Add production-ready Docker image

The docker image is not meant for local development, but for a production-level deployment. It is based on the Docker setup added by default for new Rails apps.

As part of this change, we had to rethink our integration of JavaScript and CSS compressors. Without the change in `production.rb`, an ExecJS runtime would be needed to run the Rails app. Since we require a JavaScript runtime only for the asset compilation (but not when serving the application), this would bloat the Docker image unnecessarily.

Author: MrSerth

.dockerignore

@@ -0,0 +1,83 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
+
+# Ignore git directory.
+/.git/
+/.gitignore
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore all environment files (except templates).
+/.env*
+!/.env*.erb
+
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/.keep
+/public/uploads
+
+# Ignore assets.
+/node_modules/
+/app/assets/builds/*
+!/app/assets/builds/.keep
+/public/packs
+/public/packs-test
+/public/assets
+
+# Ignore CI service files.
+/.github
+
+# Ignore development files
+/.devcontainer
+
+# Ignore Docker-related files
+/.dockerignore
+/Dockerfile*
+
+# Ignore temporary files
+/coverage
+/rubocop.html
+*.DS_Store
+
+## Ignore editor-specific artifacts
+# Vagrant
+/.vagrant
+/vagrant
+# Sublime
+*.sublime-*
+# IntelliJ
+/.idea
+*.iml
+
+# Ignore Byebug command history file.
+.byebug_history
+
+# Ignore yarn files
+/yarn-error.log
+yarn-debug.log*
+.yarn-integrity
+# Ignore more Yarn files per documentation:
+# https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
+.pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions

.github/dependabot.yml

@@ -30,3 +30,13 @@ updates:
     labels:
       - dependencies
       - github-actions
+
+  - package-ecosystem: docker
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "03:00"
+      timezone: UTC
+    labels:
+      - dependencies
+      - docker

Dockerfile

@@ -0,0 +1,82 @@
+# syntax = docker/dockerfile:1
+
+# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
+# docker build -t my-app .
+# docker run -d -p 80:80 -p 443:443 --name my-app -e RAILS_MASTER_KEY=<value from config/master.key> my-app
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
+ARG RUBY_VERSION=3.3.5
+FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
+
+# Rails app lives here
+WORKDIR /rails
+
+# Install base packages
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Set production environment
+ENV RAILS_ENV="production" \
+    BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_PATH="/usr/local/bundle" \
+    BUNDLE_WITHOUT="development:test"
+
+# Throw-away build stage to reduce size of final image
+FROM base AS build
+
+# Install packages needed to build gems and node modules
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y build-essential git libpq-dev node-gyp pkg-config python-is-python3 && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Install JavaScript dependencies
+ARG NODE_VERSION=22.9.0
+ENV PATH=/usr/local/node/bin:$PATH
+RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \
+    /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
+    corepack enable && \
+    rm -rf /tmp/node-build-master
+
+# Install application gems
+COPY Gemfile Gemfile.lock ./
+RUN bundle install && \
+    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
+    bundle exec bootsnap precompile --gemfile
+
+# Install node modules
+COPY package.json yarn.lock .yarnrc.yml ./
+RUN yarn install --immutable
+
+# Copy application code
+COPY . .
+
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
+
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
+
+
+RUN rm -rf node_modules
+
+
+# Final stage for app image
+FROM base
+
+# Copy built artifacts: gems, application
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /rails /rails
+
+# Run and own only the runtime files as a non-root user for security
+RUN groupadd --system --gid 1000 rails && \
+    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
+    chown -R rails:rails db log storage tmp
+USER 1000:1000
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 7500
+CMD ["./bin/rails", "server"]

Gemfile

@@ -6,7 +6,7 @@ gem 'acts-as-taggable-on'
 gem 'bcrypt'
 gem 'bootsnap', require: false
 gem 'bootstrap-will_paginate'
-gem 'coffee-rails', '>= 5.0.0' # Use CoffeeScript for .coffee assets and views
+gem 'coffee-rails', require: false
 gem 'config'
 gem 'devise-bootstrap-views'
 gem 'faraday'
@@ -43,7 +43,7 @@ gem 'simple_form'
 gem 'slim-rails'
 gem 'solid_queue'
 gem 'sprockets-rails'
-gem 'terser'
+gem 'terser', require: false
 gem 'turbolinks'
 gem 'whenever', require: false
 

Gemfile.lock

@@ -609,7 +609,7 @@ DEPENDENCIES
   bootstrap-will_paginate
   brakeman
   capybara
-  coffee-rails (>= 5.0.0)
+  coffee-rails
   config
   database_cleaner
   devise (~> 4.9)

README.md

@@ -8,7 +8,7 @@
 CodeHarbor is a repository system for automatically gradeable programming exercises and enables instructors to exchange of such exercises via the [ProFormA XML](https://github.com/ProFormA/proformaxml) format across diverse code assessment systems.
 
 ## Server Setup and Deployment
-Use [Capistrano](https://capistranorb.com/). Docker and Vagrant are for local development only.
+Use [Capistrano](https://capistranorb.com/). or the provided Dockerfile (only for production). Vagrant is for local development only.
 
 
 ## Development Setup

bin/docker-entrypoint

@@ -0,0 +1,13 @@
+#!/bin/bash -e
+
+# Enable jemalloc for reduced memory usage and latency.
+if [ -z "${LD_PRELOAD+x}" ] && [ -f /usr/lib/*/libjemalloc.so.2 ]; then
+  export LD_PRELOAD="$(echo /usr/lib/*/libjemalloc.so.2)"
+fi
+
+# If running the rails server then create or migrate existing database
+if [ "${1}" == "./bin/rails" ] && [ "${2}" == "server" ]; then
+  ./bin/rails db:prepare
+fi
+
+exec "${@}"

config/environments/production.rb

@@ -25,11 +25,17 @@
   # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead.
   config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
-  # Compress CSS using a preprocessor.
-  config.assets.css_compressor = :sass
+  config.assets.configure do |env|
+    require 'coffee-rails'
+    require 'terser'
+    env.register_compressor 'application/javascript', :terser, Terser::Compressor
 
-  # Compress JavaScript using a preprocessor.
-  config.assets.js_compressor = :terser
+    # Compress CSS using a preprocessor.
+    config.assets.css_compressor = :sass
+
+    # Compress JavaScript using a preprocessor.
+    config.assets.js_compressor = :terser
+  end
 
   # Do not fall back to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false

docs/environment_variables.md

@@ -7,6 +7,7 @@ The following environment variables are specifically support in CodeHarbor and a
 | `RAILS_ENV` | `development` | Specifies the Rails environment which can be configured using the files in `config/environments` |  
 | `SECRET_KEY_BASE` | ` ` | Specifies a server-side secret for Rails, must be set for production |  
 | `RAILS_RELATIVE_URL_ROOT` | `/` | Specifies the subpath of the application, used for links and assets |  
+| `DATABASE_URL` | ` ` | Specifies database parameters to use, rather than those specified in `config/database.yml`. A valid URL would be `postgresql://username:password@host:5432/database?pool=5` |  
 | `WEB_CONCURRENCY` | Number of physical CPU cores | Puma worker count in production for cluster mode |
 | `RAILS_MAX_THREADS` | `3` | Maximum Puma thread count per worker |  
 | `PORT` | `7500` | Default port for the web server |