Commit ad74b64c authored by Stephen Dolan's avatar Stephen Dolan

First commit to gitlab. Bump ansible, add gitlab ci

parent d8524495
---
image: registry.gitlab.com/stim-awesome/stim-awesome:latest
stages:
- lint
- test
- deploy
before_script:
- ruby -v
- bundle install
# Us tr to fix line endings which makes ed25519 keys work without extra base64 encoding.
# https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
.add_production_ssh_key: &add_production_ssh_key |
which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
eval $(ssh-agent -s)
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keyscan 34.237.127.98 >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
.cache_policies:
push: &push
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
policy: push
pull: &pull
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
policy: pull
rubocop:
stage: lint
cache: *pull
except:
variables:
- $CUSTOM_PIPELINE_TYPE
script:
- bundle exec rubocop --fail-fast
brakeman:
stage: lint
cache: *pull
except:
variables:
- $CUSTOM_PIPELINE_TYPE
script:
- bundle exec brakeman --exit-on-warn --quiet --confidence-level 3
yard:
stage: lint
cache: *pull
except:
variables:
- $CUSTOM_PIPELINE_TYPE
script:
- bundle exec yard doc --fail-on-warning
- ./bin/check-yard-stats
rspec:
stage: test
cache: *pull
except:
variables:
- $CUSTOM_PIPELINE_TYPE
services:
- postgres:11-alpine
variables:
POSTGRES_DB: stimawesome_test
POSTGRES_USER: postgres
POSTGRES_PASSWORD: ''
RAILS_ENV: test
script:
- bundle exec rails db:test:prepare --quiet
- bundle exec rails assets:precompile
- bundle exec rspec
update_infrastructure:
stage: deploy
only:
refs:
- master
variables:
- $CUSTOM_PIPELINE_TYPE == "ansible"
environment:
name: production
url: https://stimawesome.com
script:
- *add_production_ssh_key
- cd ansible
- chmod 644 ansible.cfg
- echo "$ANSIBLE_VAULT_PASSWORD" > vault-password.txt
- ansible-galaxy install -r galaxy.roles.yml
- ansible-playbook -i production_hosts.yml webserver.yml --vault-password-file vault-password.txt
deploy:
stage: deploy
only:
- master
except:
variables:
- $CUSTOM_PIPELINE_TYPE
environment:
name: production
url: https://stimawesome.com
variables:
USERNAME: '$GITLAB_USER_EMAIL'
script:
- *add_production_ssh_key
- bundle exec cap production deploy
---
inherit_gem:
bss_style: rubocop/default.yml
inherit_from: .rubocop_todo.yml
require: rubocop-rspec
Metrics/LineLength:
Max: 125
Metrics/MethodLength:
Max: 25
Style/Documentation:
Enabled: false
Style/DocumentationMethod:
Enabled: false
Style/TrailingCommaInArrayLiteral:
EnforcedStyleForMultiline: comma
Style/TrailingCommaInArguments:
EnforcedStyleForMultiline: comma
Style/TrailingCommaInHashLiteral:
EnforcedStyleForMultiline: comma
Style/StringLiterals:
EnforcedStyle: double_quotes
Style/StringLiteralsInInterpolation:
EnforcedStyle: double_quotes
Style/IfUnlessModifier:
Enabled: false
Style/ConditionalAssignment:
EnforcedStyle: assign_inside_condition
Layout/AlignHash:
EnforcedHashRocketStyle: table
EnforcedColonStyle: table
Layout/AlignParameters:
EnforcedStyle: with_fixed_indentation
Layout/EndOfLine:
EnforcedStyle: lf
Layout/IndentFirstArrayElement:
EnforcedStyle: consistent
Layout/MultilineArrayBraceLayout:
EnforcedStyle: new_line
Layout/MultilineHashBraceLayout:
EnforcedStyle: new_line
Layout/MultilineMethodCallBraceLayout:
EnforcedStyle: new_line
Layout/MultilineMethodCallIndentation:
EnforcedStyle: indented
Layout/AlignArguments:
EnforcedStyle: with_fixed_indentation
Layout/IndentFirstHashElement:
EnforcedStyle: consistent
Layout/CaseIndentation:
IndentOneStep: true
Layout/ClassStructure:
Enabled: true
Categories:
module_inclusion:
- include
- prepend
- extend
scopes:
- scope
associations:
- has_many
- has_one
- belongs_to
attributes:
- attr_accessor
- attr_reader
- attr_writer
ExpectedOrder:
