From d21376333721ce4637349237a24f0da6a0bd9066 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 31 Jul 2024 21:26:43 -0600 Subject: [PATCH 01/18] SRCH-5370: Add capistrano configurations. --- Capfile | 38 +++++++++++++++++++++++ config/deploy.rb | 23 ++++++++++++++ config/deploy/production.rb | 61 +++++++++++++++++++++++++++++++++++++ config/deploy/staging.rb | 51 +++++++++++++++++++++++++++++++ 4 files changed, 173 insertions(+) create mode 100644 Capfile create mode 100644 config/deploy.rb create mode 100644 config/deploy/production.rb create mode 100644 config/deploy/staging.rb diff --git a/Capfile b/Capfile new file mode 100644 index 00000000..42dd3a47 --- /dev/null +++ b/Capfile @@ -0,0 +1,38 @@ +# Load DSL and set up stages +require "capistrano/setup" + +# Include default deployment tasks +require "capistrano/deploy" + +# Load the SCM plugin appropriate to your project: +# +# require "capistrano/scm/hg" +# install_plugin Capistrano::SCM::Hg +# or +# require "capistrano/scm/svn" +# install_plugin Capistrano::SCM::Svn +# or +require "capistrano/scm/git" +install_plugin Capistrano::SCM::Git + +# Include tasks from other gems included in your Gemfile +# +# For documentation on these, see for example: +# +# https://github.com/capistrano/rvm +# https://github.com/capistrano/rbenv +# https://github.com/capistrano/chruby +# https://github.com/capistrano/bundler +# https://github.com/capistrano/rails +# https://github.com/capistrano/passenger +# +# require "capistrano/rvm" +# require "capistrano/rbenv" +# require "capistrano/chruby" +# require "capistrano/bundler" +# require "capistrano/rails/assets" +# require "capistrano/rails/migrations" +# require "capistrano/passenger" + +# Load custom tasks from `lib/capistrano/tasks` if you have any defined +Dir.glob("lib/capistrano/tasks/*.rake").each { |r| import r } diff --git a/config/deploy.rb b/config/deploy.rb new file mode 100644 index 00000000..5e7d4b75 --- /dev/null +++ b/config/deploy.rb @@ -0,0 +1,23 @@ +# config valid for current version and patch releases of Capistrano +lock '~> 3.19.1' + +# Set the directory to deploy to +set :deploy_to, ENV['DEPLOYMENT_PATH'] + +# Use rbenv to manage Ruby versions +set :rbenv_type, :user +set :rbenv_ruby, '3.1.4' + +# Linked files and directories (these will be shared across releases) +# set :linked_files, %w{ +# config/database.yml +# } + +set :optional_linked_files, %w{ + config/secrets.yml +} + +set :linked_dirs, %w{ + log + tmp +} \ No newline at end of file diff --git a/config/deploy/production.rb b/config/deploy/production.rb new file mode 100644 index 00000000..0a3f0863 --- /dev/null +++ b/config/deploy/production.rb @@ -0,0 +1,61 @@ +# server-based syntax +# ====================== +# Defines a single server with a list of roles and multiple properties. +# You can define all roles on a single server, or split them: + +# server "example.com", user: "deploy", roles: %w{app db web}, my_property: :my_value +# server "example.com", user: "deploy", roles: %w{app web}, other_property: :other_value +# server "db.example.com", user: "deploy", roles: %w{db} + + + +# role-based syntax +# ================== + +# Defines a role with one or multiple servers. The primary server in each +# group is considered to be the first unless any hosts have the primary +# property set. Specify the username and a domain or IP for the server. +# Don't use `:all`, it's a meta role. + +# role :app, %w{deploy@example.com}, my_property: :my_value +# role :web, %w{user1@primary.com user2@additional.com}, other_property: :other_value +# role :db, %w{deploy@example.com} + + + +# Configuration +# ============= +# You can set any configuration variable like in config/deploy.rb +# These variables are then only loaded and set in this stage. +# For available Capistrano configuration variables see the documentation