From 0f3e8f7881dd6143bc03cbe694db567e43aca387 Mon Sep 17 00:00:00 2001
From: Justin Littman <justinlittman@stanford.edu>
Date: Tue, 27 Sep 2022 16:00:50 -0400
Subject: [PATCH] Use production Dockerfile for local docker.

---
 Gemfile                                       |  4 +--
 Gemfile.lock                                  |  6 ++--
 README.md                                     |  4 +--
 app/controllers/application_controller.rb     | 13 ++++++--
 config/initializers/devise_remote_user.rb     |  2 +-
 docker-compose.prod.yml                       |  2 +-
 docker-compose.yml                            | 33 ++++++++-----------
 docker/{app-prod => }/Dockerfile              |  7 ++--
 docker/app/Dockerfile                         | 30 -----------------
 docker/{app/invoke.sh => invoke-app.sh}       |  3 ++
 .../{workers/invoke.sh => invoke-worker.sh}   |  0
 docker/workers/Dockerfile                     | 27 ---------------
 lib/tasks/deposit.rake                        |  8 +++--
 13 files changed, 46 insertions(+), 93 deletions(-)
 rename docker/{app-prod => }/Dockerfile (91%)
 delete mode 100644 docker/app/Dockerfile
 rename docker/{app/invoke.sh => invoke-app.sh} (94%)
 rename docker/{workers/invoke.sh => invoke-worker.sh} (100%)
 delete mode 100644 docker/workers/Dockerfile

diff --git a/Gemfile b/Gemfile
index a19fc8dda..3fa41fb75 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,7 +23,6 @@ group :development, :test do
 end
 
 group :development do
-  gem 'faker'
   gem 'listen', '~> 3.2'
   gem 'multi_json', require: false # needed to update RBIs after adding reform-rails
   gem 'spring'
@@ -41,7 +40,7 @@ end
 group :deployment do
   gem 'capistrano-maintenance', '~> 1.2', require: false
   gem 'capistrano-rails', require: false
-  gem 'dlss-capistrano-docker', github: 'sul-dlss/dlss-capistrano-docker', branch: 'initial', require: false
+  gem 'dlss-capistrano-docker', github: 'sul-dlss/dlss-capistrano-docker', branch: 't2-rollback', require: false
 end
 
 gem 'action_policy', '~> 0.5.3'
@@ -55,6 +54,7 @@ gem 'devise-remote-user', '~> 1.0'
 gem 'druid-tools'
 gem 'dry-types'
 gem 'edtf'
+gem 'faker'
 gem 'faraday', '~> 2.0'
 gem 'honeybadger', '~> 4.0'
 gem 'jbuilder'
diff --git a/Gemfile.lock b/Gemfile.lock
index 2c7684719..147c1ad9b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,9 +1,9 @@
 GIT
   remote: https://github.com/sul-dlss/dlss-capistrano-docker.git
-  revision: f180a5fc7329c506b0ad89bd0f8f821972a04fa6
-  branch: initial
+  revision: 6db0ad1335507359f32b6a40ce8cd56e8be42be9
+  branch: t2-rollback
   specs:
-    dlss-capistrano-docker (0.0.1)
+    dlss-capistrano-docker (1.0.0)
       capistrano (~> 3.0)
       capistrano-one_time_key
       capistrano-shared_configs
diff --git a/README.md b/README.md
index 949497ec5..2756253f4 100644
--- a/README.md
+++ b/README.md
@@ -63,13 +63,13 @@ Then run tests with `bundle exec rspec`. If you also want to do style checks & l
 
 ### Integration
 
-Spin up all docker compose services for local development and in-browser testing:
+Spin up all docker compose services for local testing:
 
 ```shell
 $ docker compose up # use -d to run in background
 ```
 
-This will spin up the H2 web application, its background workers, and all service dependencies declared in docker-compose.yml.
+This will spin up the H2 web application, its background workers, and all service dependencies declared in docker-compose.yml. H2 will be running in production mode.
 
