on_container 0.0.2 → 0.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e6c6b69a780d2c6b4f874f5e5ba73c5cd466cefaa12417387e17c56450feba6d
-  data.tar.gz: 3c0ad63961d07fdc00f3903346680270b51f26c5d30c3f2cd4fb53e63a065190
+  metadata.gz: 9b925ace8fb6fd6a98bf34a8ece37b21e18d25db9d348c7473dc68c8941b6769
+  data.tar.gz: 60a7a5747314918c66233d9e0847869e67c16887f46aae0a5de9aebaaa228a60
 SHA512:
-  metadata.gz: f250e92ac740599c98efbce04aefd437fae5a29d59bf3e0ff3334e7672391088c72ff4f7119878d7eb36dbe55cefaa594286095731c09247f97107cc4c04d572
-  data.tar.gz: 7816fdf82eef22a8fd907bf89dbfaf3e1866f68b131529638e94f8bd661a0d51401ac36095cfaeb124cde2fe90109d30b96bd67202fa117513f810b18f6aa00b
+  metadata.gz: 878956892f1cdf7f9ae0509b76b3262ec5d6b4d2bfb606ac315e15ed69be6a7bb57259f994a13cfb3ffa55756a2b7612b40d4c6b3c8023bbe81f8c065166da9c
+  data.tar.gz: 33dd25d152e4fb8631c814ef17c7582c63ff9c3cf50d57f384b7f73c8b21eed800a1b73e0f2782066d7f73c963c4b2f0b9b0096215c7a199de2b96e17af990b8

data/README.md

@@ -22,7 +22,71 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+### Development Routines & Docker Entrypoint Scripts
+
+We use some routines included in this gem to create compelling development entrypoint scripts for docker development containers.
+
+In this example, we'll be using the `on_container/dev/rails` routine bundle to create our dev entrypoint:
+
+```ruby
+#!/usr/bin/env ruby
+
+# frozen_string_literal: true
+
+require 'on_container/dev/rails'
+
+set_given_or_default_command
+
+# `on_setup_lock_acquired` prevents multiple app containers from running
+# the setup process concurrently:
+on_setup_lock_acquired do
+  ensure_project_gems_are_installed
+  ensure_project_node_packages_are_installed
+
+  wait_for_service_to_accept_connections 'tcp://postgres:5432'
+  setup_activerecord_database unless activerecord_database_ready?
+
+  remove_rails_pidfile if rails_server?
+end if command_requires_setup?
+
+execute_given_or_default_command
+```
+
+### Loading secrets into environment variables, and inserting credentials into URL environment variables
+
+When using Docker Swarm, the secrets are loaded as files mounted into the container's filesystem.
+
+The `on_container/load_env_secrets` runs a couple of routines that reads these files into environment variables.
+
+For our Rails example app, we added the following line to the `config/boot.rb` file:
+
+```ruby
+# frozen_string_literal: true
+
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
+
+require 'on_container/load_env_secrets' # Load secrets injected by Kubernetes/Swarm
+
+require 'bundler/setup' # Set up gems listed in the Gemfile.
+require 'bootsnap/setup' # Speed up boot time by caching expensive operations.
+```
+
+The `on_container/load_env_secrets` also merges any credential available in environment variables into any matching
+`_URL` environment variable. For example, consider the following environment variables:
+
+```shell
+DATABASE_URL=postgres://postgres:5432/?encoding=unicode
+DATABASE_USER=postgres
+DATABASE_PASS=3x4mpl3P455w0rd
+```
+
+The routine will merge `DATABASE_USER` and `DATABASE_PASS` into `DATABASE_URL`:
+
+```ruby
+puts ENV['DATABASE_URL']
+> postgres://postgres:3x4mpl3P455w0rd@postgres:5432/?encoding=unicode
+```
+
 
