Merge pull request #22 from suprovsky/master

feat: dockerize the app

.dockerignore

@@ -0,0 +1,3 @@
+Dockerfile
+.env
+.env.example

.env.example

@@ -0,0 +1,43 @@
+# possible options: production, development, test
+# leave it on production unless you know what you're doing
+REDIS_ENV=production
+# set LOG_LISTENER_ADDRESS as your IPv4/FQDN address instead of 0.0.0.0
+# this IPv4 address is being set as an address where a game server is
+# supposed to send its logs for parsing
+LOG_LISTENER_ADDRESS=0.0.0.0
+# defines port for lostening game server logs
+LOG_LISTENER_PORT=20001
+# idk what it does but I made it configurable anyway
+WEBSOCKET_PORT=9001
+# username required in HTTP Basic authentication
+# you pass this with the password in order to enter the site
+HTTP_USERNAME=vtvonly
+# the password in question
+HTTP_PASSWORD=hahasupersecretfunnypassword
+# defines a listen port for the web service
+PUBLIC_PORT=3020
+# root password for the MariaDB/MySQL database
+MARIADB_ROOT_PASSWORD=supersecretrootpassword
+# database address
+DB_ADDRESS=db
+# database name used by the app
+DB_NAME=live_log_development
+# database user used by the app
+DB_USERNAME=tf2livestats
+# database user's password used by the app
+DB_PASSWORD=anothersuperfunnypassword
+# secret token for cookies, changing it invalidates all cookies
+# make sure it's long and randomized
+SECRET_TOKEN=hahaanothersuperlongandsuperfunnypasswordwhichisverylongtrustme
+# idk what it does but also make sure it's long and randomized
+COOKIE_STORE=_tf2_live_stats_session
+# redis address used by the app
+REDIS_ADDRESS=redis
+# redis port used by the app, if you change it here make sure
+# you also set a custom port for it in docker-compose.yml
+REDIS_PORT=6379
+# memcached address used by the app
+MEMCACHED_ADDRESS=memcached
+# memcached port used by the app, if you change it here make sure
+# you also set a custom port for it in docker-compose.yml
+MEMCACHED_PORT=11211

.github/workflows/build.yml

@@ -0,0 +1,42 @@
+name: Build Docker image and push it
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: "${{ github.repository }}"
+
+jobs:
+  docker:
+    runs-on: "ubuntu-latest"
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GHCR_TOKEN }}
+      - name: Docker meta
+        id: docker_meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          labels: ${{ steps.docker_meta.outputs.labels }}

.gitignore

@@ -13,4 +13,5 @@ capybara-*.html
 /spec/tmp/*
 **.orig
 rerun.txt
-pickle-email-*.html
+pickle-email-*.html
+.env