- module_inclusion
- attributes
- constants
- scopes
- associations
- public_class_methods
- initializer
- public_methods
- protected_methods
- private_methods
# This configuration was generated by
# `rubocop --auto-gen-config`
# on 2019-07-06 13:13:45 -0400 using RuboCop version 0.72.0.
# The point is for the user to remove these configuration records
# one by one as the offenses are removed from the code base.
# Note that changes in the inspected code, or installation of new
# versions of RuboCop, may require this file to be generated again.
# Offense count: 7
# Configuration parameters: CountComments, ExcludedMethods.
# ExcludedMethods: refine
Metrics/BlockLength:
Max: 54
# Offense count: 1
# Cop supports --auto-correct.
# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
# URISchemes: http, https
Metrics/LineLength:
Exclude:
- 'config/initializers/pagy.rb'
Max: 170
# Offense count: 1
# Cop supports --auto-correct.
# Configuration parameters: AutoCorrect, EnforcedStyle.
# SupportedStyles: nested, compact
Style/ClassAndModuleChildren:
Exclude:
- 'config/initializers/rack_attack.rb'
# Offense count: 2
Style/MixinUsage:
Exclude:
- 'bin/setup'
- 'bin/update'
......@@ -24,7 +24,7 @@ require "whenever/capistrano"
# Load ruby version helpers and settings
require "capistrano/rbenv"
set :rbenv_type, :user
set :rbenv_ruby, "2.5.3"
set :rbenv_ruby, "2.5.5"
# Load the Git plugin
require "capistrano/scm/git"
......
FROM ruby:2.5.3
FROM ruby:2.5.5
LABEL maintainer="dolan.stephen1@gmail.com"
......@@ -8,8 +8,8 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
# Add Google Chrome repo
RUN curl -sS https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
RUN echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google.list
# RUN curl -sS https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add -
# RUN echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google.list
# Install the following apt based dependencies required to run application:
# - Build Essential for dev packages
......@@ -24,9 +24,9 @@ RUN apt-get update && apt-get install -y \
postgresql \
nodejs \
yarn \
openssh-client \
google-chrome-stable \
imagemagick
openssh-client
# google-chrome-stable \
# imagemagick
# Configure the main working directory. This is the base directory used
# in any further RUN, COPY, and ENTRYPOINT commands.
......
......@@ -2,7 +2,7 @@
source "https://rubygems.org"
ruby "2.5.3"
ruby "2.5.5"
gem "bootsnap", "~> 1.3.2", require: false # Faster boot times
gem "capistrano", "~> 3.11.0" # Deployment automation
......@@ -54,7 +54,6 @@ group :development do
gem "better_errors", "~> 2.5.0" # Improved error page
gem "binding_of_caller", "~> 0.8.0" # Enable advanced features of Better Errors
gem "brakeman", "~> 4.3.1", require: false # Check for security vulnerabilities
gem "bss_style", "~> 1.0.2" # Style and linter configurations
gem "capistrano-local-precompile", "~> 1.2.0"
gem "erb_lint", "~> 0.0.28" # Linters for ERB code
gem "guard", "~> 2.15.0" # Development server event handler
......@@ -62,8 +61,8 @@ group :development do
gem "guard-livereload", "~> 2.5.2" # Reload the browser when view files change
gem "guard-process", "~> 1.2.1" # Run arbitrary processes from Guardfile
gem "listen", "~> 3.1.5" # Watch for file modifications
gem "rubocop", "~> 0.60.0" # Style and formatting checker
gem "rubocop-rspec", "~> 1.30.1" # RSpec plugin for Rubocop
gem "rubocop", "~> 0.72.0" # Style linter
gem "rubocop-rspec", "~> 1.33.0" # Style linter
gem "web-console", "~> 3.7.0" # Debugging console
gem "yard", "~> 0.9.16" # Documentation generator
end
......@@ -68,8 +68,6 @@ GEM
bootsnap (1.3.2)
msgpack (~> 1.0)
brakeman (4.3.1)
bss_style (1.0.2)
rubocop (~> 0.60.0)
