app-rails: Add based on template-application-rails (#148)

Add application based on `template-application-rails`, following its guide[1]. This required some edits of infra configuration, callouts: - Ignore HTTPS errors in E2E tests (due to PR Environments) - Support for `curl` in container healthchecks - Support for non-read-only container filesystems [1] https://github.com/navapbc/template-application-rails/tree/881cc71e062e5e7c44b55d28946a84ce13123d9d/template-only-docs/Deployment.md Resolves navapbc/template-infra#762
navapbc · Jan 22, 2025 · 6274c14 · 6274c14
1 parent 0d5f7fd
commit 6274c14
Show file tree

Hide file tree

Showing 233 changed files with 9,331 additions and 3 deletions.
diff --git a/.github/workflows/cd-app-rails.yml b/.github/workflows/cd-app-rails.yml
@@ -0,0 +1,37 @@
+name: Deploy app-rails
+# Need to set a default value for when the workflow is triggered from a git push
+# which bypasses the default configuration for inputs
+run-name: Deploy ${{inputs.version || 'main' }} to app-rails ${{ inputs.environment || 'dev' }}
+
+on:
+  push:
+    branches:
+      - "main"
+    paths:
+      - "app-rails/**"
+      - "bin/**"
+      - "infra/**"
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        required: true
+        default: "dev"
+        type: choice
+        options:
+          - dev
+          - staging
+          - prod
+      version:
+        required: true
+        default: "main"
+        description: Tag or branch or SHA to deploy
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: ./.github/workflows/deploy.yml
+    with:
+      app_name: "app-rails"
+      environment: ${{ inputs.environment || 'dev' }}
+      version: ${{ inputs.version || 'main' }}
diff --git a/.github/workflows/ci-app-rails-infra-service.yml b/.github/workflows/ci-app-rails-infra-service.yml
@@ -0,0 +1,47 @@
+name: CI Infra Service Checks - app-rails
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - infra/app-rails/service/**
+      - infra/modules/**
+      - infra/test/**
+      - .github/workflows/ci-app-rails-infra-service.yml
+  pull_request:
+    paths:
+      - infra/app-rails/service/**
+      - infra/modules/**
+      - infra/test/**
+      - .github/workflows/ci-app-rails-infra-service.yml
+  workflow_dispatch:
+
+jobs:
+  infra-test-e2e:
+    name: Test service
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: ./.github/actions/setup-terraform
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ">=1.19.0"
+
+      - name: Configure AWS credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          app_name: app-rails
+          # Run infra CI on dev environment
+          environment: dev
+
+      - name: Run Terratest
+        run: make infra-test-service APP_NAME=app-rails
diff --git a/.github/workflows/ci-app-rails-pr-environment-checks.yml b/.github/workflows/ci-app-rails-pr-environment-checks.yml
@@ -0,0 +1,22 @@
+name: CI app-rails PR Environment Checks
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+      commit_hash:
+        required: true
+        type: string
+  pull_request:
+
+jobs:
+  update:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/pr-environment-checks.yml
+    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.state == 'open'
+    with:
+      app_name: "app-rails"
+      environment: "dev"
+      pr_number: ${{ inputs.pr_number || github.event.number }}
+      commit_hash: ${{ inputs.commit_hash || github.event.pull_request.head.sha }}
diff --git a/.github/workflows/ci-app-rails-pr-environment-destroy.yml b/.github/workflows/ci-app-rails-pr-environment-destroy.yml
@@ -0,0 +1,18 @@
+name: CI app-rails PR Environment Destroy
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+  pull_request_target:
+    types: [closed]
+
+jobs:
+  destroy:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/pr-environment-destroy.yml
+    with:
+      app_name: "app-rails"
+      environment: "dev"
+      pr_number: ${{ inputs.pr_number || github.event.number }}
diff --git a/.github/workflows/ci-app-rails-vulnerability-scans.yml b/.github/workflows/ci-app-rails-vulnerability-scans.yml
@@ -0,0 +1,28 @@
+name: CI Vulnerability Scans - app-rails
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - app-rails/**
