diff --git a/.github/workflows/build-deploy-on-release.yaml b/.github/workflows/build-deploy-on-release.yaml index 66e2035..56ada3c 100644 --- a/.github/workflows/build-deploy-on-release.yaml +++ b/.github/workflows/build-deploy-on-release.yaml @@ -11,7 +11,7 @@ jobs: with: image_name: ${{ vars.IMAGE_NAME }} tag: ${{ github.event.release.tag_name }} - dockerfile: Dockerfile.prod + dockerfile: Dockerfile secrets: inherit deploy-production: diff --git a/.github/workflows/build-main.yml b/.github/workflows/build-main.yml index 21c2dfb..936f241 100644 --- a/.github/workflows/build-main.yml +++ b/.github/workflows/build-main.yml @@ -13,7 +13,7 @@ jobs: with: image_name: ${{ vars.IMAGE_NAME }} tag: ${{ github.sha }} - dockerfile: Dockerfile.prod + dockerfile: Dockerfile secrets: inherit deploy-testing: diff --git a/.github/workflows/deploy-production.yaml b/.github/workflows/deploy-production.yaml index 5100018..98e9128 100644 --- a/.github/workflows/deploy-production.yaml +++ b/.github/workflows/deploy-production.yaml @@ -14,7 +14,7 @@ jobs: with: image_name: ${{ vars.IMAGE_NAME }} tag: ${{ github.event.inputs.tag }} - dockerfile: Dockerfile.prod + dockerfile: Dockerfile secrets: inherit deploy-production: diff --git a/.github/workflows/manual-deploy-unstable.yaml b/.github/workflows/manual-deploy-unstable.yaml index 87f0234..8eff746 100644 --- a/.github/workflows/manual-deploy-unstable.yaml +++ b/.github/workflows/manual-deploy-unstable.yaml @@ -22,7 +22,7 @@ jobs: with: image_name: ${{ vars.IMAGE_NAME }} tag: ${{ github.event.inputs.tag }} - dockerfile: Dockerfile.prod + dockerfile: Dockerfile secrets: inherit deploy: diff --git a/Dockerfile b/Dockerfile index 5e47db5..98d9204 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,9 @@ -ARG RUBY_VERSION=3.2 -FROM ruby:${RUBY_VERSION} +FROM ruby:3.2 AS development ARG UNAME=app ARG UID=1000 ARG GID=1000 -LABEL maintainer="mrio@umich.edu" - RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ apt-transport-https @@ -28,3 +25,19 @@ USER $UNAME ENV BUNDLE_PATH /gems WORKDIR /app + +FROM development AS production + +COPY --chown=${UID}:${GID} . /app +ENV BUNDLE_WITHOUT development:test + +RUN --mount=type=secret,id=gh_package_read_token,uid=1000 \ + read_token="$(cat /run/secrets/gh_package_read_token)" \ + && BUNDLE_RUBYGEMS__PKG__GITHUB__COM=${read_token} bundle install + +RUN npm ci + +RUN npm run build +RUN cp js/* public/bundles/ + +CMD ["bundle", "exec", "rackup", "-p", "4567", "--host", "0.0.0.0"] diff --git a/Dockerfile.prod b/Dockerfile.prod deleted file mode 100644 index 086300c..0000000 --- a/Dockerfile.prod +++ /dev/null @@ -1,44 +0,0 @@ -ARG RUBY_VERSION=3.2 -FROM ruby:${RUBY_VERSION} - -ARG UNAME=app -ARG UID=1000 -ARG GID=1000 - -LABEL maintainer="mrio@umich.edu" - -RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ - apt-transport-https - -RUN curl -sL https://deb.nodesource.com/setup_18.x | bash - - -RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ - nodejs \ - vim-tiny - -RUN gem install bundler -RUN npm install -g npm - -RUN groupadd -g ${GID} -o ${UNAME} -RUN useradd -m -d /app -u ${UID} -g ${GID} -o -s /bin/bash ${UNAME} -RUN mkdir -p /gems && chown ${UID}:${GID} /gems - -COPY --chown=${UID}:${GID} . /app - -ENV BUNDLE_PATH /gems -ENV BUNDLE_WITHOUT development:test - -WORKDIR /app - -RUN --mount=type=secret,id=gh_package_read_token \ - read_token="$(cat /run/secrets/gh_package_read_token)" \ - && BUNDLE_RUBYGEMS__PKG__GITHUB__COM=${read_token} bundle install - -USER $UNAME - -RUN npm ci - -RUN npm run build -RUN cp js/* public/bundles/ - -CMD ["bundle", "exec", "rackup", "-p", "4567", "--host", "0.0.0.0"] diff --git a/Gemfile.lock b/Gemfile.lock index 663962f..5ce10fa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GEM remote: https://rubygems.org/ specs: - activemodel (7.0.4.3) - activesupport (= 7.0.4.3) - activesupport (7.0.4.3) + activemodel (7.0.5) + activesupport (= 7.0.5) + activesupport (7.0.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -11,7 +11,7 @@ GEM addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) aes_key_wrap (1.1.0) - anyway_config (2.4.0) + anyway_config (2.4.1) ruby-next-core (>= 0.14.0) ast (2.4.2) attr_required (1.0.1) @@ -26,21 +26,21 @@ GEM diff-lcs (1.5.0) docile (1.4.0) dry-initializer (3.1.1) - faraday (2.7.4) + faraday (2.7.5) faraday-net_http (>= 2.0, < 3.1) ruby2_keywords (>= 0.0.4) faraday-follow_redirects (0.3.0) faraday (>= 1, < 3) faraday-net_http (3.0.2) - faraday-retry (2.1.0) + faraday-retry (2.2.0) faraday (~> 2.0) ffi (1.15.5) hashdiff (1.0.1) hashie (5.0.0) http-2-next (0.5.1) - httpx (0.23.1) + httpx (0.23.3) http-2-next (>= 0.4.1) - i18n (1.13.0) + i18n (1.14.1) concurrent-ruby (~> 1.0) json (2.6.3) json-jwt (1.16.3) @@ -106,7 +106,7 @@ GEM byebug (~> 11.0) pry (>= 0.13, < 0.15) public_suffix (5.0.1) - puma (6.2.2) + puma (6.3.0) nio4r (~> 2.0) rack (2.2.7) rack-oauth2 (2.2.0) @@ -139,7 +139,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.12.0) rspec-support (3.12.0) - rubocop (1.50.2) + rubocop (1.52.0) json (~> 2.3) parallel (~> 1.10) parser (>= 3.2.0.0) @@ -149,9 +149,9 @@ GEM rubocop-ast (>= 1.28.0, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.28.1) + rubocop-ast (1.29.0) parser (>= 3.2.1.0) - rubocop-performance (1.16.0) + rubocop-performance (1.18.0) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) ruby-next-core (0.15.3) @@ -176,23 +176,23 @@ GEM tilt (~> 2.0) sinatra-flash (0.3.0) sinatra (>= 1.0.0) - standard (1.28.2) + standard (1.29.0) language_server-protocol (~> 3.17.0.2) lint_roller (~> 1.0) - rubocop (~> 1.50.2) + rubocop (~> 1.52.0) standard-custom (~> 1.0.0) - standard-performance (~> 1.0.1) - standard-custom (1.0.0) + standard-performance (~> 1.1.0) + standard-custom (1.0.1) lint_roller (~> 1.0) - standard-performance (1.0.1) + standard-performance (1.1.0) lint_roller (~> 1.0) - rubocop-performance (~> 1.16.0) + rubocop-performance (~> 1.18.0) swd (2.0.2) activesupport (>= 3) attr_required (>= 0.0.5) faraday (~> 2.0) faraday-follow_redirects - tilt (2.1.0) + tilt (2.2.0) timeout (0.3.2) tzinfo (2.0.6) concurrent-ruby (~> 1.0) @@ -261,4 +261,4 @@ DEPENDENCIES yabeda-puma-plugin BUNDLED WITH - 2.4.7 + 2.4.13 diff --git a/docker-compose.yml b/docker-compose.yml index 