Create a rockfile to replace the current Dockerfile

.github/workflows/integration_test_with_secrets.yaml

@@ -4,40 +4,15 @@ on:
   pull_request:
 
 jobs:
-  integration-test-with-secrets:
-    runs-on: ubuntu-latest
-    name: Integration Tests (require secrets)
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup operator environment
-        uses: charmed-kubernetes/actions-operator@main
-        with:
-          provider: microk8s
-
-      - name: Enable microk8s plugins
-        run: |
-          sudo microk8s enable hostpath-storage ingress registry
-          sudo microk8s kubectl -n kube-system rollout status -w deployment/hostpath-provisioner
-          sudo microk8s kubectl -n ingress rollout status -w daemonset.apps/nginx-ingress-microk8s-controller
-          sudo microk8s kubectl -n container-registry rollout status -w deployment/registry
-
-      - name: Install tox
-        run: python3 -m pip install tox
-
-      - name: Config iptables
-        run: |
-          sudo iptables -I DOCKER-USER  -j ACCEPT
-
-      - name: Build docker image
-        run: |
-          docker build -f discourse.Dockerfile -t localhost:32000/discourse:test .
-          docker push localhost:32000/discourse:test
-
-      - name: Run integration tests
-        run: |
-          tox -e integration -- \
-          -m requires_secrets \
-          --saml-email ${{ secrets.TEST_SAML_EMAIL }} \
-          --saml-password ${{ secrets.TEST_SAML_PASSWORD }} \
-          --discourse-image=localhost:32000/discourse:test
+  integration-tests-with-secrets:
+    uses: canonical/operator-workflows/.github/workflows/integration_test.yaml@main
+    secrets: inherit
+    with:
+      chaos-app-label: app.kubernetes.io/name=discourse-k8s
+      chaos-duration: 600
+      chaos-enabled: false
+      chaos-experiments: pod-delete
+      chaos-status-duration: 300
+      extra-arguments: --localstack-address 172.17.0.1 -m "requires_secrets"
+      pre-run-script: localstack-installation.sh
+      trivy-image-config: "trivy.yaml"

.gitignore

@@ -10,3 +10,4 @@ venv
 env
 .pytest_cache
 .mypy_cache
+*.rock

.licenserc.yaml

@@ -32,6 +32,6 @@ header:
     - 'LICENSE'
     - 'trivy.yaml'
     - 'zap_rules.tsv'
-    - 'image/patches/**'
+    - 'discourse_rock/patches/**'
     - 'lib/**'
   comment: on-failure