 ## Development
 

data/lib/on_container/dev/active_record_ops.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+
+module OnContainer
+  module Dev
+    module ActiveRecordOps
+      def app_setup_wait
+        ENV.fetch('APP_SETUP_WAIT', '5').to_i
+      end
+
+      def parse_activerecord_config_file
+        require 'erb'
+        require 'yaml'
+
+        database_yaml = Pathname.new File.expand_path('config/database.yml')
+        loaded_yaml = YAML.load(ERB.new(database_yaml.read).result) || {}
+        shared = loaded_yaml.delete('shared')
+      
+        loaded_yaml.each { |_k, values| values.reverse_merge!(shared) } if shared
+        Hash.new(shared).merge(loaded_yaml)
+      end
+      
+      def activerecord_config
+        @activerecord_config ||= parse_activerecord_config_file 
+          .fetch ENV.fetch('RAILS_ENV', 'development')
+      end
+      
+      def establish_activerecord_database_connection
+        require 'active_record' unless defined?(ActiveRecord)
+        ActiveRecord::Base.establish_connection activerecord_config
+        ActiveRecord::Base.connection_pool.with_connection { |connection| }
+      end
+      
+      def activerecord_database_initialized?
+        ActiveRecord::Base.connection_pool.with_connection do |connection|
+          connection.data_source_exists? :schema_migrations
+        end
+      end
+      
+      def activerecord_database_ready?
+        connection_tries ||= 3
+
+        establish_activerecord_database_connection
+        activerecord_database_initialized?
+      
+      rescue PG::ConnectionBad
+        unless (connection_tries -= 1).zero?
+          puts "Retrying DB connection #{connection_tries} more times..."
+          sleep app_setup_wait
+          retry
+        end
+        false
+      
+      rescue ActiveRecord::NoDatabaseError
+        false
+      end
+      
+      def setup_activerecord_database
+        system 'rails db:setup'
+      end
+    end
+  end
+end
+

data/lib/on_container/dev/bundler_ops.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+module OnContainer
+  module Dev
+    module BundlerOps
+      def bundle_path
+        '/usr/local/bundle'
+      end
+  
+      def bundle_owner_id
+        File.stat(bundle_path).uid
+      end
+  
+      def current_user_id
+        Etc.getpwuid.uid
+      end
+  
+      def bundle_belongs_to_current_user?
+        bundle_owner_id == current_user_id
+      end
+      
+      def make_bundle_belong_to_current_user
+        target_ownership = "#{current_user_id}:#{current_user_id}"
+        system "sudo chown -R #{target_ownership} #{bundle_path}"
+      end
+      
+      def ensure_bundle_belongs_to_current_user
+        return if bundle_belongs_to_current_user?
+      
+        make_bundle_belong_to_current_user
+      end
+
+      def ensure_project_gems_are_installed
+        ensure_bundle_belongs_to_current_user
+
+        system 'bundle check || bundle install'
+      end
+    end
+  end
+end

data/lib/on_container/dev/container_command_ops.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module OnContainer
+  module Dev
+    module ContainerCommandOps
+      def set_given_or_default_command
+        ARGV.concat %w[rails server -p 3000 -b 0.0.0.0] if ARGV.empty?
+      end
+      
+      def execute_given_or_default_command
+        exec(*ARGV)
+      end
+    end
+  end
+end
+

data/lib/on_container/dev/node_modules_ops.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require 'etc'
+
+module OnContainer
+  module Dev
+    module NodeModulesOps
+      APP_PATH = File.expand_path '.'
+  
+      def node_modules_path
+        "#{APP_PATH}/node_modules"
+      end
+  
+      def node_modules_owner_id
+        File.stat(node_modules_path).uid
+      end
+  
+      def current_user_id
+        Etc.getpwuid.uid
+      end
+  
+      def node_modules_belong_to_current_user?
+        node_modules_owner_id == current_user_id
+      end
+      
+      def make_node_modules_belong_to_current_user
+        target_ownership = "#{current_user_id}:#{current_user_id}"
+        system "sudo chown -R #{target_ownership} #{node_modules_path}"
+      end
+      
+      def ensure_node_modules_belong_to_current_user
+        return if node_modules_belong_to_current_user?
+      
+        make_node_modules_belong_to_current_user
+      end
+  
+      def ensure_project_node_packages_are_installed
+        ensure_node_modules_belong_to_current_user
+
+        system 'yarn check --integrity || yarn install'
+      end
+    end
+  end
+end