557173a..f1747c7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,10 @@ -version: '3' +version: '3.8' services: web: - build: . + build: + context: . + target: development ports: - "4567:4567" - "9394:9394" @@ -22,14 +24,18 @@ services: - 0.0.0.0 css: - build: . + build: + context: . + target: development volumes: - .:/app - gem_cache:/gems command: bundle exec ruby ./config/css-listener.rb js: - build: . + build: + context: . + target: development volumes: - .:/app - gem_cache:/gems diff --git a/package-lock.json b/package-lock.json index 21e47af..30631e5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "license": "ISC", "devDependencies": { "cssnano": "^6.0.1", - "postcss": "^8.4.23", + "postcss": "^8.4.24", "postcss-cli": "^10.1.0", "postcss-import": "^15.1.0" } @@ -124,9 +124,9 @@ } }, "node_modules/browserslist": { - "version": "4.21.5", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.5.tgz", - "integrity": "sha512-tUkiguQGW7S3IhB7N+c2MV/HZPSCPAAiYBZXLsBhFB/PCy6ZKKsZrmBayHV9fdGV/ARIfJ14NkxKzRDjvp7L6w==", + "version": "4.21.7", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.21.7.tgz", + "integrity": "sha512-BauCXrQ7I2ftSqd2mvKHGo85XR0u7Ru3C/Hxsy/0TkfCtjrmAbPdzLGasmoiBxplpDXlPvdjX9u7srIMfgasNA==", "dev": true, "funding": [ { @@ -136,13 +136,17 @@ { "type": "tidelift", "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" } ], "dependencies": { - "caniuse-lite": "^1.0.30001449", - "electron-to-chromium": "^1.4.284", - "node-releases": "^2.0.8", - "update-browserslist-db": "^1.0.10" + "caniuse-lite": "^1.0.30001489", + "electron-to-chromium": "^1.4.411", + "node-releases": "^2.0.12", + "update-browserslist-db": "^1.0.11" }, "bin": { "browserslist": "cli.js" @@ -164,9 +168,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001481", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001481.tgz", - "integrity": "sha512-KCqHwRnaa1InZBtqXzP98LPg0ajCVujMKjqKDhZEthIpAsJl/YEIa3YvXjGXPVqzZVguccuu7ga9KOE1J9rKPQ==", + "version": "1.0.30001494", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001494.tgz", + "integrity": "sha512-sY2B5Qyl46ZzfYDegrl8GBCzdawSLT4ThM9b9F+aDYUrAG2zCOyMbd2Tq34mS1g4ZKBfjRlzOohQMxx28x6wJg==", "dev": true, "funding": [ { @@ -507,9 +511,9 @@ } }, "node_modules/electron-to-chromium": { - "version": "1.4.377", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.377.tgz", - "integrity": "sha512-H3BYG6DW5Z+l0xcfXaicJGxrpA4kMlCxnN71+iNX+dBLkRMOdVJqFJiAmbNZZKA1zISpRg17JR03qGifXNsJtw==", + "version": "1.4.419", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.419.tgz", + "integrity": "sha512-jdie3RiEgygvDTyS2sgjq71B36q2cDSBfPlwzUyuOrfYTNoYWyBxxjGJV/HAu3A2hB0Y+HesvCVkVAFoCKwCSw==", "dev": true }, "node_modules/emoji-regex": { @@ -714,9 +718,9 @@ } }, "node_modules/is-core-module": { - "version": "2.12.0", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.0.tgz", - "integrity": "sha512-RECHCBCd/viahWmwj6enj19sKbHfJrddi/6cBDsNTKbNq0f7VeaUkBo60BqzvPqo/W54ChS62Z5qyun7cfOMqQ==", + "version": "2.12.