dockerize and switch to SMTP to send email

[leonardow-unep-wcmc]

• Tried nodejs 12, but it doesn't work with current version node-sass. Stay at nodejs v10.
• Tried ruby 2.6, but it doesn't work with current version bcrypt. Stay at ruby 2.5.
• switch to SMTP (sendgrid) approach to send email, two new env are needed: MAIL_USERNAME, MAIL_PASSWORD
• dockerize for local development. Need .env.development with SHIPMENTS_API_TOKEN, value from staging.
• Dockerfile for staging/production.
• New ENV for database config (for kamal deploy):
  • DATABASE_USERNAME
  • DATABASE_PASSWORD
  • DATABASE_PORT
  • DATABASE_HOST

[pdl]

What is this used by? Not come across it before

[leonardow-unep-wcmc]

The readme.md has mention it. It is for webpacker i believe.

[pdl]

Is SECRET_KEY_BASE a placeholder for future rails here? Or is it supposed to be set with a .env.staging file - in which case doesn't it get overridden by dummy here?

[leonardow-unep-wcmc]

SECRET_KEY_BASE is essential in staging and production in Rails, it use to encrypt the cookie/session and password (but not devise).

In the old days, cap deploy is basiclly SSH into the server and run the assets precompile which the .env is there, all good, but actually not really using the it (assets don't need that secret at all).

When we use docker nowadays, we build the image without any secret, but due to the rails stack it still need that to make it run. Newer rails come with a new env for that in Dockerfile:

RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile

But it is not available in the rails version using in this project.

In my knowledge RUN SECRET_KEY_BASE=dummy ./bin/rails assets:precompile inline environment variable only available in that line, not retain in other docker command when build, as well as the container.

There is one SECRET_KEY_BASE in .env in staging and production server. And later if we deploy using kamal, we need to set that in kamal config too. You may find some newer project do not need that env because the value is stored in Rails credential. However this project still using secrets.yml with ENV, thats why.

[pdl]

Oh it is me that is the dummy, I got it confused with RAILS_MASTER_KEY. Yep, I agree this is safe.

[leonardow-unep-wcmc]

One more thing we need to keep it in mind about assets.

In a perfect setup, the assets should upload to CDN instead of hosting locally.
If we host locally, it should put in a share folder (cap shared/kamal host volume), so that the out-dated assets (from previous releases) still accessable by the end-user.

All assets is build with a checksum in the file name, to ensure the user always loading the latest assets.
However in some scenario, end-user still need to access some old/out-dated assets. For example, if we use an image in the email. The email content point to the old image which may no longer avaiable in the latest release. If we not setup the assets folder properly, that image in the email will be broken.

Good news is, seems all our email in WCMC is simple text, so we don't need to worry about this.