Merge branch 'ontoportal-lirmm/master' into ecoportal-ontoportal-reset

.dockerignore

@@ -0,0 +1,22 @@
+.git/
+log/*
+!log/.keep
+app/assets/builds/*
+!app/assets/builds/.keep
+node_modules/
+public/assets/
+storage/*
+!storage/.keep
+tmp/*
+!tmp/.keep
+
+.bundle
+.byebug_history
+.dockerignore
+.env*
+!.env.example
+config/master.key
+docker-compose.override.yml
+yarn-error.log
+yarn-debug.log*
+.yarn-integrity

.env.sample

@@ -0,0 +1,137 @@
+# Default values are optimized for production to avoid having to configure
+# much in production.
+#
+# However it should be easy to get going in development too. If you see an
+# uncommented option that means it's either mandatory to set or it's being
+# overwritten in development to make your life easier.
+
+# Enable BuildKit by default:
+#   https://docs.docker.com/develop/develop-images/build_enhancements
+export DOCKER_BUILDKIT=1
+
+# Rather than use the directory name, let's control the name of the project.
+export COMPOSE_PROJECT_NAME=ontoportal-docker
+
+# In development we want all services to start but in production you don't
+# need the asset watchers to run since assets get built into the image.
+#
+# You can even choose not to run postgres and redis in prod if you plan to use
+# managed cloud services. Everything "just works", even optional depends_on!
+#export COMPOSE_PROFILES=postgres,redis,web,worker,cable
+export COMPOSE_PROFILES=db,cache,assets,web
+
+# If you're running native Linux and your uid:gid isn't 1000:1000 you can set
+# these to match your values before you build your image. You can check what
+# your uid:gid is by running `id` from your terminal.
+#export UID=1000
+#export GID=1000
+
+# You can generate a more secure secret by running: ./run rails secret
+export SECRET_KEY_BASE=insecure_key_for_dev
+
+# Which environment is running? These should be "development" or "production".
+#export RAILS_ENV=production
+#export NODE_ENV=production
+export RAILS_ENV=development
+export NODE_ENV=development
+
+# The bind port for puma.
+#
+# Be warned that if you change this value you'll need to change 8000 in both
+# your Dockerfile and in a few spots in docker-compose.yml due to the nature of
+# how this value can be set (Docker Compose doesn't support nested ENV vars).
+#export PORT=8000
+
+# How many workers and threads should your app use? WEB_CONCURRENCY defaults
+# to the server's CPU count * 2. That is a good starting point. In development
+# it's a good idea to use 1 to avoid race conditions when debugging.
+#export WEB_CONCURRENCY=
+#export RAILS_MAX_THREADS=5
+#export WEB_CONCURRENCY=1
+#export RAILS_MAX_THREADS=1
+
+# You'll always want to set POSTGRES_USER and POSTGRES_PASSWORD since the
+# postgres Docker image uses them for its default database user and password.
+export POSTGRES_USER=hello
+export POSTGRES_PASSWORD=password
+#export POSTGRES_DB=hello
+#export POSTGRES_HOST=postgres
+#export POSTGRES_PORT=5432
+
+# What's your full Redis connection URL? This will be used for caching, Sidekiq,
+# and Action Cable. You can always split them up later.
+#export REDIS_URL=redis://redis:6379/1
+
+# The bind port for puma but for Action Cable.
+#
