refactor: re-build docker image

.dockerignore

@@ -47,3 +47,8 @@ README.*
 .ruby-gemset
 .ruby-version
 .codeclimate.yml
+
+# vscode
+.devcontainer
+.history
+.ruby-lsp

.github/workflows/publish_codespace_image.yml

@@ -24,9 +24,9 @@ jobs:
     - name: Build and push Codespace image
       uses: docker/build-push-action@v3
       env:
-        REPLACE_CHINA_MIRROR: false
+        ENABLE_DEBIAN_MIRROR: false
       with:
         context: .
         file: .devcontainer/Dockerfile.dev
         push: true
-        tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:codespace
+        tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:codespace

.github/workflows/publish_image.yml

@@ -60,7 +60,7 @@ jobs:
           cache-from: type=gha,scope=docker-build-release
           cache-to: type=gha,mode=max,scope=docker-build-release
           build-args: |
-            REPLACE_CHINA_MIRROR=false
+            ENABLE_DEBIAN_MIRROR=false
           secrets: |
             "master_key=${{ secrets.COMPLIE_ASSETS_MASTER_KEY }}"
             "credentials_data=${{ secrets.COMPLIE_ASSETS_CREDENTIALS_DATA }}"

Dockerfile

@@ -1,26 +1,70 @@
-# syntax = docker/dockerfile:1.2
-ARG VARIANT=3.0.3
+# syntax = docker/dockerfile:1.3
+ARG VARIANT=3.2.2
+
+FROM alpine:3.17 as s6overlay-builder
+
+# install packages
+RUN apk add --no-cache xz
+
+# set version for s6 overlay
+ARG S6_OVERLAY_VERSION="3.1.5.0"
+ARG S6_OVERLAY_ARCH="x86_64"
+
+RUN set -ex && \
+    mkdir /root-out && \
+    echo "Setting variables for ${TARGETARCH}" && \
+    case "$TARGETARCH" in \
+    "amd64") \
+      S6_OVERLAY_ARCH="x86_64" \
+    ;; \
+    "arm64") \
+      S6_OVERLAY_ARCH="aarch64" \
+    ;; \
+    "linux/arm/v7" | "arm") \
+      S6_OVERLAY_ARCH="arm" \
+    ;; \
+    *) \
+        echo "Doesn't support $TARGETARCH architecture" \
+        exit 1 \
+    ;; \
+    esac
+
+# add s6 overlay
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+RUN tar -C /root-out -Jxpf /tmp/s6-overlay-noarch.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz /tmp
+RUN tar -C /root-out -Jxpf /tmp/s6-overlay-${S6_OVERLAY_ARCH}.tar.xz
+
+# add s6 optional symlinks
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz /tmp
+RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-arch.tar.xz /tmp
+RUN tar -C /root-out -Jxpf /tmp/s6-overlay-symlinks-arch.tar.xz
+
+# builder stage
 FROM ruby:${VARIANT} as builder
 
 # Install ruby on rails dependencies:
-ARG BUILD_PACKAGES="gzip libaudit1 libbz2-1.0 libc6 libcap-ng0 libcom-err2 libcrypt1 libffi7 libgcc-s1 libgmp10 libgnutls30 libgssapi-krb5-2 libhogweed6 libicu67 libidn2-0 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 liblzma5 libmariadb3 libncurses6 libncursesw6 libnettle8 libnsl2 libp11-kit0 libpam0g libpq5 libreadline-dev libreadline8 libsasl2-2 libssl-dev libssl1.1 libstdc++6 libtasn1-6 libtinfo6 libtirpc3 libunistring2 libxml2 procps zlib1g"
+ARG BUILD_PACKAGES="libpq-dev yarnpkg git zlib1g-dev build-essential libssl-dev libreadline-dev \
+                    libyaml-dev libxml2-dev libxslt1-dev libcurl4-openssl-dev \
+                    software-properties-common libffi-dev"
 ARG PROJECT_PACKAGES="sudo tar ca-certificates tzdata git zsh curl postgresql-client"
 ARG APP_ROOT=/app
 