page. +# http://capistranorb.com/documentation/getting-started/configuration/ +# Feel free to add new variables to customise your setup. + + + +# Custom SSH Options +# ================== +# You may pass any option but keep in mind that net/ssh understands a +# limited set of options, consult the Net::SSH documentation. +# http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start +# +# Global options +# -------------- +# set :ssh_options, { +# keys: %w(/home/user_name/.ssh/id_rsa), +# forward_agent: false, +# auth_methods: %w(password) +# } +# +# The server-based syntax can be used to override options: +# ------------------------------------ +# server "example.com", +# user: "user_name", +# roles: %w{web app}, +# ssh_options: { +# user: "user_name", # overrides user setting above +# keys: %w(/home/user_name/.ssh/id_rsa), +# forward_agent: false, +# auth_methods: %w(publickey password) +# # password: "please use keys" +# } diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb new file mode 100644 index 00000000..09f1a7be --- /dev/null +++ b/config/deploy/staging.rb @@ -0,0 +1,51 @@ +# config/deploy/staging.rb + +# Server-based syntax +# ====================== +# Defines a single server with a list of roles and multiple properties. +# You can define all roles on a single server, or split them: + +server ENV['SERVER_ADDRESS'], user: ENV['SERVER_DEPLOYMENT_USER'], roles: %w{app db web} + +set :application, 'search-gov' +set :repo_url, 'https://github.com/GSA/i14y' +set :branch, 'main' + +# Configuration +# ============= +# You can set any configuration variable like in config/deploy.rb. +# These variables are then only loaded and set in this stage. +# For available Capistrano configuration variables see the documentation page. +# http://capistranorb.com/documentation/getting-started/configuration/ +# Feel free to add new variables to customize your setup. + +set :rails_env, 'production' +set :bundle_without, %w{development test}.join(' ') + +# Custom SSH Options +# ================== +# You may pass any option but keep in mind that net/ssh understands a limited set of options, consult the Net/SSH documentation. +# http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start + +# Global options +# -------------- +set :ssh_options, { + keys: [ENV['SSH_KEY_PATH']], + forward_agent: false, + auth_methods: %w(publickey) +} + +# Keep only the last 5 releases to save disk space +set :keep_releases, 5 + +set :puma_rackup, -> { File.join(current_path, 'config.ru') } +set :puma_state, "#{shared_path}/tmp/pids/puma.state" +set :puma_pid, "#{shared_path}/tmp/pids/puma.pid" +set :puma_access_log, "#{release_path}/log/puma.access.log" +set :puma_error_log, "#{release_path}/log/puma.error.log" +set :puma_threads, [0, 8] +set :puma_workers, 0 +set :puma_worker_timeout, nil +set :puma_init_active_record, true +set :puma_preload_app, false +set :puma_bind, "tcp://0.0.0.0:3000" \ No newline at end of file From 0db49f550db2dd204549be892654c6e235281bec Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 31 Jul 2024 21:37:13 -0600 Subject: [PATCH 02/18] SRCH-5370: Add dependecies to lock file. --- Gemfile.lock | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/Gemfile.lock b/Gemfile.lock index 43620bb3..ec4cd43d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,6 +75,8 @@ GEM minitest (>= 5.1) mutex_m tzinfo (~> 2.0) + airbrussh (1.5.2) + sshkit (>= 1.6.1, != 1.7.0) ast (2.4.2) awesome_print (1.9.2) axiom-types (0.1.1) @@ -85,6 +87,23 @@ GEM bigdecimal (3.1.7) builder (3.2.4) byebug (11.1.3) + capistrano (3.19.1) + airbrussh (>= 1.0.0) + i18n + rake (>= 10.0.0) + sshkit (>= 1.9.0) + capistrano-bundler (2.1.0) + capistrano (~> 3.1) + capistrano-rails (1.6.3) + capistrano (~> 3.1) + capistrano-bundler (>= 1.1, < 3) + capistrano-rbenv (2.2.0) + capistrano (~> 3.1) + sshkit (~> 