stack_car 0.12.0 → 0.15.0

data/templates/.gitlab/issue_templates/enable_pipeline_check_before_merge.md

@@ -0,0 +1,8 @@
+# Gitlab Original Documentation: 
+- https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html#only-allow-merge-requests-to-be-merged-if-the-pipeline-succeeds
+
+# Notch8 Playbook Artcile with image:
+- http://playbook-staging.notch8.com/en/gitlab-only-merge-if-pipeline-succeeds
+
+# How to Video: 
+- https://share.getcloudapp.com/yAuykArv

data/templates/.gitlab/merge_request_templates/Bug.md

@@ -0,0 +1,36 @@
+# Summary 
+A short description of the bug
+
+# Related Issue
+Use # to add a quick link to the parent issue(s), or ! for parent merge requests. Also, go to the issue and edit it to mention this MR.
+
+# Expected Behavior
+
+Demo how this merge request is working in the app. Consult the steps for reproducing the bug in the issue. 
+
+# Screenshots / Video
+Include screenshots or video demonstrating how this bug fix works
+
+# Dependencies
+
+Are there any other outstanding issues which need to be resolved before this can be merged?
+
+# Special Attention / Side Effects
+
+Is there anything you would like to have special scrutiny given to during code review? Will the changes in this merge request potentially impact any thing else that isn't explicitly part of this bug fix?
+
+# Testing / Reproduction instructions
+
+Step by step instructions on how to test this bug fix. Include links and username/passswords if necessary. Videos are especially helpful. Also, name any spec files that should be run for this bug fix, or to test any side effects from this bug fix.
+
+1. Go here
+2. Do this
+3. Observe this behavior
+
+# Deployment
+
+Where is this deployed? Are there any additional steps to get this working on staging/production? (e.g. setting up enviromental variables)
+
+# Other Information
+
+Any other logs, related issues, merge requests, wireframes, documentation, slack conversations or anything else that would help the developer try to find and fix this issue, or provide context.

data/templates/.gitlab/merge_request_templates/Feature.md

@@ -0,0 +1,36 @@
+# Summary 
+A short description of the feature
+
+# Related Issue
+Use # to add a quick link to the parent issue(s), or ! for parent merge requests. Also, go to that issue and edit the description to mention this MR.
+
+# Expected Behavior
+
+Demo how this merge request is working in the app. Consult the acceptance criteria in the issue. 
+
+# Screenshots / Video
+Include screenshots or video demonstrating how this feature works
+
+# Dependencies
+
+Are there any other outstanding issues which need to be resolved before this can be merged?
+
+# Special Attention / Side Effects
+
+Is there anything you would like to have special scrutiny given to during code review? Will the changes in this merge request potentially impact any thing else that isn't explicitly part of this feature? 
+
+# Testing / Reproduction instructions
+
+Step by step instructions on how to test this feature. Include links and username/passswords if necessary. Videos are especially helpful. Also, name any spec files that should be run for this feature, or to test any side effects from this feature.
+
+1. Go here
+2. Do this
+3. Observe this behavior
+
+# Deployment
+
+Where is this deployed? Are there any additional steps to get this working on staging/production? (e.g. setting up enviromental variables)
+
+# Other Information
+
+Any other logs, related issues, merge requests, wireframes, documentation, slack conversations or anything else that would help the developer try to find and fix this issue, or provide context.

data/templates/.gitlab-ci.yml.erb

@@ -1,5 +1,6 @@
 stages:
 - build
+- lint
 - test
 - deploy
 
@@ -108,7 +109,7 @@ review:
   only:
     - branches
   except:
-    - master
+    - main
   script:
 <% if options[:rancher] -%>
     - export RANCHER_ENVIRONMENT=staging
@@ -148,7 +149,7 @@ staging:
   - dpl --provider=heroku --app=<%= @project_name %>-staging --api-key=$HEROKU_STAGING_API_KEY --run="bundle exec rake db:migrate"
 <% end -%>
   only:
-    - master
+    - main
   tags:
     - local
 
@@ -166,6 +167,6 @@ production:
 <% end -%>
   when: manual
   only:
-    - master
+    - main
   tags:
     - local

data/templates/.sops.yaml.erb

@@ -0,0 +1,3 @@
+---
+creation_rules:
+  - pgp: "CHANGEME"

data/templates/Dockerfile.erb

@@ -1,14 +1,13 @@
 FROM CHANGEME/base:latest
-<% if options[:git] %>
+<% if options[:git] -%>
 ARG BRANCH=master
 ARG REPO_URL
-<% end %>
+<% end -%>
 
