refactor: remove RAILS_MASTER_KEY from CI & upgrade to rails 7.1 (#890)

* refactor: remove RAILS_MASTER_KEY from ci * fix(ci): update indentation * test: precompile assets on test too * fix(ci): update indentation * chore: bundle update bullet * fix: comment bundle config * revert: test: precompile assets on test too * fix: revert env changes in continuous-integration.yml * fix: indentation * fix: indentation * fix: readd POSTGRES_HOST * fix: pass RAILS_MASTER_KEY to ci step * chore: trigger build * chore: fix lint * chore: remove unnecessary secret mount * remove spaces continuous-integration.yml * Update continuous-integration.yml * Update continuous-integration.yml * Fix? * Update continuous-integration.yml * updated gemfile * edited ablication.rb * Remove depraction error --------- Co-authored-by: lodewiges <[email protected]> Co-authored-by: Jorai Geertsema <[email protected]>
csvalpha · Jan 9, 2025 · 1f7f4db · 1f7f4db
1 parent 2e0b523
commit 1f7f4db
Show file tree

Hide file tree

Showing 9 changed files with 136 additions and 99 deletions.
diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml
@@ -135,7 +135,6 @@ jobs:
     with:
       sha: ${{ needs.merge.outputs.sha }}
     secrets:
-      rails_master_key: ${{ secrets.RAILS_MASTER_KEY }}
       sentry_auth_token: ${{ secrets.SENTRY_AUTH_TOKEN }}
 
   deploy:

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
@@ -76,14 +76,20 @@ jobs:
           name: app
 
       - name: Lint
-        env:
-          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         run: |
           EXIT_STATUS=0
-          ./actionlint -ignore 'SC2153:'  -ignore 'property "sha" is not defined in object type {}' || \
-            EXIT_STATUS=$?
-          docker run -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_HOST=localhost -e \
-            RAILS_MASTER_KEY --network=host app bin/ci.sh lint || EXIT_STATUS=$?
+          ./actionlint \
+          -ignore 'property "gh_app_private_key" is not defined' \
+          -ignore 'SC2153:' \
+          -ignore 'property "sha" is not defined in object type {}' || \
+          EXIT_STATUS=$?
+          docker run \
+          -e POSTGRES_USER=postgres \
+          -e POSTGRES_PASSWORD=postgres \
+          -e POSTGRES_HOST=localhost \
+          --network=host \
+          app bin/ci.sh lint || \
+          EXIT_STATUS=$?
           exit $EXIT_STATUS
 
   test:
@@ -123,8 +129,15 @@ jobs:
           RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
         run: |
           mkdir coverage
-          docker run -e POSTGRES_USER=postgres -e POSTGRES_PASSWORD=postgres -e POSTGRES_HOST=localhost -e \
-            RAILS_MASTER_KEY --network=host -v "$(pwd)"'/coverage:/app/coverage' app bin/ci.sh spec
+          docker run \
+            -e RAILS_MASTER_KEY \
+            -e POSTGRES_USER=postgres \
+            -e POSTGRES_PASSWORD=postgres \
+            -e POSTGRES_HOST=localhost \
+            --network=host \
+            -v "$(pwd)"'/coverage:/app/coverage' \
+             app bin/ci.sh spec
+
 
       - name: Upload coverage report to Codecov
         if: ${{ !cancelled() }}

diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml
@@ -10,9 +10,6 @@ on:
         required: false
         type: string
     secrets:
-      rails_master_key:
-        description: The Rails master key
-        required: true
       sentry_auth_token:
         description: The Sentry integration's token
         required: true
@@ -73,8 +70,6 @@ jobs:
           push: true
           context: .
           build-args: ${{ needs.metadata.outputs.build_args }}
-          secrets: |
-            rails_master_key=${{ secrets.RAILS_MASTER_KEY }}
           cache-from: type=gha,scope=main
           cache-to: type=gha,scope=main
           tags: |

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -4,7 +4,7 @@ require:
   - rubocop-performance
 
 AllCops:
-  TargetRailsVersion: 7.0
+  TargetRailsVersion: 7.1
   TargetRubyVersion: 3.2
   Exclude:
     - 'bin/**/*'

diff --git a/Dockerfile b/Dockerfile
@@ -24,7 +24,6 @@ ARG BUILD_HASH='unknown'
 ENV BUILD_HASH=$BUILD_HASH
 ARG RAILS_ENV='production'
 ARG NODE_ENV='production'
-ARG RAILS_MASTER_KEY
 
 # Pre-install gems, so that they can be cached.
 COPY Gemfile* /app/
@@ -43,10 +42,8 @@ RUN yarn install --immutable
 COPY . /app/
 
 # Precompile assets after copying app because whole Rails pipeline is needed.
-RUN --mount=type=secret,id=rails_master_key \
-  if [ "$RAILS_ENV" = 'production' ] || [ "$RAILS_ENV" = 'staging' ] || [ "$RAILS_ENV" = 'luxproduction' ]; then \
-    # Use secret if RAILS_MASTER_KEY build arg is not set.
-    RAILS_MASTER_KEY="${RAILS_MASTER_KEY:-$(cat /run/secrets/rails_master_key)}" bundle exec rails assets:precompile; \
+RUN if [ "$RAILS_ENV" = 'production' ] || [ "$RAILS_ENV" = 'staging' ] || [ "$RAILS_ENV" = 'luxproduction' ]; then \
+    SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile; \
   else \
     echo "Skipping assets:precompile"; \
   fi

diff --git a/Gemfile b/Gemfile
@@ -12,7 +12,6 @@ gem 'http', '~> 5.2.0'
 gem 'jbuilder', '~> 2.13.0'
 gem 'jquery-rails', '~> 4.6.0'
 gem 'kaminari', '~> 1.2.2'
-gem 'mini_racer', '~> 0.16.0'
 gem 'mollie-api-ruby', '~> 4.15.0'
 gem 'net-imap', require: false
 gem 'net-pop', require: false
@@ -26,7 +25,7 @@ gem 'pg', '~> 1.5.9'
 gem 'puma', '~> 6.5.0'
 gem 'pundit', '~> 2.4.0'
 gem 'rack-attack', '~> 6.7.0'
-gem 'rails', '~> 7.0.4', '>= 7.0.4.3'
+gem 'rails', '~> 7.1.0'
 gem 'rails-i18n', '~> 7.0.10'
 gem 'redis-rails', '~> 5.0.2'
 gem 'rest-client', '~> 2.1.0'