add k8s deployment

.github/workflows/release.yaml

@@ -0,0 +1,80 @@
+# yamllint disable rule:comments
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Release Hermes
+
+'on':
+  push:
+    branches:
+      - master
+      - feat/k8s
+
+env:
+  SERVICE_NAME: hermes
+
+jobs:
+  build:
+    runs-on: arc-runner-set-prod
+
+    steps:
+      - name: Install prerequisites
+        run: >-
+          sudo apt-get update &&
+          sudo apt-get install --yes --no-install-recommends curl git &&
+          sudo apt-get clean &&
+          sudo rm -rf /var/lib/apt/lists/*
+
+      - name: Generate Token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        id: generate-token
+        with:
+          app_id: "${{ secrets.RENOVATEBOT_APP_ID }}"
+          private_key: "${{ secrets.RENOVATEBOT_APP_PRIVATE_KEY }}"
+
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          token: "${{ steps.generate-token.outputs.token }}"
+
+      - name: Get build tag
+        id: vars
+        run: |-
+          echo "${{ secrets.IFAD_BOT_SSH_KEY }}" > /tmp/ssh_key
+          chmod 600 /tmp/ssh_key
+          echo "docker_image_tag=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          echo "service_name=${SERVICE_NAME}" >> $GITHUB_OUTPUT
+
+      - name: Login to IFAD Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ secrets.HARBOR_URL }}
+          username: ${{ secrets.HARBOR_USER }}
+          password: ${{ secrets.HARBOR_PASS }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          context: .
+          push: true
+          tags: ${{ secrets.HARBOR_URL }}/services/${{ steps.vars.outputs.service_name }}:${{ steps.vars.outputs.docker_image_tag }}
+          secret-files: "ssh_private_key=/tmp/ssh_key"
+
+      - name: Install ArgoCD
+        run: |
+          curl -sSL -o argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
+          chmod +x argocd
+          export USER=argocd
+          # The master branch is linked to ArgoCD production, all other branches are linked to ArgoCD staging
+          if [ "${{ github.ref }}" = "refs/heads/master" ]; then
+            ./argocd login ${{ secrets.PROD_ARGOCD_URL }} --username ${{ secrets.PROD_ARGOCD_USER }} --password ${{ secrets.PROD_ARGOCD_PASS }} --insecure --skip-test-tls --grpc-web
+          else
+            ./argocd login ${{ secrets.ARGOCD_URL }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASS }} --insecure --skip-test-tls --grpc-web
+          fi
+
+      - name: Configure and Update ArgoCD
+        run: |
+          ./argocd app set $SERVICE_NAME --plugin-env DEPLOY_TAG="${{ steps.vars.outputs.docker_image_tag }}"
+          ./argocd app get $SERVICE_NAME --hard-refresh
+          sleep 10
+          ./argocd app sync $SERVICE_NAME
+# yamllint enable rule:comments

.gitignore

@@ -17,8 +17,4 @@
 /log
 /tmp
 
-/config/database.yml
-/config/email.yml
-/config/initializers/secret_token.rb
-
 /public/assets

Dockerfile

@@ -0,0 +1,23 @@
+FROM registry.ifad.org/library/ruby:2.3.8
+
+COPY --chown=1000:1000 . /app
+
+USER root
+
+ENV GIT_SSH_COMMAND='ssh -i /run/secrets/ssh_private_key -o IdentitiesOnly=yes'
+ENV HOME=/app
+ENV RAILS_ENV=staging
+
+RUN --mount=type=secret,uid=1000,gid=1000,id=ssh_private_key \
+    apt-get update \
+ && apt-get install --yes --no-install-recommends build-essential libmagickwand-dev libpq-dev libyaml-dev \
+ && su ruby -m -c "script/build-docker.sh" \
+ && apt-get remove --purge --yes build-essential \
+ && apt-get autoremove --yes --purge \
+ && apt-get clean --yes \
+ && rm -rf /var/lib/apt/lists/*
+
+USER 1000:1000
+EXPOSE 3000
+
+CMD ["bundle", "exec", "rails", "s", "-b", "0.0.0.0", "-p", "3000"]