-ARG REPLACE_CHINA_MIRROR="true"
+ARG ENABLE_DEBIAN_MIRROR="true"
 ARG ORIGINAL_REPO_URL="deb.debian.org"
 ARG MIRROR_REPO_URL="mirrors.ustc.edu.cn"
 ARG RUBYGEMS_SOURCE="https://gems.ruby-china.com/"
-ARG RUBY_GEMS="bundler:2.3.7"
+ARG RUBY_GEMS="bundler:2.4.21"
 
 ENV TZ="Asia/Shanghai" \
     BUNDLE_APP_CONFIG="$APP_ROOT/.bundle" \
     RAILS_ENV="production"
 
 # System dependencies
 RUN set -ex && \
-    if [ "$REPLACE_CHINA_MIRROR" == "true" ]; then \
-      sed -i "s/$ORIGINAL_REPO_URL/$MIRROR_REPO_URL/g" /etc/apt/sources.list && \
+    if [ "$ENABLE_DEBIAN_MIRROR" == "true" ]; then \
+      sed -i "s/$ORIGINAL_REPO_URL/$MIRROR_REPO_URL/g" /etc/apt/sources.list.d/debian.sources && \
       gem sources --add $RUBYGEMS_SOURCE --remove https://rubygems.org/ && \
       bundle config mirror.https://rubygems.org $RUBYGEMS_SOURCE; \
     fi && \
@@ -45,35 +89,35 @@ RUN --mount=type=secret,id=master_key,target=/app/config/master.key,required=tru
 # Remove folders not needed in resulting image
 RUN rm -rf docker tmp/cache spec .devcontainer .github .gitignore .gitattributes \
     .tool-versions Procfile.dev && \
-    cd /app/vendor/bundle/ruby/3.0.0 && \
+    cd /app/vendor/bundle/ruby/3.2.0 && \
       rm -rf cache/*.gem && \
       find gems/ -name "*.c" -delete && \
       find gems/ -name "*.o" -delete
 
-##################################################################################
-
+# runtime stage
 FROM ruby:${VARIANT}-slim
 
-ARG REPLACE_CHINA_MIRROR="true"
+ARG ENABLE_DEBIAN_MIRROR="true"
 ARG ORIGINAL_REPO_URL="deb.debian.org"
 ARG MIRROR_REPO_URL="mirrors.ustc.edu.cn"
 ARG RUBYGEMS_SOURCE="https://gems.ruby-china.com/"
 ARG PROJECT_PACKAGES="openssl tzdata git postgresql-client xz-utils"
-ARG RUBY_GEMS="bundler:2.3.7"
+ARG RUBY_GEMS="bundler:2.4.21"
 ARG RAILS_SERVE_STATIC_FILES=true
 ARG APP_ROOT=/app
 
 ENV TZ="Asia/Shanghai" \
     S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
+    S6_VERBOSITY=1 \
     BUNDLE_APP_CONFIG="$APP_ROOT/.bundle" \
     RAILS_ENV="production" \
     RAILS_SERVE_STATIC_FILES=${RAILS_SERVE_STATIC_FILES} \
     RAILS_LOG_TO_STDOUT=true
 
 # System dependencies
 RUN set -ex && \
-    if [ "$REPLACE_CHINA_MIRROR" == "true" ]; then \
-      sed -i "s/$ORIGINAL_REPO_URL/$MIRROR_REPO_URL/g" /etc/apt/sources.list && \
+    if [ "$ENABLE_DEBIAN_MIRROR" == "true" ]; then \
+      sed -i "s/$ORIGINAL_REPO_URL/$MIRROR_REPO_URL/g" /etc/apt/sources.list.d/debian.sources && \
       gem sources --add $RUBYGEMS_SOURCE --remove https://rubygems.org/ && \
       bundle config mirror.https://rubygems.org $RUBYGEMS_SOURCE; \
     fi && \
@@ -83,14 +127,9 @@ RUN set -ex && \
     rm -rf /var/lib/{apt,dpkg,cache,log}/ && \
     gem install -N $RUBY_GEMS
 