 ### Cypress
 Cypress is primarily used to test features implemented with JS/Stimulus. Cypress tests are located in `cypress/spec`.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 98ec65e2f..d571a38c6 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -41,14 +41,21 @@ def groups_from_request_env
     session['groups'] = begin
       raw_header = request.env[Settings.authorization_group_header]
       roles = ENV.fetch('ROLES', nil) # rubocop:disable Rails/EnvironmentVariableAccess
-      raw_header = roles if Rails.env.development?
-      # This test setting is for cypress.
-      raw_header = roles if Rails.env.test? && roles
+      raw_header = roles if use_roles?(roles)
       logger.debug("Roles are #{raw_header}")
       raw_header&.split(';') || []
     end
   end
 
+  def use_roles?(roles)
+    return true if Rails.env.development?
+    # This test setting is for cypress.
+    return true if Rails.env.test? && roles
+    return true if ENV.fetch('LOCAL_DOCKER', nil) && roles # rubocop:disable Rails/EnvironmentVariableAccess
+
+    false
+  end
+
   def deny_access
     flash[:warning] = 'You are not authorized to perform the requested action'
     redirect_to :root
diff --git a/config/initializers/devise_remote_user.rb b/config/initializers/devise_remote_user.rb
index 8f59d46d4..2e6cdc777 100644
--- a/config/initializers/devise_remote_user.rb
+++ b/config/initializers/devise_remote_user.rb
@@ -3,7 +3,7 @@
 DeviseRemoteUser.configure do |config|
   config.env_key = lambda do |env|
     remote_user = ENV.fetch('REMOTE_USER', nil)
-    if (Rails.env.development? || Rails.env.test?) && remote_user
+    if (Rails.env.development? || Rails.env.test? || ENV.fetch('LOCAL_DOCKER', false)) && remote_user
       remote_user
     else
       # Return the first non-blank value of a remote user header, or return nil (unauthenticated)
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 6942b3ec9..73af1b6d8 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -4,7 +4,7 @@ services:
   app:
     build: &build
       context: .
-      dockerfile: docker/app-prod/Dockerfile
+      dockerfile: docker/Dockerfile
       args:
         - GID=${H2_GID-1000}
         - UID=${H2_UID-1000}
diff --git a/docker-compose.yml b/docker-compose.yml
index 050f487ed..f7e6fa039 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,42 +2,35 @@ version: '3.6'
 
 services:
   app:
-    build:
+    build: &build
       context: .
-      dockerfile: docker/app/Dockerfile
-    environment:
+      dockerfile: docker/Dockerfile
+      args:
+        SECRET_KEY_BASE: 2e4f669b6529a0bcec468d9b5329e2fe7e7f6a4d7915370862d6d4f2b6907f1fabc505a681aaa13b3858f02588602fd0b721ca783bdac37fe70ea83b8f123456
+    environment: &environment
       DATABASE_NAME: h2
       DATABASE_USERNAME: postgres
       DATABASE_PASSWORD: postgres
       DATABASE_HOSTNAME: db
-      RAILS_LOG_TO_STDOUT: 'true'
+      RAILS_SERVE_STATIC_FILES: 'true'
       REDIS_URL: redis://redis:6379/ # for ActionCable
-      REMOTE_USER: sdr.user@stanford.edu
-    volumes:
-      - .:/app
-    working_dir: /app
+      REMOTE_USER: auser@stanford.edu
+      ROLES: dlss:hydrus-app-administrators
+      LOCAL_DOCKER: 'true'
     ports:
       - 3000:3000
     depends_on:
       - db
       - redis
       - workers
+    command: "./docker/invoke-app.sh"
   workers:
-    build:
-      context: .
-      dockerfile: docker/workers/Dockerfile
-    environment:
-      DATABASE_NAME: h2
-      DATABASE_USERNAME: postgres
-      DATABASE_PASSWORD: postgres
-      DATABASE_HOSTNAME: db
-      REDIS_URL: redis://redis:6379/ # for Sidekiq
-    volumes:
-      - .:/app
-    working_dir: /app
+    build: *build
+    environment: *environment
     depends_on:
       - db
       - redis
+    command: "./docker/invoke-worker.sh"
   db:
     image: postgres:12
     environment:
diff --git a/docker/app-prod/Dockerfile b/docker/Dockerfile
similarity index 91%
rename from docker/app-prod/Dockerfile
rename to docker/Dockerfile
index b14ede1f3..c35d8fa56 100644
--- a/docker/app-prod/Dockerfile
+++ b/docker/Dockerfile
@@ -1,13 +1,15 @@
 FROM ruby:3.1-alpine
 
 # curl is to install supercronic
+# postgresql-client and redis is required for invoke.sh
 RUN apk add --update --no-cache \
   build-base \
   postgresql-dev \
+  postgresql-client \
   tzdata \
   yarn \
-  git \
-  curl
+  curl \
+  redis
 
 ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.2.1/supercronic-linux-amd64
 ENV SUPERCRONIC=supercronic-linux-amd64
@@ -43,6 +45,7 @@ ENV NODE_ENV=production
 RUN bundle install
 RUN yarn install
 
+RUN chown -R h2:h2 /app
 COPY --chown=h2:h2 . .
 USER h2:h2
 
diff --git a/docker/app/Dockerfile b/docker/app/Dockerfile
deleted file mode 100644
index ec1bbf24c..000000000
--- a/docker/app/Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-# This Dockerfile is optimized for running in development. That means it trades
-# build speed for size. If we were using this for production, we might instead
-# optimize for a smaller size at the cost of a slower build.
-FROM ruby:3.1-alpine
-
-# postgresql-client is required for invoke.sh
-RUN apk add --update --no-cache \
-  build-base \
-  postgresql-dev \
-  postgresql-client \
-  tzdata \
-  yarn \
-  git
-
-# Get bundler 2.0
-RUN gem install bundler
-
-WORKDIR /app
-
-COPY Gemfile Gemfile.lock package.json yarn.lock ./
-
-RUN bundle config set without 'production' && \
-  bundle install && \
-  yarn install
-
-COPY . .
-
-RUN bin/rails assets:precompile
-
-CMD ["./docker/app/invoke.sh"]
diff --git a/docker/app/invoke.sh b/docker/invoke-app.sh
similarity index 94%
rename from docker/app/invoke.sh
rename to docker/invoke-app.sh
index 17455c88e..33320d5f4 100755
--- a/docker/app/invoke.sh
+++ b/docker/invoke-app.sh
@@ -22,5 +22,8 @@ set -e
 echo "Migrating db"
 bin/rails db:migrate
 
+echo "Seeding db"
+bin/rails db:seed
+
 echo "Running server"
 exec bin/puma -C config/puma.rb config.ru
diff --git a/docker/workers/invoke.sh b/docker/invoke-worker.sh
similarity index 100%
rename from docker/workers/invoke.sh
rename to docker/invoke-worker.sh
diff --git a/docker/workers/Dockerfile b/docker/workers/Dockerfile
deleted file mode 100644
index 1b24a46bb..000000000
--- a/docker/workers/Dockerfile
+++ /dev/null
@@ -1,27 +0,0 @@
-# This Dockerfile is optimized for running in development. That means it trades
-# build speed for size. If we were using this for production, we might instead
-# optimize for a smaller size at the cost of a slower build.
-FROM ruby:3.1-alpine
-
-# postgresql-client is required for invoke.sh
-RUN apk add --update --no-cache \
-  build-base \
-  postgresql-dev \
-  postgresql-client \
-  redis \
-  tzdata \
-  git
-
-# Get bundler 2.0
-RUN gem install bundler
-
-WORKDIR /app
-
-COPY Gemfile Gemfile.lock ./
-
-RUN bundle config set without 'production' && \
-  bundle install
-
-COPY . .
-
-CMD ["./docker/workers/invoke.sh"]
diff --git a/lib/tasks/deposit.rake b/lib/tasks/deposit.rake
index 026016302..f6fd99df8 100644
--- a/lib/tasks/deposit.rake
+++ b/lib/tasks/deposit.rake
@@ -2,7 +2,7 @@
 
 desc 'Complete deposit of works and collections (only for development)'
 task complete_deposits: :environment do
-  abort 'ERROR: This task only runs in the development environment!' unless Rails.env.development?
+  abort 'ERROR: This task only runs in the development environment!' unless can_run?
 
   objects_awaiting_deposit.each do |object_version|
     deposit_completer = DepositCompleter.new(object_version:)
@@ -15,7 +15,7 @@ end
 
 desc 'Complete the assignment of a druid to purl reservation works that need one'
 task assign_pids: :environment do
-  abort 'ERROR: This task only runs in the development environment!' unless Rails.env.development?
+  abort 'ERROR: This task only runs in the development environment!' unless can_run?
 
   WorkVersion.with_state('reserving_purl').each do |object|
     druid = random_druid
@@ -39,3 +39,7 @@ def random_druid
   # => "{druid:,}qj078cn5200"
   "druid:#{Faker::Base.regexify(DruidTools::Druid.strict_glob).last(11)}"
 end
+
+def can_run?
+  Rails.env.development? || ENV.fetch('LOCAL_DOCKER', false)
+end