-ADD http://timejson.herokuapp.com build-time
 ADD ops/webapp.conf /etc/nginx/sites-enabled/webapp.conf
 ADD ops/env.conf /etc/nginx/main.d/env.conf
 
-<% if options[:git] %>
+<% if options[:git] -%>
 RUN /sbin/setuser app bash -l -c "set -x && \
   git fetch -ap && \
   git reset --hard && \
@@ -18,14 +17,15 @@ RUN /sbin/setuser app bash -l -c "set -x && \
   bundle exec rake assets:clobber assets:precompile DATABASE_ADAPTER=nulldb && \
   mv /home/app/webapp/public/assets /home/app/webapp/public/assets-new && \
   mv /home/app/webapp/public/packs /home/app/webapp/public/packs-new"
-<% else %>
+<% else -%>
+RUN gem install bundler -v CHANGEME # Add the BUNDLED WITH version listed at the bottom of the Gemfile.lock
 COPY --chown=app . $APP_HOME
 RUN /sbin/setuser app bash -l -c "set -x && \
   (bundle check || bundle install) && \
   bundle exec rake assets:clobber assets:precompile DATABASE_ADAPTER=nulldb && \
   mv /home/app/webapp/public/assets /home/app/webapp/public/assets-new && \
   mv /home/app/webapp/public/packs /home/app/webapp/public/packs-new"
-<% end %>
+<% end -%>
 
 RUN bash -l -c "set -x && \
   rm -f /etc/service/nginx/down"

data/templates/README.md

@@ -1,19 +1,96 @@
+[Docker development setup](#docker-development-setup)
+
+[Bash into the container](#bash-into-the-container)
+
+[Handling Secrets with SOPS](#handling-secrets-with-sops)
+
+[Deploy a new release](#deploy-a-new-release)
+  
+[Run import from admin page](#run-import-from-admin-page)
+
 # Docker development setup
 
-1) Install Docker.app 
+We recommend committing .env to your repo with good defaults. .env.development, .env.production etc can be used for local overrides and should not be in the repo. See [Handling Secrets with SOPS](#handling-secrets-with-sops) for how to manage secrets.
+
+1) Install Docker.app
+
+2) Install stack car
+    ``` bash
+    gem install stack_car
+    ```
 
-2) gem install stack_car
+3) Sign in with dory
+    ``` bash
+    dory up
+    ```
 
-3) We recommend committing .env to your repo with good defaults. .env.development, .env.production etc can be used for local overrides and should not be in the repo.
+4) Install dependencies
+    ``` bash
+    yarn install
+    ```
 
-4) sc up
+5) Start the server
+    ``` bash
+    sc up
+    ```
 
+6) Load and seed the database
+    ``` bash
+    sc be rake db:migrate db:seed
+    ```
+    
+7) Visit the running instance in the browser at `project-name.test`
+
+### Troubleshooting Docker Development Setup
+Confirm or configure settings. Sub your information for the examples.
 ``` bash
-gem install stack_car
-sc up
+git config --global user.name example
+git config --global user.email example@example.com
+docker login registry.gitlab.com
+```
+
+### While in the container you can do the following
+- Run rspec
+    ``` bash
+    bundle exec rspec
+    ```
+- Access the rails console
+    ``` bash
+    bundle exec rails c
+    ```
+
+### Handling Secrets with SOPS
+
+[**SOPS**](https://github.com/mozilla/sops) is used to handle this project's secrets.
 
+The secrets in this repository include:
+- `.env*` files
+- `*-values.yaml` files
+
+Scripts (`bin/decrypt-secrets` and `bin/encrypt-secrets`) are included in this project to help with managing secrets.
+
+**To decrypt secrets**:
+
+You will need to do this if you are new to the project or there have been changes to any secrets files that are required for development.
+
+In terminal:
+```bash
+bin/decrypt-secrets
+```
+
+This will find and decrypt files with the `.enc` extension.
+
+**To encrypt secrets**:
+
+You will need to do this when you have edited secrets and are ready to commit them.
+
+In terminal:
+```bash
+bin/encrypt-secrets
 ```
 