+      - .grype.yml
+      - .hadolint.yaml
+      - .trivyignore
+      - .github/workflows/vulnerability-scans.yml
+      - .github/workflows/ci-app-rails-vulnerability-scans.yml
+  pull_request:
+    paths:
+      - app-rails/**
+      - .grype.yml
+      - .hadolint.yaml
+      - .trivyignore
+      - .github/workflows/vulnerability-scans.yml
+      - .github/workflows/ci-app-rails-vulnerability-scans.yml
+
+jobs:
+  vulnerability-scans:
+    name: Vulnerability Scans
+    uses: ./.github/workflows/vulnerability-scans.yml
+    with:
+      app_name: "app-rails"
diff --git a/.github/workflows/ci-app-rails.yml b/.github/workflows/ci-app-rails.yml
@@ -0,0 +1,47 @@
+name: CI app-rails
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - app-rails/**
+      - .github/workflows/ci-app-rails.yml
+  pull_request:
+    paths:
+      - app-rails/**
+      - .github/workflows/ci-app-rails.yml
+
+defaults:
+  run:
+    working-directory: ./app-rails
+
+jobs:
+  # As an enhancement, it is possible to share the built docker image and share
+  # it across jobs as described in:
+  # https://docs.github.com/en/actions/using-workflows/storing-workflow-data-as-artifacts#passing-data-between-jobs-in-a-workflow
+  lint:
+    name: Lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      # https://github.com/docker/compose/issues/1973
+      - name: Create required env files
+        working-directory: ./
+        run: |
+          touch ./app-rails/.env
+
+      - run: make lint-ci
+
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: make init-container
+      - run: make precompile-assets
+
+      - name: Start tests
+        run: make test
diff --git a/.template-application-rails/app-rails.yml b/.template-application-rails/app-rails.yml
@@ -0,0 +1,5 @@
+# Changes here will be overwritten by Copier
+_commit: v0.3.0-1-g881cc71
+_src_path: gh:navapbc/template-application-rails
+app_local_port: 3100
+app_name: app-rails
diff --git a/.template-infra/app-app-rails.yml b/.template-infra/app-app-rails.yml
@@ -0,0 +1,7 @@
+# Changes here will be overwritten by Copier
+_commit: v0.15.1-9-g6f071d0
+_src_path: https://github.com/navapbc/template-infra
+app_has_dev_env_setup: true
+app_local_port: 3100
+app_name: app-rails
+template: app
diff --git a/app-rails/.dockerignore b/app-rails/.dockerignore
@@ -0,0 +1,37 @@
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
+
+# Ignore git directory.
+/.git/
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore all environment files (except templates).
+/.env*
+!/.env*.erb
+
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/.keep
+
+# Ignore assets.
+/node_modules/
+/app/assets/builds/*
+!/app/assets/builds/.keep
+/public/assets
diff --git a/app-rails/.gitattributes b/app-rails/.gitattributes
@@ -0,0 +1,9 @@
+# See https://git-scm.com/docs/gitattributes for more about git attribute files.
+
+# Mark the database schema as having been generated.
+db/schema.rb linguist-generated
+
+# Mark any vendored files as having been vendored.
+vendor/* linguist-vendored
+config/credentials/*.yml.enc diff=rails_credentials
+config/credentials.yml.enc diff=rails_credentials
diff --git a/app-rails/.gitignore b/app-rails/.gitignore
@@ -0,0 +1,54 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+
+# Ignore bundler config.
+/.bundle
+
+# Ignore installed gems.
+/vendor/bundle/*
+!/vendor/bundle/.keep
+
+# Ignore all environment files (except templates).
+/.env*
+/*.env*
+!/.env*.erb
+!/*.env*.example
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/
+!/tmp/storage/.keep
+
+/public/assets
+
+# Ignore master key for decrypting credentials and more.
+/config/master.key
+/config/credentials/*
+
+# Ignore development log.
+/log/development.log
+
+/app/assets/builds/*
+!/app/assets/builds/.keep
+
+/node_modules/*
+!/node_modules/.keep
+
+# Testing
+coverage/*
diff --git a/app-rails/.rspec b/app-rails/.rspec
@@ -0,0 +1 @@
+--require spec_helper
diff --git a/app-rails/.rubocop.yml b/app-rails/.rubocop.yml
@@ -0,0 +1,8 @@
+require:
+  - rubocop-rspec
+inherit_gem:
+  pundit: config/rubocop-rspec.yml
+  rubocop-rails-omakase: rubocop.yml
+AllCops:
+  TargetRubyVersion: 3.3.1
+
diff --git a/app-rails/.ruby-version b/app-rails/.ruby-version
@@ -0,0 +1 @@
+3.3.1