-ARG S6_OVERLAY_VERSION="3.1.2.1"
-ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
-RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
-ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
-RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
-
 WORKDIR $APP_ROOT
 
+COPY --from=s6overlay-builder /root-out/ /
 COPY docker/rootfs /
 COPY --from=builder $APP_ROOT $APP_ROOT
 

config/application.rb

@@ -18,7 +18,7 @@
 Bundler.require(*Rails.groups)
 
 module Subway
-  VERSION = "0.3.1"
+  VERSION = "0.3.2"
 
   class Application < Rails::Application
     # Initialize configuration defaults for originally generated Rails version.

docker-compose.yml

@@ -6,8 +6,8 @@ services:
     image: ghcr.io/0x5c3p73r/subway
     environment:
       # TODO: Generate new RAILS_MASTER_KEY and RAILS_ENCRYPTED_DATA first!
-      RAILS_MASTER_KEY: a8ec28f5d85aad6fca7064073c19bf68
-      RAILS_ENCRYPTED_DATA: "K73YeivVdHgi+ZozIMQgY81bBDDVdXVIB7gOkKzyabCjExL3Oz+xN73/21Or7R0Qg5LCJypBes4iIStlZdLv28h3gA720fM3ASx+3LEVsaRQLNWppNgzjZEzMtK2g6N90ONBEak6nYw1ZXN+rdSSd1ca4uAu3miKPcj7WIYpYtwYFNtj+CXWWWRbkrHn4w+qSc1aXgzwy8tJFRzk7RT2LPJx0VFicEWcrNptSMbYjqhTB6WPKAa8C2hQ+S2ZtL9kUCTAt0HdDQxij6CfpcrQ+xyqPmGqRFg9fnS+mHIoy2Waj7SbolBUkA6+lspdgT9aN4dVSdFVbZ27GHHoM4B34q/RdksBdDElZTu2sHR8j8Jln7sCwOTcDV/p--zC08K/6vAg/dIvaz--UvqVCjL2KkMCiJbTBvC4PQ=="
+      RAILS_MASTER_KEY: 7408a3d52c88d0ace5d8f4f89f9bcab6
+      RAILS_ENCRYPTED_DATA: "vkSVlfx7Ng4nhR9G9+b1mB7uGGy6kYMwh/VQx+iu8bcikDDHPmKeZPTl/MlbQbxm9wb0mvFYf1QJgxZYESMmJPlx8riTxfNDXy03Kj7JRy/jvS7ukG5lDWh19q4KFmFuLBau8RnTzY1X4tAvOohTwthn0vqqIXyKz4oWHKD58n1dXEnqgleMbVcByd6R7DMoHObTiqOqNdOmZhTxF8tMi1pqed/o99hdwX+QZVlAPPQeHogAUYJSKmmVTUE7+qfqBsR4wLOYsJ6IUuQ2NffMK5mKN4+5l9Um2yKIFM6Uf9mZubSka0Vps/AxjDknvI64o28AYGG4IKO6p6VL7UYFvQetiQD82Y4VnfjCEMIU++zrnfPJynX8Ai/yBvJRWMc85Ih3cune5p4FRAHKE7d1+zkaiwJiP7AT7GDcdEsUj1bR75r89Elxy2FigBY7Yi7G7M2LksojGNlleg==--qdAMzc1LPAKtoSBX--KuT6f/drwrv6yxFISc7eIw=="
 
       # Only support postgresql database
       DATABASE_URL: postgres://postgres:postgres@db/postgres
@@ -16,10 +16,12 @@ services:
       DEFAULT_LOCALE: zh-CN
 