1.3) + capistrano3-puma (5.2.0) + capistrano (~> 3.7) + capistrano-bundler + puma (>= 4.0, < 6.0) codeclimate-test-reporter (1.0.9) simplecov (<= 0.13) coderay (1.1.3) @@ -215,8 +234,13 @@ GEM net-protocol net-protocol (0.2.2) timeout + net-scp (4.0.0) + net-ssh (>= 2.6.5, < 8.0.0) + net-sftp (4.0.0) + net-ssh (>= 5.0.0, < 8.0.0) net-smtp (0.5.0) net-protocol + net-ssh (7.2.3) newrelic_rpm (9.10.2) nio4r (2.7.1) nokogiri (1.16.5) @@ -367,6 +391,11 @@ GEM json (>= 1.8, < 3) simplecov-html (~> 0.10.0) simplecov-html (0.10.2) + sshkit (1.23.0) + base64 + net-scp (>= 1.1.2) + net-sftp (>= 2.1.2) + net-ssh (>= 2.8.0) stringio (3.1.0) strscan (3.1.0) thor (1.3.1) @@ -393,6 +422,10 @@ PLATFORMS DEPENDENCIES awesome_print (~> 1.8) + capistrano (~> 3.19, >= 3.19.1) + capistrano-rails (~> 1.6, >= 1.6.3) + capistrano-rbenv (~> 2.2) + capistrano3-puma (~> 5.2) codeclimate-test-reporter (~> 1.0.8) debug elasticsearch (~> 6.0) From 66a6d3fde1d33ec8d36fc538a7468cf199fc9d96 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Sun, 4 Aug 2024 19:27:01 -0600 Subject: [PATCH 03/18] SRCH-5370: Add deployment to i14y. --- Capfile | 23 +++++++++++++++++------ Gemfile | 9 ++++++++- config/deploy.rb | 7 ++++--- config/deploy/staging.rb | 4 ++-- config/puma.rb | 24 +++++------------------- 5 files changed, 36 insertions(+), 31 deletions(-) diff --git a/Capfile b/Capfile index 42dd3a47..607225d9 100644 --- a/Capfile +++ b/Capfile @@ -1,8 +1,10 @@ +# frozen_string_literal: true + # Load DSL and set up stages -require "capistrano/setup" +require 'capistrano/setup' # Include default deployment tasks -require "capistrano/deploy" +require 'capistrano/deploy' # Load the SCM plugin appropriate to your project: # @@ -12,7 +14,7 @@ require "capistrano/deploy" # require "capistrano/scm/svn" # install_plugin Capistrano::SCM::Svn # or -require "capistrano/scm/git" +require 'capistrano/scm/git' install_plugin Capistrano::SCM::Git # Include tasks from other gems included in your Gemfile @@ -27,12 +29,21 @@ install_plugin Capistrano::SCM::Git # https://github.com/capistrano/passenger # # require "capistrano/rvm" -# require "capistrano/rbenv" +require "capistrano/rbenv" # require "capistrano/chruby" -# require "capistrano/bundler" +require "capistrano/bundler" # require "capistrano/rails/assets" # require "capistrano/rails/migrations" # require "capistrano/passenger" +# require 'capistrano/rails' + +# Web server plugins +require 'capistrano/puma' +require 'capistrano/puma/workers' + + +install_plugin Capistrano::Puma # Default puma tasks +install_plugin Capistrano::Puma::Systemd # Load custom tasks from `lib/capistrano/tasks` if you have any defined -Dir.glob("lib/capistrano/tasks/*.rake").each { |r| import r } +Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r } diff --git a/Gemfile b/Gemfile index 369f53fc..378fe542 100644 --- a/Gemfile +++ b/Gemfile @@ -19,13 +19,20 @@ gem 'rake', '~> 13.0.0' gem "rails_semantic_logger", "~> 4.14" +gem 'puma', '~> 5.6' + +# Deployment +gem 'capistrano', '~> 3.19', '>= 3.19.1' +gem 'capistrano-rails', '~> 1.6', '>= 1.6.3' +gem 'capistrano-rbenv', '~> 2.2' +gem 'capistrano3-puma', '~> 5.2' + group :development, :test do gem 'rspec-rails', '~> 3.7' gem 'pry-byebug', '~> 3.4' gem 'pry-rails', '~> 0.3' gem 'awesome_print', '~> 1.8' #To enable in Pry: https://github.com/awesome-print/awesome_print#pry-integration gem 'listen' - gem 'puma', '~> 5.6' gem 'debug' end diff --git a/config/deploy.rb b/config/deploy.rb index 5e7d4b75..7ceda782 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -9,9 +9,10 @@ set :rbenv_ruby, '3.1.4' # Linked files and directories (these will be shared across releases) -# set :linked_files, %w{ -# config/database.yml -# } +set :linked_files, %w{ + config/database.yml + config/puma.rb +} set :optional_linked_files, %w{ config/secrets.yml diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb index 09f1a7be..0e9a8b06 100644 --- a/config/deploy/staging.rb +++ b/config/deploy/staging.rb @@ -8,8 +8,8 @@ server ENV['SERVER_ADDRESS'], user: ENV['SERVER_DEPLOYMENT_USER'], roles: %w{app db web} set :application, 'search-gov' -set :repo_url, 'https://github.com/GSA/i14y' -set :branch, 'main' +set :repo_url, 'https://github.com/luisgmetzger/i14y' +set :branch, 'SRCH-5370' # Configuration # ============= diff --git a/config/puma.rb b/config/puma.rb index d9b3e836..3d26a2ec 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -10,34 +10,20 @@ # Specifies the `worker_timeout` threshold that Puma will use to wait before # terminating a worker in development environments. -# worker_timeout 3600 if ENV.fetch("RAILS_ENV", "development") == "development" +# Comment out the port setting if you are using bind # Specifies the `port` that Puma will listen on to receive requests; default is 3000. -# -port ENV.fetch("PORT") { 3000 } +# port ENV.fetch("PORT") { 3000 } # Specifies the `environment` that Puma will run in. -# environment ENV.fetch("RAILS_ENV") { "development" } # Specifies the `pidfile` that Puma will use. pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } -# Specifies the number of `workers` to boot in clustered mode. -# Workers are forked web server processes. If using threads and workers together -# the concurrency of the application would be max `threads` * `workers`. -# Workers do not work on JRuby or Windows (both of which do not support -# processes). -# -# workers ENV.fetch("WEB_CONCURRENCY") { 2 } - -# Use the `preload_app!` method when specifying a `workers` number. -# This directive tells Puma to first boot the application and load code -# before forking the application. This takes advantage of Copy On Write -# process behavior so workers use less memory. -# -# preload_app! +# Use the bind directive to specify the address and port to listen on +bind "tcp://0.0.0.0:3000" -# Allow puma to be restarted by `rails restart` command. +# Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart From fc640daf21347ffcce81cbc834d6017ad05a1002 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Sun, 4 Aug 2024 19:41:17 -0600 Subject: [PATCH 04/18] SRCH-5370: update application name. --- config/deploy.rb | 7 +++---- config/deploy/staging.rb | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/config/deploy.rb b/config/deploy.rb index 7ceda782..345c9112 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -9,10 +9,9 @@ set :rbenv_ruby, '3.1.4' # Linked files and directories (these will be shared across releases) -set :linked_files, %w{ - config/database.yml - config/puma.rb -} +# set :linked_files, %w{ +# config/puma.rb +# } set :optional_linked_files, %w{ config/secrets.yml diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb index 0e9a8b06..fa3a43da 100644 --- a/config/deploy/staging.rb +++ b/config/deploy/staging.rb @@ -7,7 +7,7 @@ server ENV['SERVER_ADDRESS'], user: ENV['SERVER_DEPLOYMENT_USER'], roles: %w{app db web} -set :application, 'search-gov' +set :application, 'i14y' set :repo_url, 'https://github.com/luisgmetzger/i14y' set :branch, 'SRCH-5370' From 935c8fdc4935f7157c07aa76f0648a4468d19112 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Mon, 5 Aug 2024 16:41:04 -0600 Subject: [PATCH 05/18] SRCH-5370: Updates to capfile. --- Capfile | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/Capfile b/Capfile index 607225d9..944e93b5 100644 --- a/Capfile +++ b/Capfile @@ -17,20 +17,11 @@ require 'capistrano/deploy' require 'capistrano/scm/git' install_plugin Capistrano::SCM::Git +SSHKit.config.command_map[:bundle] = 'bin/bundle' + # Include tasks from other gems included in your Gemfile # -# For documentation on these, see for example: -# -# https://github.com/capistrano/rvm -# https://github.com/capistrano/rbenv -# https://github.com/capistrano/chruby -# https://github.com/capistrano/bundler -# https://github.com/capistrano/rails -# https://github.com/capistrano/passenger -# -# require "capistrano/rvm" require "capistrano/rbenv" -# require "capistrano/chruby" require "capistrano/bundler" # require "capistrano/rails/assets" # require "capistrano/rails/migrations" @@ -42,7 +33,7 @@ require 'capistrano/puma' require 'capistrano/puma/workers' -install_plugin Capistrano::Puma # Default puma tasks +install_plugin Capistrano::Puma, load_hooks: false install_plugin Capistrano::Puma::Systemd # Load custom tasks from `lib/capistrano/tasks` if you have any defined From fe92be4516c2059b0b1d42b3093f4733ed51e42c Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Mon, 5 Aug 2024 17:27:32 -0600 Subject: [PATCH 06/18] SRCH-5370: Update deploy script. --- config/deploy.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/deploy.rb b/config/deploy.rb index 345c9112..0bf78e6e 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -13,9 +13,9 @@ # config/puma.rb # } -set :optional_linked_files, %w{ - config/secrets.yml -} +# set :optional_linked_files, %w{ +# config/secrets.yml +# } set :linked_dirs, %w{ log From dca08f41cdae4ec1e5f67161ce64bea639948fbf Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Mon, 5 Aug 2024 17:32:37 -0600 Subject: [PATCH 07/18] Revert --- config/deploy.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/deploy.rb b/config/deploy.rb index 0bf78e6e..345c9112 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -13,9 +13,9 @@ # config/puma.rb # } -# set :optional_linked_files, %w{ -# config/secrets.yml -# } +set :optional_linked_files, %w{ + config/secrets.yml +} set :linked_dirs, %w{ log From 3295bc4e84851918ca40d83360707019d64555c8 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 7 Aug 2024 17:28:57 -0600 Subject: [PATCH 08/18] Update deployment configurations. --- Gemfile | 13 +++++++------ Gemfile.lock | 12 ++++++++---- config/deploy.rb | 13 ++++--------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/Gemfile b/Gemfile index 378fe542..067d8fc3 100644 --- a/Gemfile +++ b/Gemfile @@ -21,12 +21,6 @@ gem "rails_semantic_logger", "~> 4.14" gem 'puma', '~> 5.6' -# Deployment -gem 'capistrano', '~> 3.19', '>= 3.19.1' -gem 'capistrano-rails', '~> 1.6', '>= 1.6.3' -gem 'capistrano-rbenv', '~> 2.2' -gem 'capistrano3-puma', '~> 5.2' - group :development, :test do gem 'rspec-rails', '~> 3.7' gem 'pry-byebug', '~> 3.4' @@ -34,6 +28,13 @@ group :development, :test do gem 'awesome_print', '~> 1.8' #To enable in Pry: https://github.com/awesome-print/awesome_print#pry-integration gem 'listen' gem 'debug' + + # Deployment + gem 'capistrano', require: false + gem 'capistrano-rails', require: false + gem 'capistrano-rbenv', require: false + gem 'capistrano3-puma', require: false + gem 'capistrano-newrelic', require: false end group :development do diff --git a/Gemfile.lock b/Gemfile.lock index ec4cd43d..5b3f5ba5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,6 +94,9 @@ GEM sshkit (>= 1.9.0) capistrano-bundler (2.1.0) capistrano (~> 3.1) + capistrano-newrelic (0.10.1) + capistrano (~> 3.0) + newrelic_rpm capistrano-rails (1.6.3) capistrano (~> 3.1) capistrano-bundler (>= 1.1, < 3) @@ -422,10 +425,11 @@ PLATFORMS DEPENDENCIES awesome_print (~> 1.8) - capistrano (~> 3.19, >= 3.19.1) - capistrano-rails (~> 1.6, >= 1.6.3) - capistrano-rbenv (~> 2.2) - capistrano3-puma (~> 5.2) + capistrano + capistrano-newrelic + capistrano-rails + capistrano-rbenv + capistrano3-puma codeclimate-test-reporter (~> 1.0.8) debug elasticsearch (~> 6.0) diff --git a/config/deploy.rb b/config/deploy.rb index 345c9112..934f652d 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -8,16 +8,11 @@ set :rbenv_type, :user set :rbenv_ruby, '3.1.4' -# Linked files and directories (these will be shared across releases) -# set :linked_files, %w{ -# config/puma.rb -# } - -set :optional_linked_files, %w{ - config/secrets.yml -} - set :linked_dirs, %w{ log tmp +} + +set :optional_linked_files, %w{ + config/secrets.yml } \ No newline at end of file From 3c106be08cd016de8f75de0aa8567e1812013f62 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 9 Aug 2024 13:53:14 -0600 Subject: [PATCH 09/18] Update port for rails server. --- config/deploy/staging.rb | 2 +- config/puma.