Skip to content

Commit 63cd699

Browse files
author
Jeff Maher
committed
Merge branch 'master' into dev-setup-readme-updates
2 parents e53a280 + eb83bb9 commit 63cd699

File tree

9 files changed

+102
-126
lines changed

9 files changed

+102
-126
lines changed

.github/containerscan/whitelist.yaml

+1
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,4 @@ general:
22
vulnerabilities:
33
- NSWG-ECO-516
44
- CVE-2020-8130
5+
- CVE-2020-8165

.github/workflows/dockerhub.yml

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: Dockerhub Container Builds
2+
3+
on:
4+
push:
5+
branches: [ master ]
6+
7+
jobs:
8+
build-n-push:
9+
runs-on: ubuntu-latest
10+
steps:
11+
- name: Checkout
12+
uses: actions/checkout@v2
13+
14+
- name: Build Portal
15+
uses: docker/build-push-action@v1
16+
with:
17+
username: ${{ secrets.DOCKER_USERNAME }}
18+
password: ${{ secrets.DOCKER_PASSWORD }}
19+
repository: covidshield/portal
20+
tags: latest,${{ github.sha }}

.github/workflows/master-docker-push.yml

-48
This file was deleted.

Dockerfile

+4-4
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
FROM ruby:2-alpine
2-
LABEL maintainer="someone@covidshield.app"
3-
LABEL app.covidshield.name="Covid Shield Portal"
4-
LABEL app.covidshield.description="The Web Portal for CovidShield.app"
1+
FROM ruby:2-alpine@sha256:2f64029e66742642f94805bece89304c8a644fb565dd3170e841bc11ebea181d
2+
LABEL maintainer="security@covidshield.app"
3+
LABEL app.covidshield.name="COVID Shield Portal"
4+
LABEL app.covidshield.description="The Web Portal for covidshield.app"
55
LABEL app.covidshield.url="https://covidshield.app/"
66
LABEL app.covidshield.docker.cmd="docker run -v `pwd`:/app -p 3000:3000 -d covidshield/portal"
77

Gemfile

+3-2
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,11 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
44
ruby '2.7.1'
55

66
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
7-
gem 'rails', '~> 6.0.3'
7+
gem 'rails', '>= 6.0.3.1'
88
# Use mysql as the database for Active Record
99
gem 'mysql2', '>= 0.4.4'
1010
# Use Puma as the app server
11-
gem 'puma', '~> 4.1'
11+
gem 'puma', '~> 4.3'
1212
# Use SCSS for stylesheets
1313
gem 'sass-rails', '>= 6'
1414
# Transpile app-like JavaScript. Read more: https://github.com/rails/webpacker
@@ -17,6 +17,7 @@ gem 'webpacker', '~> 5.1'
1717
gem 'turbolinks', '~> 5'
1818
# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
1919
gem 'jbuilder', '~> 2.7'
20+
2021
# Use Redis adapter to run Action Cable in production
2122
# gem 'redis', '~> 4.0'
2223
# Use Active Model has_secure_password