+# Be warned that if you change this value you'll need to change 28080 in a few
+# spots in docker-compose.yml due to the nature of how this value can be set
+# (Docker Compose doesn't support nested ENV vars).
+#export CABLE_PORT=28080
+
+# The Action Cable address that will be accessible over HTTP. In production
+# you would typically have this reverse proxied to a sub-domain with nginx, in
+# which case you would set something like: ws://cable.example.com
+#
+# This is one case where it defaults to a development value because it's not
+# possible for me to know what domain name you'll be using.
+#export ACTION_CABLE_FRONTEND_URL=ws://localhost:28080
+
+# Comma separated list of RegExp origins to allow connections from for Action
+# Cable. The values will be converted into a proper RegExp, so omit the / /.
+#
+# Examples:
+#   http:\/\/localhost*
+#   http:\/\/example.*,https:\/\/example.*
+#export ACTION_CABLE_ALLOWED_REQUEST_ORIGINS=http:\/\/localhost*
+
+# If this is set then Rails will serve files from public/ in production. You
+# probably don't want this behavior unless you're testing prod mode locally,
+# because nginx would typically serve static files.
+#export RAILS_SERVE_STATIC_FILES=
+
+# Should Docker restart your containers if they go down in unexpected ways?
+#export DOCKER_RESTART_POLICY=unless-stopped
+export DOCKER_RESTART_POLICY=no
+
+# What health check test command do you want to run? In development, having it
+# curl your web server will result in a lot of log spam, so setting it to
+# /bin/true is an easy way to make the health check do basically nothing.
+#export DOCKER_WEB_HEALTHCHECK_TEST=curl localhost:8000/up
+export DOCKER_WEB_HEALTHCHECK_TEST=/bin/true
+
+# What ip:port should be published back to the Docker host for the app server?
+# If you're using Docker Toolbox or a custom VM you can't use 127.0.0.1. This
+# is being overwritten in dev to be compatible with more dev environments.
+#
+# If you have a port conflict because something else is using 8000 then you
+# can either stop that process or change 8000 to be something else.
+#
+# Use the default in production to avoid having puma directly accessible to
+# the internet since it'll very likely be behind nginx or a load balancer.
+#export DOCKER_WEB_PORT_FORWARD=127.0.0.1:8000
+export DOCKER_WEB_PORT_FORWARD=127.0.0.1:3000
+
+# This is the same as above except for Action Cable.
+#export DOCKER_CABLE_PORT_FORWARD=127.0.0.1:28080
+export DOCKER_CABLE_PORT_FORWARD=28080
+
+# What volume path should be used? In dev we want to volume mount everything
+# so that we can develop our code without rebuilding our Docker images.
+#export DOCKER_WEB_VOLUME=./public:/app/public
+
+
+export DOCKER_WEB_VOLUME=.:/app
+
+# What CPU and memory constraints will be added to your services? When left at
+# 0 they will happily use as much as needed.
+# export DOCKER_POSTGRES_CPUS=0
+# export DOCKER_POSTGRES_MEMORY=0
+# export DOCKER_REDIS_CPUS=0
+# export DOCKER_REDIS_MEMORY=0
+# export DOCKER_WEB_CPUS=0
+# export DOCKER_WEB_MEMORY=0
+# export DOCKER_WORKER_CPUS=0
+# export DOCKER_WORKER_MEMORY=0
+# export DOCKER_CABLE_CPUS=0
+# export DOCKER_CABLE_MEMORY=0