discourse_rock/rockcraft.yaml

@@ -0,0 +1,204 @@
+# Copyright 2023 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+name: discourse
+summary: Discourse rock
+description: Discourse OCI image for the Discourse charm
+base: ubuntu:20.04
+run-user: _daemon_
+license: Apache-2.0
+version: "1.0"
+platforms:
+  amd64:
+parts:
+  install-node:
+    # We need nodejs so that yarn works correctly
+    # This allows us to control the version of node
+    plugin: nil
+    source: .
+    build-environment:
+      - NODE_VERSION: "18.17.1"
+      - ARCH: "x64"
+    overlay-script: |
+      node_uri="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}.tar.gz"
+      curl -Ls $node_uri | tar xzf - -C $CRAFT_OVERLAY/ --skip-old-files --no-same-owner --strip-components=1
+  install-yarn:
+    # We need yarn to compile discourse's assets
+    plugin: nil
+    after:
+      - install-node
+    source: .
+    build-environment:
+      - YARN_VERSION: "1.22.19"
+      - ARCH: "x64"
+    overlay-script: |
+      yarn_uri="https://github.com/yarnpkg/yarn/releases/download/v${YARN_VERSION}/yarn-v${YARN_VERSION}.tar.gz"
+      curl -Ls $yarn_uri | tar xzf - -C $CRAFT_OVERLAY/ --skip-old-files --no-same-owner --strip-components=1
+  install-terser:
+    # Terser is needed to compile discourse's assets
+    # We don't use the system package to avoid pulling ubuntu's nodejs package
+    # Related to: https://git.launchpad.net/~weii-wang/charm-k8s-discourse/commit/?h=fix-terser-precompile&id=ada4ba97b28ab53dd0a619b3a9325b7a981afac1
+    plugin: nil
+    source: .
+    after:
+      - install-node
+    overlay-script: |
+      $CRAFT_OVERLAY/usr/bin/node $CRAFT_OVERLAY/usr/bin/npm --prefix $CRAFT_OVERLAY/usr/local/ i -g terser
+  install-runtime-packages:
+    plugin: nil
+    overlay-packages:
+      - brotli
+      - gettext-base
+      - gifsicle
+      - git
+      - imagemagick
+      - jhead
+      - jpegoptim
+      - libjpeg-turbo-progs
+      - libpq-dev
+      - libssl-dev
+      - libxml2-dev
+      - libxslt1-dev
+      - libz-dev
+      - optipng
+      - pngquant
+      - redis-tools
+      - ruby2.7
+      - ruby2.7-dev
+      - tzdata
+      - ubuntu-dev-tools
+      - zlib1g-dev
+  get-discourse:
+    plugin: dump
+    after:
+      - install-yarn
+      - install-runtime-packages
+    source: https://github.com/discourse/discourse.git
+    source-depth: 1
+    source-tag: v2.8.14
+    source-type: git
+    override-build: |
+      craftctl default
+      mkdir -p tmp/backups/default
+      mkdir -p public/backups/default
+      mkdir -p public/uploads/default
+      mkdir -p log/production.log
+      mkdir -p srv/discourse/app/bin
+      touch log/production.log
+      touch log/unicorn-stderr.log
+      yarn install --production --frozen-lockfile
+    organize:
+      "*.*": srv/discourse/app/
+      "*": srv/discourse/app/
+      ".*": srv/discourse/app/
+  get-solved-plugin-source:
+    plugin: dump
+    source: https://github.com/discourse/discourse-solved.git
+    source-depth: 1
+    source-commit: d6c8089ca38611b09a8edb29d64f359bcef11f11
+    after:
+      - get-discourse
+    organize:
+      "*": srv/discourse/app/plugins/discourse-solved/
+  get-markdown-note-plugin-source:
+    plugin: dump
+    after:
+      - get-discourse
+    source: https://github.com/canonical-web-and-design/discourse-markdown-note.git
+    source-depth: 1
+    organize:
+      "*": srv/discourse/app/plugins/discourse-markdown-note/
+  get-mermaid-plugin-source:
+    plugin: dump
+    after:
+      - get-discourse
+    source: https://github.com/unfoldingWord-dev/discourse-mermaid.git
+    source-depth: 1
+    organize:
+      "*": srv/discourse/app/plugins/discourse-mermaid/
+  get-saml-plugin-source:
+    plugin: dump
+    after:
+      - get-discourse
+    source: https://github.com/discourse/discourse-saml.git
+    source-depth: 1
+    override-build: |
+      craftctl default
+      grep -e ^gem plugin.rb >> Gemfile
+    organize:
+      "*": srv/discourse/app/plugins/discourse-saml/
+  get-prometheus-plugin-source:
+    plugin: dump
+    after:
+      - get-discourse
+    source: https://github.com/discourse/discourse-prometheus.git
+    source-depth: 1
+    override-build: |
+      craftctl default
+      grep -e ^gem plugin.rb >> Gemfile
+    organize:
+      "*": srv/discourse/app/plugins/discourse-prometheus/
+  get-patches:
+    plugin: dump
+    source: patches
+    organize:
+      "*": srv/discourse/app/patches/
+  apply-patches:
+    plugin: nil
+    build-packages:
+      - git
+    after:
+      - get-discourse
+      - get-patches
+    override-stage: |
+      git -C srv/discourse/app apply patches/lp1903695.patch
+      git -C srv/discourse/app apply patches/anonymize_user.patch
+      # The following is a fix for UglifierJS assets compilation
+      # https://github.com/lautis/uglifier/issues/127#issuecomment-352224986
+      sed -i 's/config.assets.js_compressor = :uglifier/config.assets.js_compressor = Uglifier.new(:harmony => true)/g' srv/discourse/app/config/environments/production.rb
+      sed -i '1s/^/require "uglifier"\n/' srv/discourse/app/config/environments/production.rb
+  install-gems:
+    plugin: nil
+    after:
+      - get-discourse
+      - get-saml-plugin-source
+      - get-prometheus-plugin-source
+      - apply-patches
+    build-packages:
+      - libpq-dev
+      - ruby2.7
+      - ruby2.7-dev
+      - git
+      - libssl-dev
+    override-build: |
+      cd $CRAFT_STAGE/srv/discourse/app
+      gem install -n "bin" bundler
+      # rexml version is forced to avoid conflicting transient dependency issue
+      sed -i 's/rexml (3.2.5)/rexml (3.2.6)/' Gemfile.lock
+      # rexml version is forced to avoid conflicting transient dependency issue
+      echo "gem 'rexml', '3.2.6'" >> Gemfile
+      bin/bundle install
+      bin/bundle install --gemfile="plugins/discourse-saml/Gemfile"
+      bin/bundle install --gemfile="plugins/discourse-prometheus/Gemfile"
+    organize:
+      '/var/lib/gems': var/lib/gems
+      'srv/discourse/app/bin/*': srv/discourse/app/bin/
+      'srv/discourse/app/Rakefile': srv/discourse/app/
+      'srv/discourse/app/bundle': srv/discourse/app/
+  get-scripts:
+    plugin: dump
+    source: scripts
+    organize:
+      "*": srv/scripts/
+  adjust-ownership:
+    plugin: nil
+    after:
+      - get-markdown-note-plugin-source
+      - get-mermaid-plugin-source
+      - get-scripts
+      - get-solved-plugin-source
+      - install-gems
+      - install-terser
+    override-prime: |
+      craftctl default
+      chown 584792 -R srv/discourse

image/scripts/app_launch.sh → discourse_rock/scripts/app_launch.sh

@@ -5,7 +5,9 @@
 export UNICORN_BIND_ALL=0.0.0.0
 export UNICORN_SIDEKIQS=1
 
-su -s /bin/bash -c "${CONTAINER_APP_ROOT}/app/bin/unicorn -c ${CONTAINER_APP_ROOT}/app/config/unicorn.conf.rb" "${CONTAINER_APP_USERNAME}" &
+cd "$CONTAINER_APP_ROOT/app" || exit
+
+bin/unicorn -c config/unicorn.conf.rb &
 
 # If one of the processes exits, the other one will be killed so that the pod will be restarted by the failing probes
 wait -n