data/lib/on_container/dev/rails.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'on_container/dev/rails_ops'
+require 'on_container/dev/setup_ops'
+require 'on_container/dev/bundler_ops'
+require 'on_container/dev/node_modules_ops'
+require 'on_container/dev/active_record_ops'
+require 'on_container/dev/container_command_ops'
+
+include OnContainer::Dev::RailsOps
+include OnContainer::Dev::SetupOps
+include OnContainer::Dev::BundlerOps
+include OnContainer::Dev::NodeModulesOps
+include OnContainer::Dev::ActiveRecordOps
+include OnContainer::Dev::ContainerCommandOps
+
+require 'on_container/ops/service_connection_checks'
+
+include OnContainer::Ops::ServiceConnectionChecks

data/lib/on_container/dev/rails_ops.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module OnContainer
+  module Dev
+    module RailsOps
+      def remove_rails_pidfile
+        system "rm -rf #{File.expand_path('tmp/pids/server.pid')}"
+      end
+      
+      def rails_server?
+        ARGV[0] == 'rails' && %w[server s].include?(ARGV[1])
+      end
+    end
+  end
+end

data/lib/on_container/dev/setup_ops.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module OnContainer
+  module Dev
+    module SetupOps
+      APP_PATH = File.expand_path '.'
+  
+      def app_temp_path; "#{APP_PATH}/tmp"; end
+      def app_setup_wait; ENV.fetch('APP_SETUP_WAIT', '5').to_i; end
+      def app_setup_lock_path; "#{app_temp_path}/setup.lock"; end
+  
+      def lock_setup
+        system "mkdir -p #{app_temp_path} && touch #{app_setup_lock_path};"
+      end
+      
+      def unlock_setup
+        system "rm -rf #{app_setup_lock_path}"
+      end
+      
+      def wait_setup
+        puts 'Waiting for app setup to finish...'
+        sleep app_setup_wait
+      end
+
+      def on_setup_lock_acquired
+        wait_setup while File.exist?(app_setup_lock_path)
+
+        lock_setup
+
+        %w[HUP INT QUIT TERM EXIT].each do |signal_string|
+          Signal.trap(signal_string) { unlock_setup }
+        end
+
+        yield
+
+      ensure
+        unlock_setup
+      end
+
+      def command_requires_setup?
+        %w[
+          rails rspec sidekiq hutch puma rake webpack webpack-dev-server
+        ].include?(ARGV[0])
+      end
+    end
+  end
+end

data/lib/on_container/load_env_secrets.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+# Reads the specified secret paths (i.e. Docker Secrets) into environment
+# variables:
+
+require 'active_support'
+require 'active_support/core_ext/object'
+
+# Process only a known list of env vars that can filled by reading a file (i.e.
+# a docker secret):
+Dir["#{ENV.fetch('SECRETS_PATH', '/run/secrets/')}*"].each do |secret_filepath|
+  next unless File.file?(secret_filepath)
+
+  secret_envvarname = File.basename(secret_filepath, '.*').upcase
+
+  # Skip if variable is already set - already-set variables have precedence over
+  # the secret files:
+  next if ENV.key?(secret_envvarname) && ENV[secret_envvarname].present?
+
+  ENV[secret_envvarname] = File.read(secret_filepath).strip
+end
+
+# For each *_URL environment variable where there's also a *_(USER|USERNAME) or
+# *_(PASS|PASSWORD), update the URL environment variable with the given
+# credentials. For example:
+#
+# DATABASE_URL: postgres://postgres:5432/demo_production
+# DATABASE_USERNAME: lalito
+# DATABASE_PASSWORD: lepass
+#
+# Results in the following updated DATABASE_URL:
+#  DATABASE_URL = postgres://lalito:lepass@postgres:5432/demo_production
+require 'uri' if (url_keys = ENV.keys.select { |key| key =~ /_URL/ }).any?
+
+url_keys.each do |url_key|
+  credential_pattern_string = url_key.gsub('_URL', '_(USER(NAME)?|PASS(WORD)?)')
+  credential_pattern = Regexp.new "\\A#{credential_pattern_string}\\z"
+  credential_keys = ENV.keys.select { |key| key =~ credential_pattern }
+  next unless credential_keys.any?
+
+  uri = URI(ENV[url_key])
+  username = URI.encode_www_form_component ENV[credential_keys.detect { |key| key =~ /USER/ }]
+  password = URI.encode_www_form_component ENV[credential_keys.detect { |key| key =~ /PASS/ }]
+
+  uri.user = username if username
+  uri.password = password if password
+  ENV[url_key] = uri.to_s
+end
+
+# STDERR.puts ENV.inspect