+This will find and output an encrypted version of secret files with an `.enc` extension.
+
 # Deploy a new release
 
 ``` bash
@@ -21,4 +98,4 @@ sc release {staging | production} # creates and pushes the correct tags
 sc deploy {staging | production} # deployes those tags to the server
 ```
 
-Releaese and Deployment are handled by the gitlab ci by default. See ops/deploy-app to deploy from locally, but note all Rancher install pull the currently tagged registry image
+Release and Deployment are handled by the gitlab ci by default. See ops/deploy-app to deploy from locally, but note all Rancher install pull the currently tagged registry image

data/templates/chart/Chart.yaml.tt

@@ -5,25 +5,26 @@ name: <%= @project_name %>
 version: 0.0.1
 dependencies:
 <%- if options[:solr] %>
-  - name: solr 
-    version: 1.3.3
-    repository: https://storage.googleapis.com/kubernetes-charts-incubator
+- name: solr
+  version: 1.5.2
+  repository: https://charts.helm.sh/incubator
+  condition: solr.enabled
 <%- end %>
 <%- if options[:redis] %>
-  - name: redis
-    version: 10.3.1
-    repository: https://kubernetes-charts.storage.googleapis.com/
-    condition: redis.enabled
+- name: redis
+  version: 11.0.4
+  repository: https://charts.bitnami.com/bitnami
+  condition: redis.enabled
 <%- end %>
 <%- if options[:postgres] %>
-  - name: postgresql
-    version: 8.1.2
-    repository: https://kubernetes-charts.storage.googleapis.com/
-    condition: postgresql.enabled
+- name: postgresql
+  version: 10.3.18
+  repository: https://charts.bitnami.com/bitnami
+  condition: postgresql.enabled
 <%- end %>
 <%- if options[:mysql] %>
 - name: mariadb
-  version: 5.x.x
-  repository: https://kubernetes-charts.storage.googleapis.com/
+  version: 7.3.14
+  repository: https://charts.helm.sh/stable
   condition: mariadb.enabled
-<%- end %>
+<%- end %>

data/templates/chart/bin/deploy

@@ -11,4 +11,4 @@ then
     exit 1
 fi
 
-helm upgrade --install --namespace $1-$NAMESPACE $1 . -f $1-values.yaml --set rails.image.tag=$2
+helm upgrade --install --namespace $NAMESPACE-$1 $1 . -f $1-values.yaml --set rails.image.tag=$2

data/templates/chart/bin/remove

@@ -12,4 +12,4 @@ then
 fi
 
 raise 'refusing to remove production' if $1 == 'production'
-helm uninstall --namespace $1-$NAMESPACE $1 . -f $1-values.yaml --set rails.image.tag=$2
+helm uninstall --namespace $NAMESPACE-$1 $1 . -f $1-values.yaml --set rails.image.tag=$2

data/templates/chart/sample-values.yaml.tt

@@ -17,6 +17,7 @@ zookeeper:
     size: 1Gi
 <% end %>
 
+<% if options[:postgres] %>
 postgresql:
   enabled: true
 <% if options[:fedora] %>
@@ -33,6 +34,8 @@ postgresql:
   persistence:
     enabled: true
     size: 1Gi
+<% end %>
+
 <% if options[:mysql] %>
 externalDatabase:
   host: host_name
@@ -117,7 +120,6 @@ env:
     <% if options[:fcrepo] %>
     FC_DATABASE_NAME: fcrepo
     LD_LIBRARY_PATH: /opt/fits-latest/tools/mediainfo/linux
-    SETTINGS__ACTIVE_JOB__QUEUE_ADAPTER: sidekiq
     SETTINGS__CONTACT_EMAIL: admin@example.org
     SETTINGS__DEVISE__INVITATION_FROM_EMAIL: admin@example.org
     SETTINGS__FITS_PATH: /opt/fits/fits.sh
@@ -126,13 +128,26 @@ env:
     SETTINGS__MULTITENANCY__DEFAULT_HOST: "%{tenant}.app.docker"
     SETTINGS__MULTITENANCY__ENABLED: "true"
     <% end %>
+    <% if options[:sidekiq] %>
+    SETTINGS__ACTIVE_JOB__QUEUE_ADAPTER: sidekiq
+    <% end %>
     DATABASE_NAME: <%= @project_name %>
     IN_DOCKER: "true"
     PASSENGER_APP_ENV: production
     RAILS_ENV: production
     RAILS_LOG_TO_STDOUT: "true"
     RAILS_SERVE_STATIC_FILES: "true"
+    # SMTP Mailer vars
+    # Uncomment vars and SMTP Mailer in config/environments/<environment>.rb to enable
+    # SMTP_USER_NAME: CHANGEME
+    # SMTP_ADDRESS: CHANGEME
+    # SMTP_DOMAIN: CHANGEME
+    # SMTP_PORT: CHANGEME
+    # SMTP_TYPE: CHANGEME
 