Dockerfile

@@ -0,0 +1,144 @@
+FROM buildpack-deps:bullseye
+
+# i stole everything below from
+# https://github.com/docker-library/ruby/blob/924602dc917e27f8af6b35f838d11e7f3f39b2dc/2.4/stretch/Dockerfile
+ENV RUBY_MAJOR 2.4
+ENV RUBY_VERSION 2.4.9
+ENV RUBY_DOWNLOAD_SHA256 0c4e000253ef7187feeb940a01a1c7594f28d63aa16f978e892a0e2864f58614
+ENV RUBYGEMS_VERSION 3.0.3
+
+# some of ruby's build scripts are written in ruby
+#   we purge system ruby later to make sure our final image uses what we just built
+RUN set -eux; \
+	\
+	savedAptMark="$(apt-mark showmanual)"; \
+	apt-get update; \
+	apt-get install -y --no-install-recommends \
+		bison \
+		dpkg-dev \
+		libgdbm-dev \
+		ruby \
+	; \
+	rm -rf /var/lib/apt/lists/*; \
+	\
+	wget -O ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"; \
+	echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict; \
+	\
+	mkdir -p /usr/src/ruby; \
+	tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1; \
+	rm ruby.tar.xz; \
+	\
+	cd /usr/src/ruby; \
+	\
+# hack in "ENABLE_PATH_CHECK" disabling to suppress:
+#   warning: Insecure world writable dir
+	{ \
+		echo '#define ENABLE_PATH_CHECK 0'; \
+		echo; \
+		cat file.c; \
+	} > file.c.new; \
+	mv file.c.new file.c; \
+	\
+	autoconf; \
+	gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
+	./configure \
+		--build="$gnuArch" \
+		--disable-install-doc \
+		--enable-shared \
+	; \
+	make -j "$(nproc)"; \
+	make install; \
+	\
+	apt-mark auto '.*' > /dev/null; \
+	apt-mark manual $savedAptMark > /dev/null; \
+	find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
+		| awk '/=>/ { print $(NF-1) }' \
+		| sort -u \
+		| xargs -r dpkg-query --search \
+		| cut -d: -f1 \
+		| sort -u \
+		| xargs -r apt-mark manual \
+	; \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+	\
+	cd /; \
+	rm -r /usr/src/ruby; \
+# make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
+	ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
+	gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
+# verify we have no "ruby" packages installed
+	! dpkg -l | grep -i ruby; \
+	[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
+# rough smoke test
+	ruby --version; \
+	gem --version; \
+	bundle --version
+
+# install things globally, for great justice
+# and don't create ".bundle" in all our apps
+ENV GEM_HOME /usr/local/bundle
+ENV BUNDLE_PATH="$GEM_HOME" \
+	BUNDLE_SILENCE_ROOT_WARNING=1 \
+	BUNDLE_APP_CONFIG="$GEM_HOME"
+# path recommendation: https://github.com/bundler/bundler/pull/6469#issuecomment-383235438
+ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/gems/bin:$PATH
+# adjust permissions of a few directories for running "gem install" as an arbitrary user
+RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
+# (BUNDLE_PATH = GEM_HOME, no need to mkdir/chown both)
+
+
+# app related envs
+ARG S6_OVERLAY_VERSION=3.1.5.0
+ARG USERNAME=tf2livestats
+ARG UID=1000
+ARG GID=1000
+
+ENV S6_KEEP_ENV=1
+ENV RAILS_ENV=production
+ENV BUNDLE_DEPLOYMENT=true
+ENV BUNDLE_PATH=/var/www/tf2_live_stats/vendor/bundle
+ENV LOG_LISTENER_ADDRESS=0.0.0.0
+ENV LOG_LISTENER_PORT=20001
+ENV WEBSOCKET_PORT=9001
+ENV HTTP_USERNAME=vtvonly
+ENV HTTP_PASSWORD=hahasupersecretfunnypassword
+ENV PUBLIC_PORT=3020
+ENV DB_NAME=live_log_development
+ENV DB_ADDRESS=db
+ENV DB_USERNAME=tf2livestats
+ENV DB_PASSWORD=anothersuperfunnypassword
+ENV SECRET_TOKEN=hahaanothersuperlongandsuperfunnypasswordwhichisverylongtrustme
+ENV COOKIE_STORE=_tf2_live_stats_session
+ENV REDIS_ADDRESS=redis
+ENV REDIS_PORT=6379
+ENV MEMCACHED_ADDRESS=memcached
+ENV MEMCACHED_PORT=11211
+
+WORKDIR /var/www/tf2_live_stats
+COPY . .
+
+RUN cp -r docker/* / && \
+  mkdir /var/www/tf2_live_stats/log && \
+  ln -s /dev/stdout /var/www/tf2_live_stats/log/production.log && \
+  ln -s /dev/stdout /var/www/tf2_live_stats/log/development.log && \
+  ln -s /dev/stdout /var/www/tf2_live_stats/log/test.log && \
+  ln -s /dev/stdout /var/www/tf2_live_stats/log/thin.${PUBLIC_PORT}.log && \
+  ln -s /dev/stdout /var/www/tf2_live_stats/log/websocket_rails.log && \
+  groupadd -g $GID -o $USERNAME && \
+  useradd -m -d /var/www/tf2_live_stats -u $UID -g $GID -o -s /bin/bash $USERNAME && \
+  chown -R $UID:$GID /var/www/tf2_live_stats
+
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
+ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
+RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
+
+
+USER $USERNAME
+RUN DEBUG_RESOLVER=1 bundle install --verbose && \
+  bundle exec rake assets:precompile
+
+
+ENTRYPOINT ["/init"]
+HEALTHCHECK --interval=15s --timeout=5s --retries=3 CMD \
+  curl -u $HTTP_USERNAME:$HTTP_PASSWORD --fail localhost:$PUBLIC_PORT || exit 1

Gemfile

@@ -1,30 +1,33 @@
 source 'https://rubygems.org'
 
-gem 'rails', :github => "rails/rails", :branch => "4-2-stable"
+gem 'rails', '4.2.11.1'
+gem 'rails-html-sanitizer', '1.4.0'
+gem 'loofah', '2.4.0'
 gem 'haml'
 gem 'puma',             :require => false
 gem 'omniauth-openid'
 gem 'omniauth-steam'
 gem 'devise', require: false
 gem 'simple_form'
-gem 'steam-condenser', :github => 'koraktor/steam-condenser-ruby'
+gem 'steam-condenser', :git => 'https://github.com/koraktor/steam-condenser-ruby'
 gem 'logs_tf'
 gem 'sys-proctable',    :require => 'sys/proctable'
-gem 'tf2_line_parser',  :github => "Arie/tf2_line_parser"
+gem 'tf2_line_parser',  :git => "https://github.com/Arie/tf2_line_parser"
 gem 'draper'
 gem 'mysql2'
-gem "google_visualr",   :github => "Arie/google_visualr"
+gem "google_visualr",   :git => "https://github.com/Arie/google_visualr"
 gem 'request_store'
 gem 'dalli'
 gem 'turbolinks'
 gem 'eventmachine'
 gem 'websocket-rails'
 gem 'protected_attributes'
-gem 'redis', '< 4.0'
+gem 'redis', '3.3.5'
+gem 'redis-objects', '1.3.1'
 gem 'jquery-rails'
 
 group :development do
-  gem "query_reviewer", :git => "git://github.com/nesquena/query_reviewer.git"
+  gem "query_reviewer", :git => "https://github.com/nesquena/query_reviewer"
   gem 'quiet_assets'
   gem 'better_errors'
   gem 'binding_of_caller'