builder (3.2.3)
bullet (5.9.0)
activesupport (>= 3.0.0)
......@@ -175,7 +173,7 @@ GEM
i18n (1.5.3)
concurrent-ruby (~> 1.0)
io-like (0.3.0)
jaro_winkler (1.5.2)
jaro_winkler (1.5.3)
jbuilder (2.8.0)
activesupport (>= 4.2.0)
multi_json (>= 1.2)
......@@ -212,14 +210,13 @@ GEM
nenv (~> 0.1)
shellany (~> 0.0)
pagy (0.23.1)
parallel (1.13.0)
parser (2.6.0.0)
parallel (1.17.0)
parser (2.6.3.0)
ast (~> 2.4.0)
pg (1.1.4)
pg_search (2.1.4)
activerecord (>= 4.2)
activesupport (>= 4.2)
powerpack (0.1.2)
pry (0.12.2)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
......@@ -287,17 +284,16 @@ GEM
rspec-support (3.8.0)
rspec_junit_formatter (0.4.1)
rspec-core (>= 2, < 4, != 2.12.0)
rubocop (0.60.0)
rubocop (0.72.0)
jaro_winkler (~> 1.5.1)
parallel (~> 1.10)
parser (>= 2.5, != 2.5.1.1)
powerpack (~> 0.1)
parser (>= 2.6)
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
unicode-display_width (~> 1.4.0)
rubocop-rspec (1.30.1)
unicode-display_width (>= 1.4.0, < 1.7)
rubocop-rspec (1.33.0)
rubocop (>= 0.60.0)
ruby-progressbar (1.10.0)
ruby-progressbar (1.10.1)
ruby_dep (1.5.0)
rubyzip (1.2.2)
safe_yaml (1.0.5)
......@@ -353,7 +349,7 @@ GEM
thread_safe (~> 0.1)
uglifier (4.1.20)
execjs (>= 0.3.0, < 3)
unicode-display_width (1.4.1)
unicode-display_width (1.6.0)
uniform_notifier (1.12.1)
url (0.3.2)
validate_url (1.0.2)
......@@ -389,7 +385,6 @@ DEPENDENCIES
binding_of_caller (~> 0.8.0)
bootsnap (~> 1.3.2)
brakeman (~> 4.3.1)
bss_style (~> 1.0.2)
bullet (~> 5.9.0)
capistrano (~> 3.11.0)
capistrano-bundler (~> 1.5.0)
......@@ -423,8 +418,8 @@ DEPENDENCIES
rouge (~> 3.3.0)
rspec-rails (~> 3.8.1)
rspec_junit_formatter (~> 0.4.1)
rubocop (~> 0.60.0)
rubocop-rspec (~> 1.30.1)
rubocop (~> 0.72.0)
rubocop-rspec (~> 1.33.0)
sass-rails (~> 5.0.7)
selenium-webdriver (~> 3.141.0)
sentry-raven (~> 2.7.4)
......@@ -441,7 +436,7 @@ DEPENDENCIES
yard (~> 0.9.16)
RUBY VERSION
ruby 2.5.3p105
ruby 2.5.5p157
BUNDLED WITH
2.0.1
2.0.2
# frozen_string_literal: true
guard :bundler do
require 'guard/bundler'
require 'guard/bundler/verify'
require "guard/bundler"
require "guard/bundler/verify"
helper = Guard::Bundler::Verify.new
files = ['Gemfile']
files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
files = ["Gemfile"]
files += Dir["*.gemspec"] if files.any? { |f| helper.uses_gemspec?(f) }
# Assume files are symlinked from somewhere
files.each { |file| watch(helper.real_path(file)) }
end
guard :process, name: 'Docker Compose', command: 'docker-compose up' do
watch('docker-compose.yml')
guard :process, name: "Docker Compose", command: "docker-compose up" do
watch("docker-compose.yml")
end
guard :process, name: 'Webpack Dev Server', command: './bin/webpack-dev-server' do
watch('config/webpacker.yml')
watch('app/javascript/packs/application.js')
guard :process, name: "Webpack Dev Server", command: "./bin/webpack-dev-server" do
watch("config/webpacker.yml")
watch("app/javascript/packs/application.js")
end
guard 'livereload' do
guard "livereload" do
extensions = {
css: :css,
scss: :css,
sass: :css,
js: :js,
css: :css,
scss: :css,
sass: :css,
js: :js,
coffee: :js,
html: :html,
png: :png,
gif: :gif,
jpg: :jpg,
jpeg: :jpeg,
html: :html,
png: :png,
gif: :gif,
jpg: :jpg,
jpeg: :jpeg,
# less: :less, # uncomment if you want LESS stylesheets done in browser
}
rails_view_exts = %w(erb)
rails_view_exts = %w[erb]
# file types LiveReload may optimize refresh for
compiled_exts = extensions.values.uniq
......@@ -46,7 +48,8 @@ guard 'livereload' do
(?:/assets/\w+/(?<path>[^.]+) # path+base without extension
(?<ext>\.#{ext})) # matching extension (must be first encountered)
(?:\.\w+|$) # other extensions
}x) do |m|
}x,
) do |m|
path = m[1]
"/assets/#{path}.#{type}"
end
......
