Add Docker and CI Support (#4461)

* Add Docker, Docker Compose, and GitHub Actions CI support

- Added a production-ready `Dockerfile` based on Ruby 3.3.8-bullseye.
- Added `entrypoint.sh` to handle Rails server PID cleanup.
- Added `.dockerignore` to optimize build context.
- Added `docker-compose.yml` for local orchestration of Rails, PostgreSQL 17, and Elasticsearch 7.4.0.
- Added GitHub Actions workflow in `.github/workflows/docker-build-push.yml` to build and push the image to GHCR on pushes to the `dev` branch.

Co-authored-by: CloCkWeRX <365751+CloCkWeRX@users.noreply.github.com>

* Swap to 3.4.8

* Node 22

* Apply suggestion from @CloCkWeRX

---------

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

.dockerignore

@@ -0,0 +1,31 @@
+.git
+.github
+.devcontainer
+log/*
+tmp/*
+!tmp/keep
+node_modules
+public/assets
+.env
+.ruby-version
+.ruby-gemset
+.editorconfig
+.esignore
+.eslintrc.json
+.haml-lint.yml
+.overcommit.yml
+.rspec
+.rubocop.yml
+.rubocop_todo.yml
+.scss-lint.yml
+.travis.yml
+.yamllint
+CODE_OF_CONDUCT.md
+CONTRIBUTING.md
+CONTRIBUTORS.md
+LICENSE.txt
+README.md
+TECH.md
+docker-compose.yml
+Dockerfile
+.dockerignore

.github/workflows/docker-build-push.yml

@@ -0,0 +1,43 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches:
+      - mainline
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -0,0 +1,52 @@
+FROM ruby:3.4.8-trixie
+
+# Install system dependencies
+RUN apt-get update -qq && \
+    apt-get install -y --no-install-recommends \
+    build-essential \
+    libpq-dev \
+    git \
+    curl \
+    gnupg2 \
+    shared-mime-info \
+    libvips \
+    && curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y --no-install-recommends nodejs \
+    && npm install -g yarn \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set production environment
+ENV RAILS_ENV=production \
+    BUNDLE_WITHOUT="development test" \
+    RAILS_SERVE_STATIC_FILES=true \
+    RAILS_LOG_TO_STDOUT=true
+
+WORKDIR /app
+
+# Install gems
+COPY Gemfile Gemfile.lock ./
+RUN bundle config set --local deployment 'true' && \
+    bundle config set --local without 'development test' && \
+    bundle install --jobs 4 --retry 3
+
+# Install JavaScript dependencies
+COPY package.json yarn.lock ./
+RUN yarn install --check-files
+
+# Copy the application code
+COPY . .
+
+# Precompile assets
+# Secret key base is needed for asset compilation but doesn't need to be the real one
+RUN RAILS_ENV=production SECRET_KEY_BASE_DUMMY=1 bundle exec rake assets:precompile
+
+# Add a script to be executed every time the container starts.
+COPY entrypoint.sh /usr/bin/
+RUN chmod +x /usr/bin/entrypoint.sh
+ENTRYPOINT ["entrypoint.sh"]
+
+EXPOSE 3000
+
+# Start the main process.
+CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

docker-compose.yml

@@ -0,0 +1,76 @@
+version: '3.8'
+
+services:
+  web:
+    build: .
+    ports:
+      - "3000:3000"
+    depends_on:
+      db:
+        condition: service_healthy
+      elasticsearch:
+        condition: service_healthy
+    environment:
+      DATABASE_URL: postgresql://postgres:postgres@db:5432/growstuff_prod
+      ELASTICSEARCH_URL: http://elasticsearch:9200/
+      RAILS_ENV: production
+      RAILS_LOG_TO_STDOUT: "true"
+      RAILS_SERVE_STATIC_FILES: "true"
+      APP_DOMAIN_NAME: localhost:3000
+      APP_PROTOCOL: http
+      DEVISE_SECRET_KEY: secret
+      GROWSTUFF_EMAIL: "noreply@test.growstuff.org"
+      GROWSTUFF_FLICKR_KEY: secretkey
+      GROWSTUFF_FLICKR_SECRET: secretsecret
+      GROWSTUFF_SITE_NAME: "Growstuff (local)"
+      RAILS_SECRET_TOKEN: supersecret
+      SECRET_KEY_BASE: supersecretbase
+
+  db:
+    image: postgres:17
+    restart: unless-stopped
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+      - .devcontainer/create-db-user.sql:/docker-entrypoint-initdb.d/create-db-user.sql
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: growstuff_prod
+      POSTGRES_PASSWORD: postgres
+    ports:
+      - "5432:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  elasticsearch:
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.4.0
+    container_name: elasticsearch
+    restart: unless-stopped
+    environment:
+      - xpack.security.enabled=false
+      - discovery.type=single-node
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    cap_add:
+      - IPC_LOCK
+    healthcheck:
+      test: ["CMD-SHELL", "curl -f http://localhost:9200 | grep tagline"]
+      interval: 10s
+      timeout: 10s
+      retries: 120
+    volumes:
+      - esdata01:/usr/share/elasticsearch/data
+    ports:
+      - 9200:9200
+      - 9300:9300
+
+volumes:
+  postgres-data:
+  esdata01:

entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+# Remove a potentially pre-existing server.pid for Rails.
+rm -f /app/tmp/pids/server.pid
+
+# Then exec the container's main process (what's set as CMD in the Dockerfile).
+exec "$@"