vault while don't have a NAT Gateway set up * change the azs used to the ones used from our load balancer and added pma healthcheck * Add tf files for production * add buildspec for pipeline * move ECR repo to shared resources for production * Fix copy paste errors * Production Deployable * Add new load balancer * Move Target Groups to shared so we can define the load balancer rules in terraform * Add another capacity provider * rename resources correctly * delete unused files * Make sure we load the RDS CA into pma before starting the container * review changes * renamed all occurences to rails_startup_time * make the us-west-2b a private subnet * enable corepack * increase the size of the autoscaling group again * update dockerfiles * fix dockerfiles * change networking with a new public subnet * add yarnrc when copying * apache config for PMA Docker * Update Docker files to streamlined Rails 7.3.1 build * Configure the unicorn server to start from the docker container * Be a bit more conservative about installing NodeJS * Move assset building back to docker-entrypoint * Move assset building back to docker-entrypoint * Fix ECS Permissions * add rake to assets:precompile * change env to prod * make sidekiq dockerfile also run mailcatcher * build regulations into the dockerfile * add git commit BUILD_TAG * add building docs to script * make mailcatcher listen on all ips * move old regulations to the correct folder * remove building regulations and documents in the dockerfile * remove font dependencies * make sure sidekiq can zip up exports * remove unnecessary / in dockerfile * change credentials to use Aws::ECSCredentials * Host Exports on s3 (#8795) * upload dumps to s3 * serve dumps from s3 * make routes for permalinks * correct filenames * make URLs less ugly * rename method to be more clear * only cache size and URL for one day * rename to current_results_export * use the DumpPublicResultsDatabase start_date as the timestamp for the results exports * update api_controller * install zip in docker container * correct paths for uploading * make file public-read * run rubocop * run rubocop * change filenames again * use run_start instead of run_end in test * delete zip file after upload * review changes * rename method * add .zip to the url * replace instance profile credentials with ecs credentials * allow the docker environment to have access to .yarn * only load s3 bucket when needed * reuse s3 bucket if possible * only load regulations in production * only load regulations on startup in production * stub regulations loading in omni search test * Sync infrastructure with current state * add listener for mailcatcher * make mailcatcher https * use specific_install to install a almost working version of mailcatcher * add task definition to reset db * install mailcatcher from local fork * review changes * don't maintain our own apache config * correctly rename container_name * give sidekiq enough memory * switch from RACK_ENV to RAILS_ENV in unicorn --------- Co-authored-by: Gregor Billing <gbilling@worldcubeassociation.org>
- Loading branch information
1 parent
7c8208d
commit c0fb355
Showing
72 changed files
with
2,568 additions
and
1,610 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files. | ||
|
||
# Ignore bundler config. | ||
/.bundle | ||
|
||
# Ignore all default key files | ||
config/master.key | ||
config/credentials/*.key | ||
|
||
# Ignore all logfiles and tempfiles. | ||
/log/* | ||
/tmp/* | ||
!/log/.keep | ||
!/tmp/.keep | ||
|
||
# Ignore pidfiles, but keep the directory. | ||
/tmp/pids/* | ||
!/tmp/pids/ | ||
!/tmp/pids/.keep | ||
|
||
node_modules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,28 +1,65 @@ | ||
FROM ruby:3.3.0 | ||
EXPOSE 3000 | ||
ARG BUILD_TAG=local | ||
WORKDIR /rails | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
WORKDIR /app | ||
ARG NODE_MAJOR=20 | ||
|
||
# Add PPA needed to install nodejs. | ||
# From: https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions | ||
RUN apt-get update && apt-get install -y ca-certificates curl gnupg | ||
RUN mkdir -p /etc/apt/keyrings && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg | ||
# Set production environment | ||
ENV RAILS_LOG_TO_STDOUT="1" \ | ||
RAILS_SERVE_STATIC_FILES="true" \ | ||
RAILS_ENV="production" \ | ||
BUNDLE_WITHOUT="development:test" \ | ||
BUNDLE_DEPLOYMENT="1" \ | ||
BUILD_TAG=$BUILD_TAG | ||
|
||
RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list | ||
# Add dependencies necessary to install nodejs. | ||
# From: https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions | ||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
ca-certificates \ | ||
curl \ | ||
gnupg | ||
|
||
RUN apt-get update && apt-get install -y \ | ||
git \ | ||
build-essential \ | ||
zip \ | ||
nodejs \ | ||
mariadb-client \ | ||
libssl-dev \ | ||
libyaml-dev \ | ||
tzdata | ||
ARG NODE_MAJOR=20 | ||
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_MAJOR}.x | bash && \ | ||