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.12.1.tgz", + "integrity": "sha512-Q4ZuBAe2FUsKtyQJoQHlvP8OvBERxO3jEmy1I7hcRXcJBGGHFh/aJBswbXuS9sgrDH2QUO8ilkwNPHvHMd8clg==", "dev": true, "dependencies": { "has": "^1.0.3" @@ -844,9 +848,9 @@ } }, "node_modules/node-releases": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.10.tgz", - "integrity": "sha512-5GFldHPXVG/YZmFzJvKK2zDSzPKhEp0+ZR5SVaoSag9fsL5YgHbUHDfnG5494ISANDcK4KwPXAx2xqVEydmd7w==", + "version": "2.0.12", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.12.tgz", + "integrity": "sha512-QzsYKWhXTWx8h1kIvqfnC++o0pEmpRQA/aenALsL2F4pqNVr7YzcdMlDij5WBnwftRbJCNJL/O7zdKaxKPHqgQ==", "dev": true }, "node_modules/normalize-path": { @@ -913,9 +917,9 @@ } }, "node_modules/postcss": { - "version": "8.4.23", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.23.tgz", - "integrity": "sha512-bQ3qMcpF6A/YjR55xtoTr0jGOlnPOKAIMdOWiv0EIT6HVPEaJiJB4NLljSbiHoC2RX7DN5Uvjtpbg1NPdwv1oA==", + "version": "8.4.24", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.24.tgz", + "integrity": "sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==", "dev": true, "funding": [ { @@ -941,9 +945,9 @@ } }, "node_modules/postcss-calc": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-9.0.0.tgz", - "integrity": "sha512-B9BNW/SVh4SMJfoCQ6D9h1Wo7Yjqks7UdbiARJ16J5TIsQn5NEqwMF5joSgOYb26oJPUR5Uv3fCQ/4PvmZWeJQ==", + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-9.0.1.tgz", + "integrity": "sha512-TipgjGyzP5QzEhsOZUaIkeO5mKeMFpebWzRogWG/ysonUlnHcq5aJe0jOjpfzUU8PeSaBQnrE8ehR0QA5vs8PQ==", "dev": true, "dependencies": { "postcss-selector-parser": "^6.0.11", @@ -1412,9 +1416,9 @@ } }, "node_modules/postcss-selector-parser": { - "version": "6.0.12", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.12.tgz", - "integrity": "sha512-NdxGCAZdRrwVI1sy59+Wzrh+pMMHxapGnpfenDVlMEXoOcvt4pGE0JLK9YY2F5dLxcFYA/YbVQKhcGU+FtSYQg==", + "version": "6.0.13", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.13.tgz", + "integrity": "sha512-EaV1Gl4mUEV4ddhDnv/xtj7sxwrwxdetHdWUGnT4VJQf+4d05v6lHYZr8N573k5Z0BViss7BDhfWtKS3+sfAqQ==", "dev": true, "dependencies": { "cssesc": "^3.0.0", @@ -1571,9 +1575,9 @@ } }, "node_modules/slash": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/slash/-/slash-5.0.1.tgz", - "integrity": "sha512-ywNzUOiXwetmLvTUiCBZpLi+vxqN3i+zDqjs2HHfUSV3wN4UJxVVKWrS1JZDeiJIeBFNgB5pmioC2g0IUTL+rQ==", + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-5.1.0.tgz", + "integrity": "sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==", "dev": true, "engines": { "node": ">=14.16" @@ -1759,9 +1763,9 @@ } }, "node_modules/yaml": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.2.2.tgz", - "integrity": "sha512-CBKFWExMn46Foo4cldiChEzn7S7SRV+wqiluAb6xmueD/fGyRHIhX8m14vVGgeFWjN540nKCNVj6P21eQjgTuA==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.3.1.tgz", + "integrity": "sha512-2eHWfjaoXgTBC2jNM1LRef62VQa0umtvRiDSk6HSzW7RvS5YtkabJrwYLLEKWBc8a5U2PTSCs+dJjUTJdlHsWQ==", "dev": true, "engines": { "node": ">= 14" diff --git a/package.json b/package.json index 9e488f8..a5911b5 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "homepage": "https://github.com/mlibrary/get-this#readme", "devDependencies": { "cssnano": "^6.0.1", - "postcss": "^8.4.23", + "postcss": "^8.4.24", "postcss-cli": "^10.1.0", "postcss-import": "^15.1.0" }