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb index fa3a43da..8fd33934 100644 --- a/config/deploy/staging.rb +++ b/config/deploy/staging.rb @@ -48,4 +48,4 @@ set :puma_worker_timeout, nil set :puma_init_active_record, true set :puma_preload_app, false -set :puma_bind, "tcp://0.0.0.0:3000" \ No newline at end of file +set :puma_bind, "tcp://0.0.0.0:8081" \ No newline at end of file diff --git a/config/puma.rb b/config/puma.rb index 3d26a2ec..27a8dcaf 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -23,7 +23,7 @@ pidfile ENV.fetch("PIDFILE") { "tmp/pids/server.pid" } # Use the bind directive to specify the address and port to listen on -bind "tcp://0.0.0.0:3000" +bind "tcp://0.0.0.0:8081" # Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart From 110e417ef7da4bac4b24dd1684766d4d579ffc6a Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 9 Aug 2024 14:11:15 -0600 Subject: [PATCH 10/18] SRCH-5370: update deployment script. --- config/deploy.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/config/deploy.rb b/config/deploy.rb index 934f652d..95738e5f 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -10,9 +10,11 @@ set :linked_dirs, %w{ log - tmp + tmp/pids + tmp/sockets + tmp/cache } -set :optional_linked_files, %w{ +set :linked_files, %w{ config/secrets.yml } \ No newline at end of file From 7599ca3245900c8e3059bce6fd270107b10eeb54 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 16 Aug 2024 14:04:56 -0600 Subject: [PATCH 11/18] Update host configurations for production environment. --- config/environments/production.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index 7299fa37..e022024f 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -71,10 +71,10 @@ end # Enable DNS rebinding protection and other `Host` header attacks. - # config.hosts = [ - # "example.com", # Allow requests from example.com - # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` - # ] + config.hosts = [ + "i14y.staging.search.usa.gov", # Allow requests from staging + "i14y.search.usa.gov" # Allow requests from production + ] # Skip DNS rebinding protection for the default health check endpoint. - # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } + config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end From d64e669e4ca8d8e807bb543bdc831c7661315873 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 16 Aug 2024 14:09:15 -0600 Subject: [PATCH 12/18] Use only one host. --- config/environments/production.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/config/environments/production.rb b/config/environments/production.rb index e022024f..f2b97b71 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -71,10 +71,7 @@ end # Enable DNS rebinding protection and other `Host` header attacks. - config.hosts = [ - "i14y.staging.search.usa.gov", # Allow requests from staging - "i14y.search.usa.gov" # Allow requests from production - ] + config.hosts << "i14y.staging.search.usa.gov" # Skip DNS rebinding protection for the default health check endpoint. config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end From 02fe1f0c57668aefd69bb5b1747a115e333b23d5 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 16 Aug 2024 14:19:51 -0600 Subject: [PATCH 13/18] Remove config from application.rb --- config/application.