......@@ -3,6 +3,6 @@
# Add your own tasks in files placed in lib/tasks ending in .rake,
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
require_relative 'config/application'
require_relative "config/application"
Rails.application.load_tasks
[defaults]
retry_files_enabled = False # Do not create retry files on failures
host_key_checking = False
---
- src: https://github.com/nickhammond/ansible-logrotate
version: master
name: nickhammond.logrotate
- src: https://github.com/geerlingguy/ansible-role-nodejs
version: 4.2.2
name: geerlingguy.nodejs
- src: https://github.com/ypsman/ansible-aws-cli
version: master
name: ypsman.aws_cli
app_name: stimawesome
maintainer_email: dolan.stephen1@gmail.com
app_domain: stimawesome.com
---
app_name: "stimawesome"
app_domain: "stimawesome.com"
certificate_owner: "dolan.stephen1+stimawesome@gmail.com"
$ANSIBLE_VAULT;1.1;AES256
39663139373031313965323636366330393965333931366430353362373838336536646462633564
6530393839636130613766663134633862346263356461640a376663653662313830626565316437
37336266356439373866363365356665353937393132376663323430646562643835333436373835
3633363331326339630a366561623066653865366366663762663630343764316666363562656639
34643634373063383330373265366633313437393038316135393364333734633061306239383666
38313261303862333539356638336437636638353963316332343866613734353335333734653362
33353635663431623730323637626636353562363534343664376364373532366265376437386265
36643335663234626231646331303461613038303761356633353034386363356234626131616236
38383039353838343135323439613334313766326265616430333264343039326266373563633137
62643234306139613862653863346635306266663432376261353266366461376162316530333035
35333738396162636436383534393432656266616162656334363333363032353336303964653434
36616463633462323337383630333437633137396638646336616663313034386339653838346462
37353266663166393137343462323331663933613638356337383730383264303065373730346563
65323033313137323766396366653061613862306364303738316239666461356663373062306330
66323864383035333339316430396636323566393533336233346439363764633236616232396237
36393138373665343632303534356136363262336261306566313631363138313230653330373632
65366236306236393266633162326437333634373935623832346232636238383665646163313135
37643231343938613364393865376333626632363130376438306562393439356430376630663962
36396137373436326439386362323838623434646238353831663766386464353566663065343663
34323164356130633961643531656338626232643434326237366538666437366662623335616537
64613432336236393732616331373837646538363834303865346162396536353165616366646162
38613063653166363934653133373230306461626134343332306332656236353738316333653330
64333363333962323764353234336130653530613938303563306564373132353630646562393763
64343338303034373463353366376332643835646539323631323831653466616630386665316135
39643865376232336437376361633336653830303262666334393333623064306265346262613466
38346330393836353933366330333532303138653336396139353533363566306235383064336561
39343563633732356466343736383736656332316436623563316363323963363539653266626536
31393639626466353463376137633861613336396438363431623436323765366535613635376266
64623331336232653864623231353039613036623265326163636662633264633066363139653665
34343133373434336534666435613063383530383331353264343163393736366235383634623961
66363663393863633238653536313165303839363162633663363065663237316236663336666133
65646235663065353338376238346439633866666261303164633131626262356238356236346564
33386137613562386532363034626331386630383739643032326166393231363238313236396139
65623862356230313237303939363934663266646431386239363732303737363464623930306135
62363863306466613932346665613132396233316133383731363663613238613364316636623730
37396361333865623938653564303062383030323333303964643934383765333537636439316634
37653466653230336234303935323139333566623035393631633030386166636365303330323434
65623435346437616230613637643037626536383238373362333965396366656632333439656436
32306330646362336462346639613464326435636433316530353133656539393735356564383161
30623264393763353564613330653434303930336132333765323861323765356661323535633664