.github/workflows/brakeman-analysis.yml

@@ -17,17 +17,17 @@ jobs:
     steps:
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Customize the ruby version depending on your needs
     - name: Setup Ruby
-      uses: actions/setup-ruby@v1
+      uses: ruby/setup-ruby@v1
       with:
         ruby-version: '2.7'
 
     - name: Setup Brakeman
       env:
-        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+        BRAKEMAN_VERSION: '5.4.0' # SARIF support is provided in Brakeman version 4.10+
       run: |
         gem install brakeman --version $BRAKEMAN_VERSION
 
@@ -39,6 +39,7 @@ jobs:
 
     # Upload the SARIF file generated in the previous step
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v1
+      uses: github/codeql-action/upload-sarif@v2
       with:
         sarif_file: output.sarif.json
+

.github/workflows/deploy.yml

@@ -17,23 +17,26 @@ name: Capistrano Deployment
 # Controls when the action will run.
 on:
   push:
-    branches: [ master ]
-
+    branches: [ development staging ]
   # Allows running this workflow manually from the Actions tab
   workflow_dispatch:
     inputs:
       BRANCH:
         description: 'Branch/tag to deploy'
-        default: master
+        options:
+          - development
+          - staging
+          - master
+        default: staging
         required: true
       environment:
         description: 'target environment to deploy to'
         type: choice
         options:
+          - development
           - staging
           - production
         default: staging
-
 jobs:
   deploy:
     runs-on: ubuntu-latest
@@ -48,7 +51,7 @@ jobs:
         # via shell parameter expansion
         # https://dev.to/mrmike/github-action-handling-input-default-value-5f2g
         USER_INPUT_BRANCH=${{ inputs.branch }}
-        echo "BRANCH=${USER_INPUT_BRANCH:-master}" >> $GITHUB_ENV
+        echo "BRANCH=${USER_INPUT_BRANCH:github.head_ref:-master}" >> $GITHUB_ENV
 
         USER_INPUT_ENVIRONMENT=${{ inputs.environment }}
         echo "TARGET=${USER_INPUT_ENVIRONMENT:-staging}" >> $GITHUB_ENV
@@ -65,13 +68,7 @@ jobs:
         token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your PAT
         path:  deploy_config
     - name: copy-deployment-config
-      run:  cp -r deploy_config/bioportal_web_ui/* .
-    # add ssh hostkey so that capistrano doesn't complain
-    - name: Add jumphost's hostkey to Known Hosts
-      run: |
-        mkdir -p ~/.ssh
-        ssh-keyscan -H ${{ secrets.SSH_JUMPHOST }} > ~/.ssh/known_hosts
-      shell: bash
+      run:  cp -r deploy_config/ontoportal_web_ui/${{ inputs.environment }}/* .
     - uses: miloserdow/capistrano-deploy@master
       with:
         target: ${{ env.TARGET }} # which environment to deploy

.gitignore

@@ -17,8 +17,9 @@ rerun.txt
 pickle-email-*.html
 config/bioportal_config*.rb
 config/database.yml
-config/secrets.yml
 config/deploy/*
+config/locales/en.rb
+config/secrets.yml
 **.DS_Store
 /public/**/cache/**
 /public/umls/*
@@ -30,16 +31,23 @@ nohup.out
 # Ignore editor files
 .idea
 *.swp
+.rbenv-gemsets
 
 .tags
 
 .tags_sorted_by_file
 
-config/newrelic.yml
-
 node_modules
-_env_config/*
-config_prod/*
+.env
+config/site_config.rb
+docker-sync.yml
+.docker-sync/daemon.log
+.docker-sync/daemon.pid
+
+/app/assets/builds/*
+!/app/assets/builds/.keep
+
+/node_modules
 
 TAGS
 

Dockerfile

@@ -0,0 +1,50 @@
+FROM ruby:2.7.5-alpine AS app
+
+WORKDIR /app
+
+ARG UID=1000
+ARG GID=1000
+
+RUN apk add --no-cache \
+    build-base \
+    libxml2-dev \
+    libxslt-dev \
+    mariadb-dev \
+    git \
+    nodejs \
+    tzdata \
+    yarn \
+    less \
+  && addgroup --gid ${GID} ruby \
+  && adduser  -u ${UID} -G ruby -D  ruby \
+  && chown ruby:ruby -R /app \
+  && mkdir /node_modules \
+  && chown ruby:ruby -R /node_modules /app
+
+USER ruby
+
+COPY --chown=ruby:ruby bin/ ./bin
+RUN chmod 0755 bin/*
+
+ARG RAILS_ENV="production"
+
+ENV RAILS_ENV="${RAILS_ENV}" \
+    NODE_ENV="${NODE_ENV}" \
+    PATH="${PATH}:/home/ruby/.local/bin:/node_modules/.bin" \
+    USER="ruby" \
+    BUNDLE_PATH=/usr/local/bundle
+
+COPY --chown=ruby:ruby Gemfile* ./
+RUN bundle install --jobs "$(nproc)"
+RUN gem install rails 
+
+
+
+RUN echo "--modules-folder /node_modules" > .yarnrc
+COPY --chown=ruby:ruby package.json *yarn* ./
+RUN yarn install
+
+
+EXPOSE 3000
+
+CMD ["sh"]