Merge pull request #752 from LafayetteCollegeLibraries/develop

2021.6

.circleci/config.yml

@@ -68,7 +68,7 @@ jobs:
         auth:
           username: $DOCKERHUB_USERNAME
           password: $DOCKERHUB_PASSWORD
-      - image: postgres:9.4-alpine
+      - image: postgres:9.6-alpine
         auth:
           username: $DOCKERHUB_USERNAME
           password: $DOCKERHUB_PASSWORD
@@ -107,7 +107,7 @@ jobs:
       - run: wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
       - run: sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'
       - run: sudo apt-get update
-      - run: sudo apt-get -y install google-chrome-stable
+      - run: sudo apt-get -y install google-chrome-stable postgresql-9.6
       - run: google-chrome-stable --headless --disable-gpu -no-sandbox --browsertime.xvfb --remote-debugging-port=9222 http://localhost &
 
       - run:

.dockerignore

@@ -1,10 +1,23 @@
-.git
-/log/*
+# start by ignoring everything
+*
+
+# allow app directories that we need
+!/app
+!/bin
+!/config
+!/db
+!/derivatives/.keep
+!/ingest/.keep
+!/lib
 !/log/.keep
-/tmp/*
+!/public
 !/tmp/.keep
-/spec/*
-/coverage
-.byebug_history
-fits.log
-node_modules
+!/vendor/.keep
+
+# allow files @ app root
+!config.ru
+!Gemfile
+!Gemfile.lock
+!package.json
+!Rakefile
+!yarn.lock

.env.sample

@@ -99,3 +99,11 @@ URL_HOST=
 # ex.
 #   http://ldr.lafayette.edu/iiif/2
 IIIF_BASE_URL=
+
+# Key for accessing the Lafayette Web Data Services API
+# (see app/services/spot/lafayette_wds_service.rb
+#  and app/services/spot/lafayette_instructors_authority_service.rb)
+LAFAYETTE_WDS_API_KEY=
+
+# For local development, creates Admin accounts for each email address listed (comma separated)
+DEV_ADMIN_USERS=

.gitignore

@@ -16,12 +16,10 @@
 /tmp/*
 !/log/.keep
 !/tmp/.keep
+**/*.log
+.byebug_history
 
 /node_modules
-/yarn-error.log
-
-.byebug_history
-fits.log
 
 # Ignore the ingest directory
 /ingest
@@ -34,12 +32,20 @@ fits.log
 # Ignore coverage generated by SimpleCov
 /coverage
 
+# Ignore local derivatives and uploads directories
+/derivatives
+/uploads
+
 # Ignore collection branding items
 /public/branding
 
 # universalviewer target directory
 /public/uv/*
 
+# vendor files
+/vendor/*
+!/vendor/.keep
+
 # our deployed version file (shouldn't actually appear in dev,
 # but you never know i guess)
 VERSION

CHANGELOG.md

@@ -1,5 +1,29 @@
 # changelog
 
+## [2021.6] - 2021-12-06
+
+### enhancements 🛠️ 
+- update repository_librarian_email address (abfc7ba)
+- add Athletics and College Archives to Lafayette Divisions authority (#751)
+- reconfigure Dockerfile + local docker-compose setup (#762, #763, #770)
+- add StudentWork model (#753) and switch to using Ability to determine what work types are presented to the user
+- add lafayette_instructors local authority endpoint and use it for `StudentWork#advisor` (#764)
+- removes broken version number from site footer (#766) 
+- switches to running rails on port 443 within the container, generating a self-signed ssl certificate as part of the docker entrypoint (#768)
+- removes FlipFlop option for contextual search results, leaving them on all the time (#771)
+- fixes for a couple of long out-standing "code complexity" issues
+
+### dependencies 👩‍👩‍👧‍👧 
+- updates hyrax to 2.9.6 and locks down dependencies needed to continue running locally on our on-prem version of ruby (#765). 
+- bootsnap to 1.9.1 (#760)
+- capistrano-bundler to 2.0.1 (#736)
+- capistrano-passenger to 0.2.1 (#756)
+- faraday to 0.17.4 (#731)
+- rubyzip to 2.3.2 (#759) 
+- uglifier to 4.2.0 (#757)
+
+
+
 ## [2021.5] - 2021-08-13
 
 ### updates
@@ -13,6 +37,7 @@
 - honeybadger to 4.9.0 (#742)
 - mini_magick to 4.11.0 (#739)
 
+
 ## [2021.4] - 2021-05-18
 
 ### enhancements
@@ -618,6 +643,7 @@ fixes:
 
 Initial pre-release (live on ldr.stage.lafayette.edu)
 
+[2021.6]: https://github.com/LafayetteCollegeLibraries/spot/releases/tag/2021.6
 [2021.5]: https://github.com/LafayetteCollegeLibraries/spot/releases/tag/2021.5
 [2021.4]: https://github.com/LafayetteCollegeLibraries/spot/releases/tag/2021.4
 [2021.3]: https://github.com/LafayetteCollegeLibraries/spot/releases/tag/2021.3