   secret:
     SECRET_KEY_BASE: secretabc
     DATABASE_PASSWORD: passwordabc
+    # SMTP Mailer secret
+    # Uncomment vars and SMTP Mailer in config/environments/<environment>.rb to enable
+    # SMTP_PASSWORD: CHANGEME

data/templates/chart/templates/_helpers.tpl.tt

@@ -44,7 +44,7 @@ Shorthand for component names
 <%- end %>
 <%- if options[:redis] %>
 {{- define "app.redis.name" -}}
-{{- .Release.Name -}}-redis-master
+{{- .Release.Name -}}-redis-primary
 {{- end -}}
 <%- end %>
 <%- if options[:sidekiq] %>

data/templates/chart/templates/web-ing-wildcard.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Ingress
 metadata:
   name: {{ template "app.web.name" . }}-in-wildcard

data/templates/chart/templates/web-ing.yaml

@@ -1,5 +1,5 @@
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1 
 kind: Ingress
 metadata:
   name: {{ template "app.web.name" . }}-in

data/templates/database.yml.erb

@@ -2,7 +2,6 @@
 
 <% if options[:mysql] -%>
 login: &login
-  adapter: mysql2
   adapter: <%%= ENV['DATABASE_ADAPTER'] %>
   host: <%%= ENV['DATABASE_HOST'] %>
   username: <%%= ENV['DATABASE_USER'] %>

data/templates/decrypt-secrets

@@ -0,0 +1,22 @@
+#!/usr/bin/env ruby
+
+# require 'byebug'
+
+parent_dir = File.dirname(__dir__)
+Dir.chdir(File.join(parent_dir))
+[
+  ".env.*",
+  "chart/*-values.yaml",
+  "ops/kube_config.yml",
+  "ops/.backend",
+  "ops/k8s/*-values.yaml"
+].each do |files|
+  Dir.glob(files).each do |file|
+    if file.match(/enc/)
+      next unless File.exists?(file)
+      cmd = "sops --decrypt #{file} > #{file.gsub(/.enc$/, '')}"
+      puts cmd
+      `#{cmd}`
+    end
+  end
+end

data/templates/deploy.yml.erb

@@ -29,7 +29,7 @@
     - debug: var=authout
 
     - name: Restart service
-      command: "cd {{ compose_dir }} && docker-compose -f {{ project_name }}.yml pull web && docker-compose -f {{ project_name }}.yml up -d web"
+      command: "cd {{ compose_dir }} && docker compose -f {{ project_name }}.yml pull web && docker compose -f {{ project_name }}.yml up -d web"
       environment:
         TAG: "{{ tag }}"
       register: output
@@ -62,4 +62,4 @@
         body_format: json
         status_code: 200
 