Gemfile

@@ -1,30 +1,33 @@
 source 'https://rubygems.org'
 
+ruby '2.3.8'
+
 gem 'rails', '~> 4.1.7'
 gem 'devise'
 gem 'bcrypt-ruby', '~> 3.0.0'
 gem 'jquery-rails'
 gem 'jquery-ui-rails'
 gem 'turbolinks'
-gem 'ranked-model', github: 'mixonic/ranked-model'
+gem 'ranked-model', git: 'https://github.com/mixonic/ranked-model', ref: '93f4502b776ae527d42bba9ad29eecf7137c6a76'
 gem 'jbuilder', '~> 1.2'
 gem 'uglifier', '>= 1.3.0'
 gem 'therubyracer', platforms: :ruby
 gem 'less-rails'
-gem 'twitter-bootstrap-rails', :git => 'git://github.com/seyhunak/twitter-bootstrap-rails.git'
+gem 'twitter-bootstrap-rails', :git => 'https://github.com/seyhunak/twitter-bootstrap-rails.git', ref: '67f160dd2ff5cc7cd843a17866c3b6bc8e7f2794'
 gem 'momentjs-rails', '>= 2.8.1'
 gem 'bootstrap3-datetimepicker-rails', '~> 3.1.3'
 gem 'sanitize-rails'
 gem 'bootstrap-wysihtml5-rails'
 gem 'haml-rails'
 gem 'font-awesome-rails'
-gem 'data-confirm-modal', github: 'ifad/data-confirm-modal'
+gem 'data-confirm-modal', git: 'https://github.com/ifad/data-confirm-modal', ref: '81d140fe51e70771821ae0434a32dacf69ca5292'
 gem 'animate-rails'
 gem 'autosize-rails'
 gem 'medium-editor-rails'
 gem 'zeroclipboard-rails'
 gem 'airbrake'
 gem 'cancan'
+gem 'puma'
 
 group :doc do
   gem 'sdoc', require: false
@@ -63,6 +66,9 @@ group :development do
 end
 
 group :production do
-  gem 'unicorn'
   gem 'pg'
 end
+
+group :build do
+  gem 'activerecord-nulldb-adapter'
+end

Gemfile.lock

@@ -1,20 +1,23 @@
 GIT
-  remote: git://github.com/ifad/data-confirm-modal.git
+  remote: https://github.com/ifad/data-confirm-modal
   revision: 81d140fe51e70771821ae0434a32dacf69ca5292
+  ref: 81d140fe51e70771821ae0434a32dacf69ca5292
   specs:
     data-confirm-modal (1.0.1)
       railties (>= 3.0)
 
 GIT
-  remote: git://github.com/mixonic/ranked-model.git
+  remote: https://github.com/mixonic/ranked-model
   revision: 93f4502b776ae527d42bba9ad29eecf7137c6a76
+  ref: 93f4502b776ae527d42bba9ad29eecf7137c6a76
   specs:
     ranked-model (0.4.0)
       activerecord (>= 3.1.12)
 