61356236616336303430633039376137303965653737386132386466353730303839646635386330
31353630616164353437636165373438323835346164343265636633623264653133356333663335
35646364643363356563313935313036303563383637326163393134343866336430373735663038
38343865333232616537313435303531373238366535396363343438353566303637623335633433
64303465663730323465303932643139316234306239363637663934626335336461636465306465
35363137663562616136346564663366663238613437306362323263353439386661663934386462
61616132326235356661333532613862393536643634383064623532353364333135613637666637
35343762393033383838646161333239633161623436653336326234623665303138656132393737
37333765353966313566316130623235636239303863333335396631373166353461
---
# This file sets up all of the hosts that we're using with this application.
all:
hosts:
167.99.150.63:
# Ubuntu 16.04 comes with Python3 by default, which is supported as of Ansible 2.2
stimawesome.com:
# Ubuntu 18.04 comes with Python3 by default, which is supported as of Ansible 2.2
ansible_python_interpreter: /usr/bin/python3
anisble_host: 167.99.150.63
---
- name: 'Install CertBot prerequisites'
become: true
apt:
......@@ -20,7 +22,7 @@
- name: 'Run CertBot'
become: true
command: "certbot --nginx --agree-tos -m {{ maintainer_email }} -d {{ app_domain }} -n"
command: "certbot --nginx --agree-tos -m {{ certificate_owner }} -d {{ app_domain }} -d www.{{ app_domain }} -n"
changed_when: false
- name: 'Restart Nginx'
......@@ -29,3 +31,11 @@
name: nginx
state: restarted
changed_when: false
- name: Autorenew CertBot certificate every week as root user
remote_user: ubuntu
become: true
cron:
name: "SSL Renewal"
special_time: weekly
job: "certbot renew >/dev/null 2>&1"
Subproject commit 22644eba82f06d1da1986c0c0cdf3ee077a58b31
---
- name: Upgrade all existing packages
become: true
apt:
upgrade: safe
- name: Install htop
become: true
apt:
name: 'htop'
state: latest
update_cache: true
- name: Install postfix
become: true
apt:
name: 'postfix'
state: latest
update_cache: true
- name: Install pip3
become: true
apt:
name: 'python3-pip'
state: latest
update_cache: true
Subproject commit 91d570f68c44261d2051a99a2b3c7d736306bf0d
- name: 'Install Memcached and utilities'
become: true
apt:
name: "memcached"
state: latest
update_cache: true
- name: 'Enable Memcached service on boot'
become: true
service:
name: memcached
enabled: true
---
- name: 'Install supporting software'
become: true
apt:
name:
- 'dirmngr'
- 'gnupg'
state: latest
update_cache: true
- name: 'Add key for Nginx'
become: true
apt_key:
......@@ -17,7 +28,7 @@
- name: Add Passenger repository
become: true
apt_repository:
repo: deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main
repo: deb https://oss-binaries.phusionpassenger.com/apt/passenger bionic main
state: present
- name: Install Passenger
......@@ -25,39 +36,37 @@
apt:
name:
- 'nginx-extras'
- 'passenger'
- 'libnginx-mod-http-passenger'
state: latest
update_cache: true
- name: 'Symlink the passenger configuration for NginX'
become: true
file:
src: /usr/share/nginx/modules-available/mod-http-passenger.load
dest: /etc/nginx/modules-enabled/50-mod-http-passenger.conf
state: link
- name: 'Turn on Nginx'
become: true
service:
name: nginx
state: started
- name: 'Turn on Nginx passenger'
become: true
lineinfile:
dest: /etc/nginx/nginx.conf
regexp: '^(\s*)#\s+include \/etc\/nginx\/passenger\.conf;'
line: '\1include /etc/nginx/passenger.conf;'
backrefs: true
register: nginx_config
- name: 'Update Passenger ruby executable path'
become: true
lineinfile:
dest: /etc/nginx/passenger.conf
dest: /etc/nginx/conf.d/mod-http-passenger.conf
regexp: '^passenger_ruby.*'
line: 'passenger_ruby {{ rbenv_root }}/shims/ruby;'
register: passenger_config
- name: 'Restart Nginx'
become: true
changed_when: false
service:
name: nginx
state: restarted
when: passenger_config.changed or nginx_config.changed
# We will always change the config since we're not including the
# CertBot stuff.
......@@ -74,11 +83,16 @@
listen 80;
listen [::]:80 ipv6only=on;
server_name {{ app_domain }};
server_name {{ app_domain }} www.{{ app_domain }};
passenger_enabled on;
rails_env production;