sbounmy/.env.production

## .env.production
KAMAL_REGISTRY_PASSWORD=xxx
RAILS_MASTER_KEY=xxxxxxxxxxxxxxx
POSTGRES_PASSWORD=xxxxxxxxxxxxx
REDIS_PASSWORD=my-redis-password
REDIS_URL=redis://:my-redis-password@n28-redis:6379/1

## deploy.production.yml
# Deploy to these servers.
servers:
  web:
    hosts:
      - 123.123.123.123
    options:
      network: "private"

  job:
    hosts:
      - 123.123.123.123
    # Or something like bin/job
    cmd: bin/bundle exec sidekiq
    # Limit workers resources
    options:
      cpus: 1
      network: "private"
# Inject ENV variables into containers (secrets come from .env).
# Remember to run `kamal env push` after making changes!
env:
  clear:
    DB_HOST: 123.123.123.123
    POSTGRES_DB: xxx_production
    POSTGRES_USER: xxx
    RAILS_LOG_TO_STDOUT: 1
    RAILS_SERVE_STATIC_FILES: 1
  secret:
    - RAILS_MASTER_KEY
    - POSTGRES_PASSWORD
  # Use a different ssh user than root
  # ssh:
  #   user: app

builder:
  dockerfile: production.Dockerfile
accessories:
  db:
    host: 123.123.123.123
    image: postgres:15
    port: 5432
    env:
      clear:
        POSTGRES_DB: xxx_production
        POSTGRES_USER: xxx
      secret:
        - POSTGRES_PASSWORD
    directories:
      - data:/var/lib/postgresql/data
    files:
      #      - config/postgres/production.cnf:/etc/postgresql/my.conf
      - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
      redis:
  image: "redis:7"
    cmd: "/bin/sh -c 'redis-server --requirepass $REDIS_PASSWORD'"
    env:
      secret:
        - REDIS_PASSWORD
    roles:
      - web
      - job
    port: 6379
    volumes:
      - /var/lib/redis:/data
    options:
      network: "private"
traefik:
  options:
    network: "private"
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
  args:
    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"
    entryPoints.web.http.redirections.entryPoint.to: websecure
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true

# Rails file storage
volumes:
  - storage:/rails/storage

## deploy.yml
# Name of your application. Used to uniquely configure containers.
service: n28

# Name of the container image.
image: hackerhouse/n28

# Credentials for your image host.
registry:
  # Specify the registry server, if you're not using Docker Hub
  # server: registry.digitalocean.com / ghcr.io / ...
  username: stephane@xxx.com

  # Always use an access token rather than real password when possible.
  password:
    - KAMAL_REGISTRY_PASSWORD

  # Use a different ssh user than root
  # ssh:
  #   user: app

builder:
  dockerfile: production.Dockerfile

accessories:
  db:
    image: postgres:15
    port: 5432
    env:
      clear:
        POSTGRES_USER: n28
    directories:
      - data:/var/lib/postgresql/data
    files:
      - config/postgres/production.cnf:/etc/postgresql/my.conf
      - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
healthcheck:
  path: /up
  port: 3000
  max_attempts: 10
  interval: 3s
  log_lines: 10_000

## docker-entrypoint
# in ./rails/bin/docker-entrypoint
#!/bin/bash -e

# If running the rails server then create or migrate existing database
if [ "${1}" == "./bin/rails" ] && [ "${2}" == "server" ]; then
  ./bin/rails db:prepare
fi

exec "${@}"

## production.Dockerfile
# syntax = docker/dockerfile:1

# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
ARG RUBY_VERSION=3.2.2
FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base

# Rails app lives here
WORKDIR /rails

# Set production environment
ENV RAILS_ENV="production" \
    BUNDLE_DEPLOYMENT="1" \
    BUNDLE_PATH="/usr/local/bundle" \
    BUNDLE_WITHOUT="development"


# Throw-away build stage to reduce size of final image
FROM base as build

# Install packages needed to build gems
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y build-essential git libvips pkg-config libpq-dev

# Install application gems
COPY Gemfile Gemfile.lock ./
RUN bundle install && \
    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
    bundle exec bootsnap precompile --gemfile

# Copy application code
COPY . .

# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/

# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile


# Final stage for app image
FROM base

# Install packages needed for deployment
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y curl postgresql-client libvips && \
    rm -rf /var/lib/apt/lists /var/cache/apt/archives

# Copy built artifacts: gems, application
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build /rails /rails

# Run and own only the runtime files as a non-root user for security
RUN useradd rails --create-home --shell /bin/bash && \
    chown -R rails:rails db log storage tmp
USER rails:rails

# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]

