adds envconsul to inject secrets into container. allows container to …

…be run in "sidekiq" mode
psu-stewardship · Sep 25, 2019 · aa5aedf · aa5aedf
1 parent 16c6bd7
commit aa5aedf
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -12,6 +12,11 @@ RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | b
 ENV NODE_PATH $NVM_DIR/v$NODE_VERSION/lib/node_modules
 ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
 
+### Envconsul
+RUN curl -Lo /tmp/envconsul.zip https://releases.hashicorp.com/envconsul/0.9.0/envconsul_0.9.0_linux_amd64.zip && \
+    unzip /tmp/envconsul.zip -d /bin && \
+    rm /tmp/envconsul.zip
+
 RUN . $NVM_DIR/nvm.sh \
     && nvm install $NODE_VERSION \
     && nvm alias default $NODE_VERSION \
@@ -35,6 +40,6 @@ RUN bundle install
 
 COPY . /app
 
-RUN aws_bucket=bucket aws_access_key_id=key aws_secret_access_key=access aws_region=us-east-1 rails assets:precompile
+RUN RAILS_ENV=production SECRET_KEY_BASE=$(bundle exec rails secret) aws_bucket=bucket aws_access_key_id=key aws_secret_access_key=access aws_region=us-east-1 rails assets:precompile
 
 CMD ["./entrypoint.sh"]
diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css
@@ -16,4 +16,3 @@
 
  /* uppy styles from https://transloadit.edgly.net/releases/uppy/v1.4.0/uppy.min.css placed in ./uppy/uppy.css
  */
- require 'uppy'
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -25,7 +25,8 @@
   config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
   # Compress JavaScripts and CSS.
-  config.assets.js_compressor = :uglifier
+  # config.assets.js_compressor = :uglifier
+  config.assets.js_compressor = Uglifier.new(harmony: true)
   # config.assets.css_compressor = :sass
 
   # Do not fallback to assets pipeline if a precompiled asset is missed.

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,6 +1,28 @@
 #!/bin/bash
+set -e 
 
-rails db:create
-rails db:migrate
+# Vault init container will drop the token in /etc/vault/token; alternatively we can set the VAULT_TOKEN env variable 
+if [ -f /vault/token ]; then
+    export VAULT_TOKEN=$(cat /vault/token)
+fi
 
-rails s -b '0.0.0.0'
+function start_envconsul() {
+    set -u 
+    envconsul \
+        -vault-addr=${VAULT_ADDR} \
+        -secret=${VAULT_PATH} \
+        -vault-token=${VAULT_TOKEN} \
+        -no-prefix=true \
+        -vault-renew-token=false \
+        -once \
+        -exec='bash start.sh'
+}
+
+
+if [ -n "${VAULT_TOKEN}" ]; then
+    echo "have token. starting envconsul"
+    start_envconsul
+else
+    echo "starting the app"
+    bash start.sh
+fi
diff --git a/start.sh b/start.sh
@@ -0,0 +1,11 @@
+
+
+if [ ${APP_ROLE:-app} == "sidekiq" ]; then
+    echo "starting sidekiq"
+    bundle exec sidekiq
+else
+    echo "starting rails"
+    rails db:create
+    rails db:migrate
+    rails s -b '0.0.0.0'
+fi
Original file line number	Diff line number	Diff line change
Expand Up		@@ -16,4 +16,3 @@

		/* uppy styles from https://transloadit.edgly.net/releases/uppy/v1.4.0/uppy.min.css placed in ./uppy/uppy.css
		*/
		require 'uppy'