data/lib/on_container/ops/service_connection_checks.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+require 'socket'
+require 'timeout'
+require 'uri'
+
+module OnContainer
+  module Ops
+    module ServiceConnectionChecks
+      def service_accepts_connections?(service_uri, seconds_to_wait = 30)
+        uri = URI(service_uri)
+
+        Timeout::timeout(seconds_to_wait) do
+          TCPSocket.new(uri.host, uri.port).close
+        rescue Errno::ECONNREFUSED
+          retry
+        end
+
+        true
+
+      rescue => e
+        puts "Connection to #{uri.to_s} failed: '#{e.inspect}'"
+      end
+      
+      def wait_for_service_to_accept_connections(service_uri, seconds_to_wait = 30, exit_on_fail = true)
+        wait_loop = Thread.new do
+          loop do
+            sleep(5)
+            puts "Waiting for #{service_uri} to accept connections..."
+          end
+        end
+
+        if service_accepts_connections?(service_uri, seconds_to_wait)
+          return wait_loop.exit
+        else
+          exit 1 if exit_on_fail
+        end
+      end
+    end
+  end
+end

data/lib/on_container/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OnContainer
-  VERSION = '0.0.2'
+  VERSION = '0.0.8'
 end

data/on_container.gemspec

@@ -24,5 +24,5 @@ Gem::Specification.new do |spec|
   spec.bindir        = 'exe'
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.17'
+  spec.add_development_dependency 'bundler', '~> 2.1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: on_container
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.8
 platform: ruby
 authors:
 - Roberto Quintanilla
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-02-17 00:00:00.000000000 Z
+date: 2020-11-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.17'
+        version: '2.1'
 description: A small collection of scripts and routines to help ruby development within
   containers
 email:
@@ -38,7 +38,15 @@ files:
 - README.md
 - Rakefile
 - lib/on_container.rb
-- lib/on_container/step_down_from_root.rb
+- lib/on_container/dev/active_record_ops.rb
+- lib/on_container/dev/bundler_ops.rb
+- lib/on_container/dev/container_command_ops.rb
+- lib/on_container/dev/node_modules_ops.rb
+- lib/on_container/dev/rails.rb
+- lib/on_container/dev/rails_ops.rb
+- lib/on_container/dev/setup_ops.rb
+- lib/on_container/load_env_secrets.rb
+- lib/on_container/ops/service_connection_checks.rb
 - lib/on_container/version.rb
 - on_container.gemspec
 homepage: https://github.com/IcaliaLabs/on-container-for-ruby
@@ -64,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: A small collection of scripts and routines to help ruby development within

data/lib/on_container/step_down_from_root.rb

@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-require 'etc'
-
-module OnContainer
-  class StepDownFromRoot
-    attr_reader :curent_user, :target_user
-    
-    def initialize
-      @curent_user = Etc.getpwuid
-    end
-
-    def target_user
-      @target_user ||= Etc.getpwuid(developer_uid)
-    end
-
-    def perform
-      return unless root_user?
-      return warn_no_developer_uid unless developer_uid?
-
-      switch_to_developer_user
-    end
-
-    def root_user?
-      curent_user.name == 'root'
-    end
-
-    def developer_uid?
-      developer_uid > 0
-    end
-
-    def developer_uid
-      @developer_uid ||= ENV.fetch('DEVELOPER_UID', '').to_i
-    end
-
-    protected
-
-    def switch_to_developer_user
-      target_user_name = target_user.name
-      puts "Switching from 'root' user to '#{target_user_name}'..."
-      Kernel.exec 'su-exec', target_user_name, $0, *$*
-    end
-
-    def warn_no_developer_uid
-      puts "The 'DEVELOPER_UID' environment variable is not set... " \
-           'still running as root!'
-    end
-
-    def self.perform
-      new.perform
-    end
-  end
-end
-
-OnContainer::StepDownFromRoot.perform