From 308f1b33bcbdddb56445df56e72e4240421e7087 Mon Sep 17 00:00:00 2001
From: Mitchell Henke <mitchell.henke@gsa.gov>
Date: Wed, 17 Jan 2024 10:51:25 -0600
Subject: [PATCH 1/3] Refactor review app dockerfile to improve cachability

changelog: Internal, Containerization, Refactor review app dockerfile to improve cachability
---
 dockerfiles/idp_review_app.Dockerfile | 50 ++++++++++-----------------
 1 file changed, 18 insertions(+), 32 deletions(-)

diff --git a/dockerfiles/idp_review_app.Dockerfile b/dockerfiles/idp_review_app.Dockerfile
index 839115cc1d1..dd3bea62960 100644
--- a/dockerfiles/idp_review_app.Dockerfile
+++ b/dockerfiles/idp_review_app.Dockerfile
@@ -1,12 +1,6 @@
 FROM ruby:3.3.0-slim
 
 # Set environment variables
-ARG ARG_CI_ENVIRONMENT_SLUG="placeholder"
-ARG ARG_CI_COMMIT_BRANCH="branch_placeholder"
-ARG ARG_CI_COMMIT_SHA="sha_placeholder"
-ENV CI_ENVIRONMENT_SLUG=${ARG_CI_ENVIRONMENT_SLUG}
-ENV CI_COMMIT_BRANCH=${ARG_CI_COMMIT_BRANCH}
-ENV CI_COMMIT_SHA=${ARG_CI_COMMIT_SHA}
 ENV RAILS_ROOT /app
 ENV RAILS_ENV production
 ENV NODE_ENV production
@@ -36,29 +30,6 @@ ENV DOMAIN_NAME localhost:3000
 ENV PIV_CAC_SERVICE_URL https://localhost:8443/
 ENV PIV_CAC_VERIFY_TOKEN_URL https://localhost:8443/
 
-RUN echo Env Value : $CI_ENVIRONMENT_SLUG
-
-# Prevent documentation installation
-RUN echo 'path-exclude=/usr/share/doc/*' > /etc/dpkg/dpkg.cfg.d/00_nodoc && \
-    echo 'path-exclude=/usr/share/man/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \
-    echo 'path-exclude=/usr/share/groff/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \
-    echo 'path-exclude=/usr/share/info/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \
-    echo 'path-exclude=/usr/share/lintian/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc && \
-    echo 'path-exclude=/usr/share/linda/*' >> /etc/dpkg/dpkg.cfg.d/00_nodoc
-
-# Create a new user and set up the working directory
-RUN addgroup --gid 1000 app && \
-    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \
-    mkdir -p $RAILS_ROOT && \
-    mkdir -p $BUNDLE_PATH && \
-    mkdir -p $RAILS_ROOT/tmp/pids && \
-    chown -R app:app $RAILS_ROOT && \
-    chown -R app:app $BUNDLE_PATH
-
-# Setup timezone data
-ENV TZ=Etc/UTC
-RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
-
 # Install dependencies
 RUN apt-get update && \
     apt-get install -y \
@@ -90,6 +61,19 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /usr
 RUN echo "deb [signed-by=/usr/share/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
 RUN apt-get update && apt-get install -y yarn=1.22.5-1
 
+# Create a new user and set up the working directory
+RUN addgroup --gid 1000 app && \
+    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" app && \
+    mkdir -p $RAILS_ROOT && \
+    mkdir -p $BUNDLE_PATH && \
+    mkdir -p $RAILS_ROOT/tmp/pids && \
+    chown -R app:app $RAILS_ROOT && \
+    chown -R app:app $BUNDLE_PATH
+
+# Setup timezone data
+ENV TZ=Etc/UTC
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
 # Create the working directory
 WORKDIR $RAILS_ROOT
 
@@ -128,9 +112,6 @@ COPY --chown=app:app ./babel.config.js ./babel.config.js
 COPY --chown=app:app ./webpack.config.js ./webpack.config.js
 COPY --chown=app:app ./.browserslistrc ./.browserslistrc
 
-RUN mkdir -p $RAILS_ROOT/public/api/
-RUN echo "{\"branch\":\"$CI_COMMIT_BRANCH\",\"git_sha\":\"$CI_COMMIT_SHA\"}" > $RAILS_ROOT/public/api/deploy.json
-
 # Copy keys
 COPY --chown=app:app keys.example $RAILS_ROOT/keys
 
@@ -164,6 +145,11 @@ COPY --chown=app:app config/partner_accounts.localdev.yml $RAILS_ROOT/config/par
 COPY --chown=app:app certs.example $RAILS_ROOT/certs
 COPY --chown=app:app config/service_providers.localdev.yml $RAILS_ROOT/config/service_providers.yml
 