 GIT
-  remote: git://github.com/seyhunak/twitter-bootstrap-rails.git
+  remote: https://github.com/seyhunak/twitter-bootstrap-rails.git
   revision: 67f160dd2ff5cc7cd843a17866c3b6bc8e7f2794
+  ref: 67f160dd2ff5cc7cd843a17866c3b6bc8e7f2794
   specs:
     twitter-bootstrap-rails (3.2.0)
       actionpack (>= 3.1)
@@ -45,6 +48,8 @@ GEM
       activemodel (= 4.1.8)
       activesupport (= 4.1.8)
       arel (~> 5.0.0)
+    activerecord-nulldb-adapter (0.4.0)
+      activerecord (>= 2.0.0)
     activesupport (4.1.8)
       i18n (~> 0.6, >= 0.6.9)
       json (~> 1.7, >= 1.7.7)
@@ -164,7 +169,6 @@ GEM
     jquery-ui-rails (5.0.2)
       railties (>= 3.2.16)
     json (1.8.2)
-    kgio (2.9.2)
     launchy (2.4.2)
       addressable (~> 2.3)
     less (2.6.0)
@@ -191,6 +195,7 @@ GEM
     multi_json (1.10.1)
     mysql2 (0.3.17)
     nenv (0.2.0)
+    nio4r (2.5.2)
     nokogiri (1.6.4.1)
       mini_portile (~> 0.6.0)
     nokogumbo (1.1.12)
@@ -213,6 +218,8 @@ GEM
       pry (>= 0.9.10, < 0.11.0)
     pry-rails (0.3.2)
       pry (>= 0.9.10)
+    puma (5.6.8)
+      nio4r (~> 2.0)
     rack (1.5.2)
     rack-test (0.6.3)
       rack (>= 1.0)
@@ -231,7 +238,6 @@ GEM
       activesupport (= 4.1.8)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    raindrops (0.13.0)
     rake (10.4.2)
     rb-fsevent (0.9.4)
     rb-inotify (0.9.5)
@@ -309,10 +315,6 @@ GEM
     uglifier (2.5.3)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
-    unicorn (4.8.3)
-      kgio (~> 2.6)
-      rack
-      raindrops (~> 0.7)
     vcr (2.9.3)
     warden (1.2.3)
       rack (>= 1.0)
@@ -328,6 +330,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  activerecord-nulldb-adapter
   airbrake
   animate-rails
   autosize-rails
@@ -362,6 +365,7 @@ DEPENDENCIES
   pry
   pry-nav
   pry-rails
+  puma
   rails (~> 4.1.7)
   ranked-model!
   rspec-collection_matchers
@@ -375,6 +379,11 @@ DEPENDENCIES
   turbolinks
   twitter-bootstrap-rails!
   uglifier (>= 1.3.0)
-  unicorn
   vcr
   zeroclipboard-rails
+
+RUBY VERSION
+   ruby 2.3.8p459
+
+BUNDLED WITH
+   1.17.3

app/controllers/health_check_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+class HealthCheckController < ActionController::Base # rubocop:disable Rails/ApplicationController
+  def index
+    db_alive = ActiveRecord::Base.connection.active?
+
+    render json: { database: db_alive ? 'OK' : 'DOWN' },
+           status: db_alive ? :ok : :service_unavailable
+  rescue StandardError
+    render json: { database: 'DOWN' }, status: :service_unavailable
+  end
+end

config/database.yml

@@ -0,0 +1,14 @@
+---
+default: &default
+  adapter:  postgresql
+  encoding: utf8
+  timeout:  5000
+  database: "<%= ENV.fetch('DB_DATABASE', 'hermes') %>"
+  username: "<%= ENV.fetch('DB_USERNAME', 'hermes') %>"
+  password: "<%= ENV.fetch('DB_PASSWORD', '') %>"
+  host:     "<%= ENV.fetch('DB_HOST', 'localhost') %>"
+
+development: *default
+test: *default
+staging: *default
+production: *default

config/email.yml

@@ -0,0 +1,16 @@
+---
+default: &default
+  delivery_method: :smtp
+
+  smtp_settings:
+    address:  "<%= ENV.fetch('EMAIL_SMTP_SETTINGS_ADDRESS', 'localhost') %>"
+    port:     <%= ENV.fetch('EMAIL_SMTP_SETTINGS_PORT', 1025) %>
+
+  default_url_options:
+    protocol: "<%= ENV.fetch('EMAIL_DEFAULT_URL_OPTIONS_PROTOCOL', 'http') %>"
+    host:     "<%= ENV.fetch('EMAIL_DEFAULT_URL_OPTIONS_HOST', 'localhost') %>"
+
+development: *default
+test: *default
+staging: *default
+production: *default