apt-get install -y nodejs | ||
|
||
# Enable 'corepack' feature that lets NPM download the package manager on-the-fly as required. | ||
RUN corepack enable | ||
|
||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
build-essential \ | ||
git \ | ||
pkg-config \ | ||
mariadb-client \ | ||
libvips \ | ||
libssl-dev \ | ||
libyaml-dev \ | ||
tzdata && \ | ||
rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||
|
||
# Install application gems | ||
COPY Gemfile Gemfile.lock ./ | ||
RUN gem update --system && gem install bundler | ||
RUN bundle install && \ | ||
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git | ||
|
||
# Install node dependencies | ||
COPY package.json yarn.lock .yarnrc.yml ./ | ||
RUN yarn install --immutable | ||
|
||
# Copy built artifacts: gems, application | ||
COPY . . | ||
|
||
# Run and own only the runtime files as a non-root user for security | ||
RUN useradd rails --create-home --shell /bin/bash && \ | ||
chown -R rails:rails db log tmp public app pids .yarn | ||
USER rails:rails | ||
|
||
# Entrypoint prepares database and starts app on 0.0.0.0:3000 by default, | ||
# but can also take a rails command, like "console" or "runner" to start instead. | ||
ENTRYPOINT ["/rails/bin/docker-entrypoint"] | ||
|
||
EXPOSE 3000 | ||
CMD ["./bin/bundle", "exec", "unicorn", "-c", "/rails/config/unicorn.rb"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
FROM ruby:3.3.0 | ||
|
||
WORKDIR /rails | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
|
||
# Add PPA needed to install nodejs. | ||
# From: https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions | ||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
ca-certificates \ | ||
curl \ | ||
gnupg | ||
|
||
ARG NODE_MAJOR=20 | ||
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_MAJOR}.x | bash && \ | ||
apt-get install nodejs | ||
|
||
# Enable 'corepack' feature that lets NPM download the package manager on-the-fly as required. | ||
RUN corepack enable | ||
|
||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
git \ | ||
build-essential \ | ||
mariadb-client \ | ||
libssl-dev \ | ||
libyaml-dev \ | ||
tzdata | ||
|
||
RUN gem update --system && gem install bundler | ||
|
||
EXPOSE 3000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
FROM ruby:3.3.0 | ||
|
||
WORKDIR /rails | ||
|
||
ENV DEBIAN_FRONTEND noninteractive | ||
|
||
# Set production environment | ||
ENV RAILS_LOG_TO_STDOUT="1" \ | ||
RAILS_SERVE_STATIC_FILES="true" \ | ||
RAILS_ENV="production" \ | ||
BUNDLE_WITHOUT="development:test" \ | ||
BUNDLE_DEPLOYMENT="1" \ | ||
BUNDLE_PATH="/usr/local/bundle" | ||
|
||
# Add dependencies necessary to install nodejs. | ||
# From: https://github.com/nodesource/distributions#debian-and-ubuntu-based-distributions | ||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
ca-certificates \ | ||
curl \ | ||
gnupg | ||
|
||
ARG NODE_MAJOR=20 | ||
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_MAJOR}.x | bash && \ | ||
apt-get install -y nodejs | ||
|
||
# Enable 'corepack' feature that lets NPM download the package manager on-the-fly as required. | ||
RUN corepack enable | ||
|
||
RUN apt-get update -qq && \ | ||
apt-get install --no-install-recommends -y \ | ||
build-essential \ | ||
git \ | ||
pkg-config \ | ||
zip \ | ||
python-is-python3 \ | ||
mariadb-client \ | ||
libvips \ | ||
libssl-dev && \ | ||
rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||
|
||
# Install application gems | ||
COPY Gemfile Gemfile.lock ./ | ||
RUN gem update --system && gem install bundler | ||
# Workaround for mailcatcher not supporting Ruby 3.3 https://github.com/sj26/mailcatcher/issues/553 | ||
#RUN gem install mailcatcher | ||
RUN gem install specific_install && gem specific_install -l https://github.com/thewca/mailcatcher.git -b feature/ruby3.3 | ||
RUN bundle install && \ | ||
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git | ||
|
||
# Install node dependencies | ||
COPY package.json yarn.lock .yarnrc.yml ./ | ||
RUN yarn install --immutable | ||
|
||
COPY . . | ||
|
||
# Run and own only the runtime files as a non-root user for security | ||
RUN useradd rails --create-home --shell /bin/bash && \ | ||
chown -R rails:rails db log tmp public app .yarn | ||
USER rails:rails | ||
|
||
ENTRYPOINT ["/rails/bin/docker-entrypoint-sidekiq"] | ||
|
||
EXPOSE 3000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash -e | ||
|
||
# If running the rails server then create or migrate existing database | ||
if [ "${1}" == "./bin/bundle" ] && [ "${3}" == "unicorn" ]; then | ||
./bin/rails db:prepare | ||
./bin/bundle exec i18n export | ||
./bin/bundle exec rake assets:precompile | ||
fi | ||
|
||
exec "${@}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash -e | ||
mailcatcher --http-ip=0.0.0.0 --no-quit | ||
./bin/bundle exec rake assets:precompile | ||
./bin/bundle exec sidekiq |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.