-<% end %>
+<% end %>

data/templates/development.rb.erb

@@ -0,0 +1,90 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  <% if options[:sidekiq] %>
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = !!Sidekiq.server?
+  <% end -%>
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports.
+  config.consider_all_requests_local = true
+
+  # Enable/disable caching. By default caching is disabled.
+  if Rails.root.join('tmp/caching-dev.txt').exist?
+    config.action_controller.perform_caching = true
+
+    config.cache_store = :memory_store
+    config.public_file_server.headers = {
+      'Cache-Control' => 'public, max-age=172800'
+    }
+  else
+    config.action_controller.perform_caching = false
+
+    config.cache_store = :null_store
+  end
+
+  # SMTP Mailer configuration
+  # Add SMTP settings to your environment and uncomment the following section to enable mailer
+  # if ENV['SMTP_ENABLED'].present? && ENV['SMTP_ENABLED'].to_s == 'true'
+  #   config.action_mailer.smtp_settings = {
+  #     user_name: ENV['SMTP_USER_NAME'],
+  #     password: ENV['SMTP_PASSWORD'],
+  #     address: ENV['SMTP_ADDRESS'],
+  #     domain: ENV['SMTP_DOMAIN'],
+  #     port: ENV['SMTP_PORT'],
+  #     enable_starttls_auto: true,
+  #     authentication: ENV['SMTP_TYPE']
+  #   }
+  #    # ActionMailer Config
+  #   config.action_mailer.delivery_method = :smtp
+  #   config.action_mailer.perform_deliveries = true
+  #   config.action_mailer.raise_delivery_errors = false
+  <% if options[:hyku] %>
+  #   config.action_mailer.asset_host = ENV['SETTINGS__MULTITENANCY__ADMIN_HOST']
+  <% end %>
+  # else
+  #   config.action_mailer.delivery_method = :test
+  # end
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  config.action_mailer.perform_caching = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Suppress logger output for asset requests.
+  config.assets.quiet = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+
+  config.action_mailer.default_url_options = { host: "localhost:3001" }
+
+  config.web_console.whitelisted_ips = ['172.18.0.0/16', '172.27.0.0/16', '0.0.0.0/0']
+
+  if ENV["RAILS_LOG_TO_STDOUT"].present?
+    logger           = ActiveSupport::Logger.new(STDOUT)
+    logger.formatter = config.log_formatter
+    config.logger = ActiveSupport::TaggedLogging.new(logger)
+  end
+
+  config.active_job.queue_adapter     = Settings.active_job.queue_adapter
+  # Use an evented file watcher to asynchronously detect changes in source code,
+  # routes, locales, etc. This feature depends on the listen gem.
+  # config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+end

data/templates/docker-compose.yml.erb

@@ -51,7 +51,7 @@ services:
       - docker-entrypoint.sh
       - solr-precreate
       - mycore
-    # docker-compose exec --user=solr solr bin/solr create_core -c CORENAME
+    # docker compose exec --user=solr solr bin/solr create_core -c CORENAME
 <% end -%>
 <% if options[:redis] -%>
   redis:
@@ -97,28 +97,20 @@ services:
       - "8080"
 <% end -%>
 
-  base:
-    image: "${REGISTRY_HOST}${REGISTRY_URI}/base:latest"
-    build:
-      context: .
-      dockerfile: Dockerfile.base
-      args:
-        DEPLOY_KEY: "${DEPLOY_KEY}"
-        APP_NAME: "${APP_NAME}"
-        REPO_URL: "${REPO_URL}"
-    env_file:
-      - .env
-      - .env.development
-
   app:
     build:
-      context: ..
+    <% if @sc_dir -%>
+  context: ..
       dockerfile: stack_car/Dockerfile
-      args:
+    <% else -%>
+  context: .
+      dockerfile: Dockerfile
+    <% end -%>
+  args:
         DEPLOY_KEY: "${DEPLOY_KEY}"
         REPO_URL: "${REPO_URL}"
         BRANCH: "${BRANCH}"
-    image: "${REGISTRY_HOST}${REGISTRY_URI}:${TAG:-master}"
+    image: "${REGISTRY_HOST}${REGISTRY_URI}:${TAG:-main}"
     env_file:
       - .env
       - .env.development
@@ -133,13 +125,12 @@ services:
     tty: true
 
   web:
-    extends:
-      app:
+    extends: app
     ports:
       - "${WEB_PORT}"
     environment:
-      - VIRTUAL_HOST=<%= @project_name %>.docker
-      - VIRTUAL_PORT=80
+      - VIRTUAL_HOST=.<%= @project_name %>.test
+      - VIRTUAL_PORT=3000
     depends_on:
 <%= compose_depends %>
 
@@ -147,6 +138,7 @@ services:
   worker:
     extends: app
     command: ./bin/delayed_job run
+    depends_on:
 <%= compose_depends %>
 <% end %>
 
@@ -154,6 +146,7 @@ services:
   worker:
     extends: app
     command: bundle exec sidekiq
+    depends_on:
 <%= compose_depends %>
 <% end %>
 

data/templates/encrypt-secrets

@@ -0,0 +1,19 @@
+#!/usr/bin/env ruby
+
+# require 'byebug'
+
+parent_dir = File.dirname(__dir__)
+[
+  ".env.*",
+  "chart/*-values.yaml",
+  "ops/kube_config.yml",
+  "ops/.backend",
+  "ops/k8s/*-values.yaml"
+].each do |files|
+  Dir.glob(files).each do |file|
+    next if /enc/.match?(file)
+    cmd = "sops --encrypt #{file} > #{file}.enc"
+    puts cmd
+    `#{cmd}`
+  end
+end