Gemfile.lock

+61-58
Original file line numberDiff line numberDiff line change
@@ -1,56 +1,56 @@
11
GEM
22
remote: https://rubygems.org/
33
specs:
4-
actioncable (6.0.3)
5-
actionpack (= 6.0.3)
4+
actioncable (6.0.3.1)
5+
actionpack (= 6.0.3.1)
66
nio4r (~> 2.0)
77
websocket-driver (>= 0.6.1)
8-
actionmailbox (6.0.3)
9-
actionpack (= 6.0.3)
10-
activejob (= 6.0.3)
11-
activerecord (= 6.0.3)
12-
activestorage (= 6.0.3)
13-
activesupport (= 6.0.3)
8+
actionmailbox (6.0.3.1)
9+
actionpack (= 6.0.3.1)
10+
activejob (= 6.0.3.1)
11+
activerecord (= 6.0.3.1)
12+
activestorage (= 6.0.3.1)
13+
activesupport (= 6.0.3.1)
1414
mail (>= 2.7.1)
15-
actionmailer (6.0.3)
16-
actionpack (= 6.0.3)
17-
actionview (= 6.0.3)
18-
activejob (= 6.0.3)
15+
actionmailer (6.0.3.1)
16+
actionpack (= 6.0.3.1)
17+
actionview (= 6.0.3.1)
18+
activejob (= 6.0.3.1)
1919
mail (~> 2.5, >= 2.5.4)
2020
rails-dom-testing (~> 2.0)
21-
actionpack (6.0.3)
22-
actionview (= 6.0.3)
23-
activesupport (= 6.0.3)
21+
actionpack (6.0.3.1)
22+
actionview (= 6.0.3.1)
23+
activesupport (= 6.0.3.1)
2424
rack (~> 2.0, >= 2.0.8)
2525
rack-test (>= 0.6.3)
2626
rails-dom-testing (~> 2.0)
2727
rails-html-sanitizer (~> 1.0, >= 1.2.0)
28-
actiontext (6.0.3)
29-
actionpack (= 6.0.3)
30-
activerecord (= 6.0.3)
31-
activestorage (= 6.0.3)
32-
activesupport (= 6.0.3)
28+
actiontext (6.0.3.1)
29+
actionpack (= 6.0.3.1)
30+
activerecord (= 6.0.3.1)
31+
activestorage (= 6.0.3.1)
32+
activesupport (= 6.0.3.1)
3333
nokogiri (>= 1.8.5)
34-
actionview (6.0.3)
35-
activesupport (= 6.0.3)
34+
actionview (6.0.3.1)
35+
activesupport (= 6.0.3.1)
3636
builder (~> 3.1)
3737
erubi (~> 1.4)
3838
rails-dom-testing (~> 2.0)
3939
rails-html-sanitizer (~> 1.1, >= 1.2.0)
40-
activejob (6.0.3)
41-
activesupport (= 6.0.3)
40+
activejob (6.0.3.1)
41+
activesupport (= 6.0.3.1)
4242
globalid (>= 0.3.6)
43-
activemodel (6.0.3)
44-
activesupport (= 6.0.3)
45-
activerecord (6.0.3)
46-
activemodel (= 6.0.3)
47-
activesupport (= 6.0.3)
48-
activestorage (6.0.3)
49-
actionpack (= 6.0.3)
50-
activejob (= 6.0.3)
51-
activerecord (= 6.0.3)
43+
activemodel (6.0.3.1)
44+
activesupport (= 6.0.3.1)
45+
activerecord (6.0.3.1)
46+
activemodel (= 6.0.3.1)
47+
activesupport (= 6.0.3.1)
48+
activestorage (6.0.3.1)
49+
actionpack (= 6.0.3.1)
50+
activejob (= 6.0.3.1)
51+
activerecord (= 6.0.3.1)
5252
marcel (~> 0.3.1)
53-
activesupport (6.0.3)
53+
activesupport (6.0.3.1)
5454
concurrent-ruby (~> 1.0, >= 1.0.2)
5555
i18n (>= 0.7, < 2)
5656
minitest (~> 5.1)
@@ -67,7 +67,7 @@ GEM
6767
msgpack (~> 1.0)
6868
builder (3.2.4)
6969
byebug (11.1.3)
70-
capybara (3.32.1)
70+
capybara (3.32.2)
7171
addressable
7272
mini_mime (>= 0.1.3)
7373
nokogiri (~> 1.8)