       # Optinal, set a alias name, unless use host as backend name.
-      # LOCAL_BACKEND_NAME: local-api
-      LOCAL_BACKEND_URL: http://localhost:25500
+      # SUBWAY_BACKEND_NAME: local-api
+      SUBWAY_BACKEND_URL: http://localhost:25500
     ports:
       - "3000:3000"
+    depends_on:
+      - db
 
   subconverter:
     restart: unless-stopped

docker/rootfs/etc/s6-overlay/s6-rc.d/init-subway/run

@@ -0,0 +1,36 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+if [ -z "$RAILS_MASTER_KEY" ]; then
+  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+  echo "! Missing RAILS_MASTER_KEY, Set it and keep it safe !"
+  echo "! to dencrypt storaged data in database.            !"
+  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+
+  exit 1
+fi
+
+if [ -z "$RAILS_ENCRYPTED_DATA" ] && [ -f "/app/config/" ]; then
+  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+  echo "! Missing RAILS_ENCRYPTED_DATA or not found the     !"
+  echo "! credentials file in config folder.                !"
+  echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+
+  exit 1
+fi
+
+cd /app
+
+# Clear pid if unexpected exception exit
+rm -f tmp/pids/.pid
+
+# Remove legacy encrypted file
+rm -f config/credentials.yml.enc
+
+# Create project requires directory
+mkdir -p tmp/pids tmp/cache tmp/uploads tmp/sockets log config/credentials
+
+bin/rails subway:credentials
+bin/rails subway:upgrade
+
+exit 0

docker/rootfs/etc/s6-overlay/s6-rc.d/init-subway/type

@@ -0,0 +1 @@
+oneshot

docker/rootfs/etc/s6-overlay/s6-rc.d/init-subway/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-subway/run

docker/rootfs/etc/s6-overlay/s6-rc.d/setup-timezone/branding

@@ -0,0 +1,19 @@
+  ██████  █    ██  ▄▄▄▄    █     █░ ▄▄▄     ▓██   ██▓
+▒██    ▒  ██  ▓██▒▓█████▄ ▓█░ █ ░█░▒████▄    ▒██  ██▒
+░ ▓██▄   ▓██  ▒██░▒██▒ ▄██▒█░ █ ░█ ▒██  ▀█▄   ▒██ ██░
+  ▒   ██▒▓▓█  ░██░▒██░█▀  ░█░ █ ░█ ░██▄▄▄▄██  ░ ▐██▓░
+▒██████▒▒▒▒█████▓ ░▓█  ▀█▓░░██▒██▓  ▓█   ▓██▒ ░ ██▒▓░
+▒ ▒▓▒ ▒ ░░▒▓▒ ▒ ▒ ░▒▓███▀▒░ ▓░▒ ▒   ▒▒   ▓▒█░  ██▒▒▒
+░ ░▒  ░ ░░░▒░ ░ ░ ▒░▒   ░   ▒ ░ ░    ▒   ▒▒ ░▓██ ░▒░
+░  ░  ░   ░░░ ░ ░  ░    ░   ░   ░    ░   ▒   ▒ ▒ ░░
+      ░     ░      ░          ░          ░  ░░ ░
+  ░   ░  ░      ░       ░       ░            ░ ░    ░
+      ░     ░                        ░         ░
+░▀█▀░█▀█░█░█░█▀▀░░░▀█▀░█░█░█▀▀░░░▀█▀░█▀▄░█▀█░▀█▀░█▀█░
+░░█░░█▀█░█▀▄░█▀▀░░░░█░░█▀█░█▀▀░░░░█░░█▀▄░█▀█░░█░░█░█░
+░░▀░░▀░▀░▀░▀░▀▀▀░░░░▀░░▀░▀░▀▀▀░░░░▀░░▀░▀░▀░▀░▀▀▀░▀░▀░
+░█░█░█▀█░█░█░░░▀█▀░█▀█░░░█░█░█▀█░█▄█░█▀▀░░░░░░░░░░░░░
+░█▄█░█▀█░░█░░░░░█░░█░█░░░█▀█░█░█░█░█░█▀▀░░░░░░░░░░░░░
+░▀░▀░▀░▀░░▀░░░░░▀░░▀▀▀░░░▀░▀░▀▀▀░▀░▀░▀▀▀░░░░░░░░░░░░░
+
+