# Start the server by default, this can be overwritten at runtime
EXPOSE 3000
CMD ["./bin/rails", "server"]

## production.sql
CREATE DATABASE xxx_production;
	KAMAL_REGISTRY_PASSWORD=xxx
	RAILS_MASTER_KEY=xxxxxxxxxxxxxxx
	POSTGRES_PASSWORD=xxxxxxxxxxxxx
	REDIS_PASSWORD=my-redis-password
	REDIS_URL=redis://:my-redis-password@n28-redis:6379/1
	# Deploy to these servers.
	servers:
	web:
	hosts:
	- 123.123.123.123
	options:
	network: "private"

	job:
	hosts:
	- 123.123.123.123
	# Or something like bin/job
	cmd: bin/bundle exec sidekiq
	# Limit workers resources
	options:
	cpus: 1
	network: "private"
	# Inject ENV variables into containers (secrets come from .env).
	# Remember to run `kamal env push` after making changes!
	env:
	clear:
	DB_HOST: 123.123.123.123
	POSTGRES_DB: xxx_production
	POSTGRES_USER: xxx
	RAILS_LOG_TO_STDOUT: 1
	RAILS_SERVE_STATIC_FILES: 1
	secret:
	- RAILS_MASTER_KEY
	- POSTGRES_PASSWORD
	# Use a different ssh user than root
	# ssh:
	# user: app

	builder:
	dockerfile: production.Dockerfile
	accessories:
	db:
	host: 123.123.123.123
	image: postgres:15
	port: 5432
	env:
	clear:
	POSTGRES_DB: xxx_production
	POSTGRES_USER: xxx
	secret:
	- POSTGRES_PASSWORD
	directories:
	- data:/var/lib/postgresql/data
	files:
	# - config/postgres/production.cnf:/etc/postgresql/my.conf
	- db/production.sql:/docker-entrypoint-initdb.d/setup.sql
	redis:
	image: "redis:7"
	cmd: "/bin/sh -c 'redis-server --requirepass $REDIS_PASSWORD'"
	env:
	secret:
	- REDIS_PASSWORD
	roles:
	- web
	- job
	port: 6379
	volumes:
	- /var/lib/redis:/data
	options:
	network: "private"
	traefik:
	options:
	network: "private"
	publish:
	- "443:443"
	volume:
	- "/letsencrypt/acme.json:/letsencrypt/acme.json"
	args:
	entryPoints.web.address: ":80"
	entryPoints.websecure.address: ":443"
	entryPoints.web.http.redirections.entryPoint.to: websecure
	entryPoints.web.http.redirections.entryPoint.scheme: https
	entryPoints.web.http.redirections.entrypoint.permanent: true

	# Rails file storage
	volumes:
	- storage:/rails/storage
	# Name of your application. Used to uniquely configure containers.
	service: n28

	# Name of the container image.
	image: hackerhouse/n28

	# Credentials for your image host.
	registry:
	# Specify the registry server, if you're not using Docker Hub
	# server: registry.digitalocean.com / ghcr.io / ...
	username: stephane@xxx.com

	# Always use an access token rather than real password when possible.
	password:
	- KAMAL_REGISTRY_PASSWORD

	# Use a different ssh user than root
	# ssh:
	# user: app

	builder:
	dockerfile: production.Dockerfile

	accessories:
	db:
	image: postgres:15
	port: 5432
	env:
	clear:
	POSTGRES_USER: n28
	directories:
	- data:/var/lib/postgresql/data
	files:
	- config/postgres/production.cnf:/etc/postgresql/my.conf
	- db/production.sql:/docker-entrypoint-initdb.d/setup.sql
	healthcheck:
	path: /up
	port: 3000
	max_attempts: 10
	interval: 3s
	log_lines: 10_000
	# in ./rails/bin/docker-entrypoint
	#!/bin/bash -e

	# If running the rails server then create or migrate existing database
	if [ "${1}" == "./bin/rails" ] && [ "${2}" == "server" ]; then
	./bin/rails db:prepare
	fi

	exec "${@}"
	# syntax = docker/dockerfile:1

	# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
	ARG RUBY_VERSION=3.2.2
	FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base

	# Rails app lives here
	WORKDIR /rails

	# Set production environment
	ENV RAILS_ENV="production" \
	BUNDLE_DEPLOYMENT="1" \
	BUNDLE_PATH="/usr/local/bundle" \
	BUNDLE_WITHOUT="development"


	# Throw-away build stage to reduce size of final image
	FROM base as build

	# Install packages needed to build gems
	RUN apt-get update -qq && \
	apt-get install --no-install-recommends -y build-essential git libvips pkg-config libpq-dev

	# Install application gems
	COPY Gemfile Gemfile.lock ./
	RUN bundle install && \
	rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby//cache "${BUNDLE_PATH}"/ruby//bundler/gems/*/.git && \
	bundle exec bootsnap precompile --gemfile

	# Copy application code
	COPY . .

	# Precompile bootsnap code for faster boot times
	RUN bundle exec bootsnap precompile app/ lib/

	# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
	RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile


	# Final stage for app image
	FROM base

	# Install packages needed for deployment
	RUN apt-get update -qq && \
	apt-get install --no-install-recommends -y curl postgresql-client libvips && \
	rm -rf /var/lib/apt/lists /var/cache/apt/archives

	# Copy built artifacts: gems, application
	COPY --from=build /usr/local/bundle /usr/local/bundle
	COPY --from=build /rails /rails

	# Run and own only the runtime files as a non-root user for security
	RUN useradd rails --create-home --shell /bin/bash && \
	chown -R rails:rails db log storage tmp
	USER rails:rails

	# Entrypoint prepares the database.
	ENTRYPOINT ["/rails/bin/docker-entrypoint"]

	# Start the server by default, this can be overwritten at runtime
	EXPOSE 3000
	CMD ["./bin/rails", "server"]