Dockerfile

@@ -1,44 +1,81 @@
 # base image
-FROM ruby:2.4.3 as spot-base
-
-# add node + yarn repositories (do we need both?)
-RUN apt-get update && apt-get install -y -qq apt-transport-https apt-utils \
-    && (curl -sL https://deb.nodesource.com/setup_10.x | bash) \
-    && (curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -) \
-    && (curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -) \
-    && (echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list)
-
-# add ghostscript, ImageMagick, and libreoffice to the jobs service only
-RUN apt-get update && apt-get install -y \
-    yarn \
-    nodejs \
-    netcat \
-    ghostscript \
-    ImageMagick \
-    libreoffice
-
-RUN gem update bundler
+ARG RUBY_VERSION=2.4.3-alpine3.6
+FROM ruby:$RUBY_VERSION as spot-base
+
+# system dependencies
+# TODO: imagemagick might belong in the worker container instead?
+RUN apk --no-cache upgrade && \
+    apk add  --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/v3.7/main/ nodejs=8.9.3-r1 && \
+    apk --no-cache add \
+        build-base \
+        coreutils \
+        curl \
+        ruby-dev \
+        imagemagick \
+        tzdata \
+        netcat-openbsd \
+        yarn \
+        zip \
+        postgresql postgresql-dev \
+        git \
+        openssl
+
+# let's not run this as root
+# (taken from hyrax's Dockerfile)
+# RUN addgroup -S -g 101 app && \
+#     adduser -S -G app -u 1001 -s /bin/sh -h /app app
+# RUN mkdir /spot && chown -R 1001:101 /spot
+# USER app
 
 WORKDIR /spot
 
+# match our Gemfile.lock version
+# TODO: upgrade the Gemfile bundler version to 2
+RUN gem install bundler:1.13.7
+
+# install dependencies
+# ---
 # get installation files copied over first, run installations, _then_ copy
 # the application files over, so that we can rely on docker's cache first
 # when rebuilding.
 #
 # a) bundle + yarn files
-COPY ["Gemfile", "Gemfile.lock", "package.json", "yarn.lock", "/spot/"]
+# COPY --chown=1001:101 ["Gemfile", "Gemfile.lock", "package.json", "yarn.lock", "/spot"]
+COPY ["Gemfile", "Gemfile.lock", "package.json", "yarn.lock", "/spot"]
 
-# b) uv configuration files (yarn will copy files to public as part of the installation process)
-RUN mkdir config
-COPY config/uv config/uv
+# b) make directories for installation configuration (`config/`, `public/`, and `vendor/`)
+#    and those for derivatives + uploads
+RUN mkdir -p /spot/config /spot/public /spot/vendor && \
+    mkdir -p /spot/derivatives /spot/uploads
 
-# install dependencies
-RUN bundle install --jobs "$(nproc)" && yarn install
+# c) install dependencies
+ARG BUNDLE_WITHOUT="development test"
+RUN bundle install --jobs "$(nproc)" --path "/spot/vendor"
 
-# finally, copy our current work files to the image
+# d) copy the application files
+# COPY --chown=1001:101 . /spot
 COPY . /spot
 
-VOLUME ["/spot/public", "/spot/tmp"]
+ENTRYPOINT ["/spot/bin/spot-entrypoint.sh"]
+CMD ["bundle", "exec", "rails", "server", "-b", "tcp://0.0.0.0:3000"]
+
+FROM spot-base as spot-app
+COPY config/uv config/uv
+
+RUN yarn install
+CMD ["bundle", "exec", "rails", "server", "-u", "puma", "-b", "ssl://0.0.0.0:443?key=/trustee_minutes/tmp/ssl/application.key&cert=/trustee_minutes/tmp/ssl/application.crt"]
+
+# precompile assets
+# RUN DATABASE_URL="postgres://fake" SECRET_KEY_BASE="secret-shh" bundle exec rake assets:precompile
+
+FROM spot-base as spot-worker
+# USER root
+RUN apk --no-cache upgrade && \
+    apk --no-cache add \
+        imagemagick \
+        ghostscript
 
-ENTRYPOINT ["bin/spot-entrypoint.sh"]
-CMD ["bundle", "exec", "puma", "-v", "-b", "tcp://0.0.0.0:3000"]
+# USER app
+ARG BUNDLE_WITHOUT=""
+RUN bundle install --jobs "$(nproc)" --path "/spot/vendor"
+CMD ["bundle", "exec", "sidekiq"]

Gemfile

@@ -9,7 +9,7 @@ end
 #
 # the base rails stack (installed with 'rails new spot')
 #
-gem 'rails', '~> 5.2'
+gem 'rails', '5.2.5'
 
 # use Puma as the app server (dev only, we're using passenger in production)
 gem 'puma', '3.12.6'
@@ -18,7 +18,7 @@ gem 'puma', '3.12.6'
 gem 'sass-rails', '5.1.0'
 