docker/rootfs/etc/cont-init.d/01-set-timezone → docker/rootfs/etc/s6-overlay/s6-rc.d/setup-timezone/run

@@ -1,4 +1,7 @@
-#!/command/with-contenv sh
+#!/command/with-contenv bash
+# shellcheck shell=bash
+
+cat /etc/s6-overlay/s6-rc.d/setup-timezone/branding
 
 TZ=${TZ:-"Asia/Shanghai"}
 

docker/rootfs/etc/s6-overlay/s6-rc.d/setup-timezone/type

@@ -0,0 +1 @@
+oneshot

docker/rootfs/etc/s6-overlay/s6-rc.d/setup-timezone/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/setup-timezone/run

docker/rootfs/etc/s6-overlay/s6-rc.d/svc-subway-worker/run

@@ -0,0 +1,4 @@
+#!/command/with-contenv sh
+
+echo "Launching Subway Worker Service"
+cd /app && bin/good_job start

docker/rootfs/etc/s6-overlay/s6-rc.d/svc-subway/run

@@ -0,0 +1,4 @@
+#!/command/with-contenv sh
+
+echo "Launching Subway Web Server"
+cd /app && bin/puma -C config/puma.rb | tee log/production.log

docker/rootfs/etc/s6-overlay/s6-rc.d/svc-subway/type

@@ -0,0 +1 @@
+longrun

lib/tasks/docker.rake

@@ -1,6 +1,11 @@
 namespace :docker do
   task :build do
-    system(%Q[docker buildx build --secret id=master_key,src=config/master.key -t subway:dev .])
+    system(%Q[
+      docker buildx build \
+        --secret id=master_key,src=config/master.key \
+        --secret id=credentials_data,src=config/credentials.yml.enc \
+        -t subway:dev .
+    ])
   end
 
   namespace :compose do
@@ -11,9 +16,10 @@ namespace :docker do
 
   task :run do
     system(%Q[
-      docker run --rm --name subway-dev -p 3001:3000 \
-      -e RAILS_MASTER_KEY=13e13a779b26105254e2e3e2df91f348 \
-      -v #{Rails.root.join("config/credentials")}:/app/config/credentials subway:dev
+      docker run --rm --name subway-dev -p 3003:3000 \
+      -e DATABASE_URL=postgresql://postgres:postgres@localhost:postgres \
+      -e RAILS_MASTER_KEY=#{File.read(Rails.root.join("config/master.key"))} \
+      -v #{Rails.root.join("config/credentials.yml.enc")}:/app/config/credentials subway:dev
     ])
   end
 end

lib/tasks/subway.rake

@@ -1,12 +1,15 @@
 namespace :subway do
   task upgrade: :environment do
-    db_version = ActiveRecord::Migrator.current_version
-    if db_version.blank? || db_version.zero?
-      Rake::Task['db:setup'].invoke # need db/schema.rb
-      Rake::Task['db:migrate:status'].invoke
-    else
-      Rake::Task['db:migrate'].invoke
+    begin
+      db_version = ActiveRecord::Migrator.current_version
+      if db_version.blank? || db_version.zero?
+        Rake::Task['db:create'].invoke
+      end
+    rescue
+      Rake::Task['db:create'].invoke
     end
+
+    Rake::Task['db:migrate'].invoke
     Rake::Task['db:seed'].invoke
   end