@@ -114,45 +114,45 @@ GEM
114114
nokogiri (1.10.9)
115115
mini_portile2 (~> 2.4.0)
116116
parallel (1.19.1)
117-
parser (2.7.1.2)
117+
parser (2.7.1.3)
118118
ast (~> 2.4.0)
119119
pry (0.13.1)
120120
coderay (~> 1.1)
121121
method_source (~> 1.0)
122122
pry-byebug (3.9.0)
123123
byebug (~> 11.0)
124124
pry (~> 0.13.0)
125-
public_suffix (4.0.4)
126-
puma (4.3.3)
125+
public_suffix (4.0.5)
126+
puma (4.3.5)
127127
nio4r (~> 2.0)
128128
rack (2.2.2)
129129
rack-proxy (0.6.5)
130130
rack
131131
rack-test (1.1.0)
132132
rack (>= 1.0, < 3)
133-
rails (6.0.3)
134-
actioncable (= 6.0.3)
135-
actionmailbox (= 6.0.3)
136-
actionmailer (= 6.0.3)
137-
actionpack (= 6.0.3)
138-
actiontext (= 6.0.3)
139-
actionview (= 6.0.3)
140-
activejob (= 6.0.3)
141-
activemodel (= 6.0.3)
142-
activerecord (= 6.0.3)
143-
activestorage (= 6.0.3)
144-
activesupport (= 6.0.3)
133+
rails (6.0.3.1)
134+
actioncable (= 6.0.3.1)
135+
actionmailbox (= 6.0.3.1)
136+
actionmailer (= 6.0.3.1)
137+
actionpack (= 6.0.3.1)
138+
actiontext (= 6.0.3.1)
139+
actionview (= 6.0.3.1)
140+
activejob (= 6.0.3.1)
141+
activemodel (= 6.0.3.1)
142+
activerecord (= 6.0.3.1)
143+
activestorage (= 6.0.3.1)
144+
activesupport (= 6.0.3.1)
145145
bundler (>= 1.3.0)
146-
railties (= 6.0.3)
146+
railties (= 6.0.3.1)
147147
sprockets-rails (>= 2.0.0)
148148
rails-dom-testing (2.0.3)
149149
activesupport (>= 4.2.0)
150150
nokogiri (>= 1.6)
151151
rails-html-sanitizer (1.3.0)
152152
loofah (~> 2.3)
153-
railties (6.0.3)
154-
actionpack (= 6.0.3)
155-
activesupport (= 6.0.3)
153+
railties (6.0.3.1)
154+
actionpack (= 6.0.3.1)
155+
activesupport (= 6.0.3.1)
156156
method_source
157157
rake (>= 0.8.7)
158158
thor (>= 0.20.3, < 2.0)
@@ -165,13 +165,16 @@ GEM
165165
reverse_markdown (1.4.0)
166166
nokogiri
167167
rexml (3.2.4)
168-
rubocop (0.83.0)
168+
rubocop (0.84.0)
169169
parallel (~> 1.10)
170170
parser (>= 2.7.0.1)
171171
rainbow (>= 2.2.2, < 4.0)
172172
rexml
173+
rubocop-ast (>= 0.0.3)
173174
ruby-progressbar (~> 1.7)
174175
unicode-display_width (>= 1.4.0, < 2.0)
176+
rubocop-ast (0.0.3)
177+
parser (>= 2.7.0.1)
175178
ruby-progressbar (1.10.1)
176179
rubyzip (2.3.0)
177180
safe_yaml (1.0.5)
@@ -241,7 +244,7 @@ GEM
241244
rack-proxy (>= 0.6.1)
242245
railties (>= 5.2)
243246
semantic_range (>= 2.3.0)
244-
websocket-driver (0.7.1)
247+
websocket-driver (0.7.2)
245248
websocket-extensions (>= 0.1.0)
246249
websocket-extensions (0.1.4)
247250
xpath (3.2.0)
@@ -261,8 +264,8 @@ DEPENDENCIES
261264
listen (>= 3.0.5, < 3.3)
262265
mysql2 (>= 0.4.4)
263266
pry-byebug
264-
puma (~> 4.1)
265-
rails (~> 6.0.3)
267+
puma (~> 4.3)
268+
rails (>= 6.0.3.1)
266269
sass-rails (>= 6)
267270
selenium-webdriver
268271
solargraph