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 3e0b48c9..31a9f3e7 100644 --- a/config/application.rb +++ b/config/application.rb @@ -49,6 +49,5 @@ class Application < Rails::Application # Middleware like session, flash, cookies can be added back manually. # Skip views, helpers and assets when generating a new resource. config.api_only = true - config.hosts << "i14y" if ENV["DOCKER"] end end From 493b29a089cf01544aab78af0b1f224b1fb51a0d Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 16 Aug 2024 14:51:26 -0600 Subject: [PATCH 14/18] Add host configs to development environment. --- config/environments/development.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/config/environments/development.rb b/config/environments/development.rb index c8b22425..ac70731d 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -42,4 +42,9 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true + + # Enable DNS rebinding protection and other `Host` header attacks. + config.hosts << "i14y.staging.search.usa.gov" + # Skip DNS rebinding protection for the default health check endpoint. + config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end From fff069ea0c7b8119d7ad0ec6ea3b965ab420862b Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Fri, 16 Aug 2024 15:49:04 -0600 Subject: [PATCH 15/18] Add environment variable for secret key base. --- config/application.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/application.rb b/config/application.rb index 31a9f3e7..28530546 100644 --- a/config/application.rb +++ b/config/application.rb @@ -49,5 +49,6 @@ class Application < Rails::Application # Middleware like session, flash, cookies can be added back manually. # Skip views, helpers and assets when generating a new resource. config.api_only = true + config.secret_key_base = ENV["i14y_SECRET_KEY_BASE"] end end From 62ea2cea9604ec56e77c80aab64ada39c34da512 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 21 Aug 2024 12:59:44 -0600 Subject: [PATCH 16/18] Add dotenv gem. --- Gemfile | 2 ++ Gemfile.lock | 2 ++ 2 files changed, 4 insertions(+) diff --git a/Gemfile b/Gemfile index 067d8fc3..e5bc6296 100644 --- a/Gemfile +++ b/Gemfile @@ -21,6 +21,8 @@ gem "rails_semantic_logger", "~> 4.14" gem 'puma', '~> 5.6' +gem 'dotenv', '~> 3.1' + group :development, :test do gem 'rspec-rails', '~> 3.7' gem 'pry-byebug', '~> 3.4' diff --git a/Gemfile.lock b/Gemfile.lock index 5b3f5ba5..5285529e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -123,6 +123,7 @@ GEM thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.5.1) docile (1.1.5) + dotenv (3.1.2) drb (2.2.1) dry-core (1.0.1) concurrent-ruby (~> 1.0) @@ -432,6 +433,7 @@ DEPENDENCIES capistrano3-puma codeclimate-test-reporter (~> 1.0.8) debug + dotenv (~> 3.1) elasticsearch (~> 6.0) elasticsearch-dsl (~> 0.1.9) elasticsearch-persistence (~> 6.0) From 6d3dc38f4dcbf34ad2e5115078f139914f6e3cb1 Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 21 Aug 2024 13:01:20 -0600 Subject: [PATCH 17/18] Add .env file to shared files. --- config/deploy.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/deploy.rb b/config/deploy.rb index 95738e5f..3c16c07d 100644 --- a/config/deploy.rb +++ b/config/deploy.rb @@ -17,4 +17,5 @@ set :linked_files, %w{ config/secrets.yml + .env } \ No newline at end of file From a9b7d7627f1f34ad0cc49a1702abce5d84a64e1a Mon Sep 17 00:00:00 2001 From: Luis Metzger Date: Wed, 21 Aug 2024 13:24:51 -0600 Subject: [PATCH 18/18] linter --- config/deploy/staging.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/config/deploy/staging.rb b/config/deploy/staging.rb index 8fd33934..bee2b936 100644 --- a/config/deploy/staging.rb +++ b/config/deploy/staging.rb @@ -37,7 +37,6 @@ # Keep only the last 5 releases to save disk space set :keep_releases, 5 - set :puma_rackup, -> { File.join(current_path, 'config.ru') } set :puma_state, "#{shared_path}/tmp/pids/puma.state" set :puma_pid, "#{shared_path}/tmp/pids/puma.pid"