+ARG ARG_CI_COMMIT_BRANCH="branch_placeholder"
+ARG ARG_CI_COMMIT_SHA="sha_placeholder"
+RUN mkdir -p $RAILS_ROOT/public/api/
+RUN echo "{\"branch\":\"$ARG_CI_COMMIT_BRANCH\",\"git_sha\":\"$ARG_CI_COMMIT_SHA\"}" > $RAILS_ROOT/public/api/deploy.json
+
 # Expose the port the app runs on
 EXPOSE 3000
 

From 0c8c50681f2f1cf2ecc5874ccbcaaefbeee74f1a Mon Sep 17 00:00:00 2001
From: Mitchell Henke <mitchell.henke@gsa.gov>
Date: Wed, 17 Jan 2024 16:15:30 -0600
Subject: [PATCH 2/3] move SSL certificate down

---
 dockerfiles/idp_review_app.Dockerfile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/dockerfiles/idp_review_app.Dockerfile b/dockerfiles/idp_review_app.Dockerfile
index dd3bea62960..d33a39cb8d9 100644
--- a/dockerfiles/idp_review_app.Dockerfile
+++ b/dockerfiles/idp_review_app.Dockerfile
@@ -124,12 +124,6 @@ COPY --chown=app:app public/ban-robots.txt $RAILS_ROOT/public/robots.txt
 # Copy application.yml.default to application.yml
 COPY --chown=app:app ./config/application.yml.default.docker $RAILS_ROOT/config/application.yml
 
-# Generate and place SSL certificates for puma
-RUN openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1825 \
-    -keyout $RAILS_ROOT/keys/localhost.key \
-    -out $RAILS_ROOT/keys/localhost.crt \
-    -subj "/C=US/ST=Fake/L=Fakerton/O=Dis/CN=localhost"
-
 # Precompile assets
 RUN bundle exec rake assets:precompile --trace
 
@@ -150,6 +144,12 @@ ARG ARG_CI_COMMIT_SHA="sha_placeholder"
 RUN mkdir -p $RAILS_ROOT/public/api/
 RUN echo "{\"branch\":\"$ARG_CI_COMMIT_BRANCH\",\"git_sha\":\"$ARG_CI_COMMIT_SHA\"}" > $RAILS_ROOT/public/api/deploy.json
 
+# Generate and place SSL certificates for puma
+RUN openssl req -x509 -sha256 -nodes -newkey rsa:2048 -days 1825 \
+    -keyout $RAILS_ROOT/keys/localhost.key \
+    -out $RAILS_ROOT/keys/localhost.crt \
+    -subj "/C=US/ST=Fake/L=Fakerton/O=Dis/CN=localhost"
+
 # Expose the port the app runs on
 EXPOSE 3000
 

From b67089d42436277f745b39605320ac44eaa73cbe Mon Sep 17 00:00:00 2001
From: Mitchell Henke <mitchell.henke@gsa.gov>
Date: Wed, 17 Jan 2024 16:25:20 -0600
Subject: [PATCH 3/3] move stuff around

---
 dockerfiles/idp_review_app.Dockerfile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dockerfiles/idp_review_app.Dockerfile b/dockerfiles/idp_review_app.Dockerfile
index d33a39cb8d9..01c5d97bb91 100644
--- a/dockerfiles/idp_review_app.Dockerfile
+++ b/dockerfiles/idp_review_app.Dockerfile
@@ -124,9 +124,6 @@ COPY --chown=app:app public/ban-robots.txt $RAILS_ROOT/public/robots.txt
 # Copy application.yml.default to application.yml
 COPY --chown=app:app ./config/application.yml.default.docker $RAILS_ROOT/config/application.yml
 
-# Precompile assets
-RUN bundle exec rake assets:precompile --trace
-
 # Setup config files
 COPY --chown=app:app config/agencies.localdev.yml $RAILS_ROOT/config/agencies.yml
 COPY --chown=app:app config/iaa_gtcs.localdev.yml $RAILS_ROOT/config/iaa_gtcs.yml
@@ -139,6 +136,9 @@ COPY --chown=app:app config/partner_accounts.localdev.yml $RAILS_ROOT/config/par
 COPY --chown=app:app certs.example $RAILS_ROOT/certs
 COPY --chown=app:app config/service_providers.localdev.yml $RAILS_ROOT/config/service_providers.yml
 
+# Precompile assets
+RUN bundle exec rake assets:precompile --trace
+
 ARG ARG_CI_COMMIT_BRANCH="branch_placeholder"
 ARG ARG_CI_COMMIT_SHA="sha_placeholder"
 RUN mkdir -p $RAILS_ROOT/public/api/