config/terraform/aws/ecs.tf

+7-11
Original file line numberDiff line numberDiff line change
@@ -4,26 +4,16 @@
44

55
# Task Definition
66

7-
data "aws_ecr_repository" "covidshield_portal" {
8-
name = "portal"
9-
}
10-
117
data "github_branch" "portal" {
128
repository = "portal"
139
branch = "master"
1410
}
1511

16-
data "aws_ecr_image" "covidshield_portal" {
17-
registry_id = data.aws_ecr_repository.covidshield_portal.registry_id
18-
repository_name = data.aws_ecr_repository.covidshield_portal.name
19-
image_tag = coalesce(var.github_sha, data.github_branch.portal.sha)
20-
}
21-
2212
data "template_file" "covidshield_portal_task" {
2313
template = file("task-definitions/covidshield_portal.json")
2414

2515
vars = {
26-
image = "${data.aws_ecr_repository.covidshield_portal.repository_url}:${element(sort(data.aws_ecr_image.covidshield_portal.image_tags), 0)}"
16+
image = "covidshield/portal:${coalesce(var.github_sha, data.github_branch.portal.sha)}"
2717
awslogs-group = data.terraform_remote_state.backend.outputs.cloudwatch_log_group.name
2818
awslogs-region = var.region
2919
awslogs-stream-prefix = "ecs-${var.ecs_portal_name}"
@@ -63,6 +53,8 @@ resource "aws_ecs_service" "covidshield_portal" {
6353
task_definition = aws_ecs_task_definition.covidshield_portal.arn
6454
desired_count = 2
6555
launch_type = "FARGATE"
56+
# Enable the new ARN format to propagate tags to containers
57+
propagate_tags = "SERVICE"
6658

6759
deployment_minimum_healthy_percent = 50
6860
deployment_maximum_percent = 200
@@ -82,4 +74,8 @@ resource "aws_ecs_service" "covidshield_portal" {
8274
container_name = "portal"
8375
container_port = 3000
8476
}
77+
78+
tags = {
79+
(var.billing_tag_key) = var.billing_tag_value
80+
}
8581
}

config/terraform/aws/rds.tf

+2
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ resource "aws_db_instance" "covidshield" {
1212
engine_version = "5.7"
1313
final_snapshot_identifier = "portal-${random_string.random.result}"
1414
skip_final_snapshot = false
15+
multi_az = true
16+
storage_encrypted = true
1517
instance_class = var.rds_portal_instance_class
1618
name = var.rds_portal_db_name
1719
username = var.rds_portal_db_user

config/terraform/aws/variables.auto.tfvars

+4-3
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22
# Global
33
###
44

5-
region = "ca-central-1"
5+
region = "ca-central-1"
6+
# Enable the new ARN format to propagate tags to containers
67
billing_tag_key = "CostCentre"
78
billing_tag_value = "CovidShield"
89

@@ -14,7 +15,7 @@ billing_tag_value = "CovidShield"
1415
ecs_portal_name = "Portal"
1516
ecs_task_portal_env_rails_env = "production"
1617
ecs_task_portal_env_rails_serve_static_files = "1"
17-
# Comes from a Github secret
18+
# Value should come from an TF_VAR environment variable (e.g. set in a Github Secret)
1819
# ecs_task_portal_env_rails_master_key = ""
1920

2021
###
@@ -24,7 +25,7 @@ ecs_task_portal_env_rails_serve_static_files = "1"
2425
# Portal
2526
rds_portal_db_name = "portal"
2627
rds_portal_db_user = "root"
27-
# Comes from a Github secret
28+
# Value should come from an TF_VAR environment variable (e.g. set in a Github Secret)
2829
# rds_portal_db_password = ""
2930
rds_portal_allocated_storage = "5"
3031
rds_portal_instance_class = "db.t3.small"

0 commit comments

Comments
 (0)