 # Use Uglifier as compressor for JavaScript assets
-gem 'uglifier', '4.1.20'
+gem 'uglifier', '4.2.0'
 
 # ugh, we're stuck with coffee-script until it's out of hyrax i guess
 gem 'coffee-rails', '5.0.0'
@@ -49,10 +49,10 @@ gem 'blacklight_oai_provider', '6.0.0'
 gem 'blacklight_range_limit', '6.3.3'
 
 # start up the server faster
-gem 'bootsnap', '1.4.7'
+gem 'bootsnap', '1.9.1'
 
 # record importer pattern from curationexperts
-gem 'darlingtonia', '3.2.2'
+gem 'darlingtonia', '~> 3.0'
 
 # user management
 gem 'devise', '4.7.1'
@@ -92,7 +92,7 @@ gem 'rdf-vocab', '3.1.4'
 gem 'rsolr', '2.3.0'
 
 # used in conjunction with our importers to zip/unzip files
-gem 'rubyzip', '2.3.0'
+gem 'rubyzip', '2.3.2'
 
 # our jobs server
 gem 'sidekiq', '5.2.9'
@@ -116,7 +116,7 @@ gem 'kaminari', '1.2.1'
 
 # a bunch of samvera gems rely on Faraday already, but we'll
 # require it as we're explicitly using it.
-gem 'faraday', '0.17.3'
+gem 'faraday', '0.17.4'
 
 # mini_magick is a dependency of hydra-derivatives, but since we're
 # calling it explicitly, we should require it.
@@ -133,6 +133,23 @@ gem 'linkeddata', '~> 3.0'
 gem 'bootstrap_form', '~> 4.4.0'
 gem 'nokogiri', '~> 1.10.10'
 
+# These are subdependencies that need to be locked tighter to be run on ruby 2.4.3.
+# In theory, we should just be able to remove these entries and run `bundle update`
+# to get things up to date. (see also `:development, :test` block below)
+gem 'amazing_print', '1.2.1'
+gem 'dry-container', '0.7.2'
+gem 'dry-core', '0.4.9'
+gem 'dry-inflector', '0.2.0'
+gem 'dry-matcher', '~> 0.8.3'
+gem 'dry-schema', '1.5.5'
+gem 'dry-transaction', '0.12.1'
+gem 'dry-validation', '~> 1.5.6'
+gem 'globalid', '~> 0.4.2'
+gem 'parallel', '1.19.2'
+gem 'signet', '~> 0.13.2'
+gem 'simple_form', '~> 5.0.3'
+gem 'sprockets-rails', '~> 3.2.2', require: 'sprockets/railtie'
+
 # development dependencies (not as necessary to
 # lock down versions here)
 group :development do
@@ -145,19 +162,17 @@ group :development do
 
   # Use Capistrano for deployment
   gem 'capistrano', '~> 3.16', require: false
-  gem 'capistrano-bundler', '~> 1.3'
+  gem 'capistrano-bundler', '~> 2.0'
   gem 'capistrano-ext', '~> 1.2.1'
-  gem 'capistrano-passenger', '~> 0.2.0'
+  gem 'capistrano-passenger', '~> 0.2.1'
   gem 'capistrano-rails', '~> 1.6', require: false
   gem 'capistrano-sidekiq', '~> 1.0.3'
 end
 
 # things used for development + testing (again, not as
 # necessary to lock down versions)
 group :development, :test do
-  gem 'bixby', '~> 2.0.0.pre.beta1'
   gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
-  gem 'capybara', '~> 3'
   gem 'capybara-screenshot', '~> 1.0.25'
   gem 'database_cleaner', '~> 2.0.1'
   gem 'equivalent-xml', '~> 0.6.0', require: false
@@ -168,11 +183,21 @@ group :development, :test do
   gem 'rspec-its', '~> 1.1'
   gem 'rspec-rails', '~> 4.0'
   gem 'rspec_junit_formatter', '~> 0.4.1'
-  gem 'rubocop', '~> 0.63'
-  gem 'rubocop-rspec', '~> 1.3'
   gem 'shoulda-matchers', '~> 4'
-  gem 'simplecov', '~> 0.17', require: false
   gem 'stub_env', '~> 1.0.4'
-  gem 'webdrivers', '~> 4'
+  gem 'webdrivers', '~> 4.6.1'
   gem 'webmock', '~> 3.8'
+
+  # dependencies we have to lock in order to work with ruby 2.4.3 on prem
+  # (@todo update these when we're in the cloud)
+  gem 'bixby', '1.0.0'
+  gem 'capybara', '~> 3.32.0'
+  gem 'rubocop', '~> 0.52.0'
+  gem 'rubocop-rspec', '1.22.2'
+  gem 'simplecov', '~> 0.17.1', require: false
+
+  # subdependencies that we need to lock for ruby 2.4.3.
+  # (@todo remove these when we're in the cloud)
+  gem 'docile', '~> 1.3.5'
+  gem 'matrix', '0.1.0'
 end