Merge pull request #4185 from RoboJackets/kristaps/rhel9

Changes for RHEL9

.dockerignore

@@ -3,6 +3,6 @@ vendor/
 node_modules/
 public/js/
 public/css/
-storage/*.key
+storage/
 docs/_build/
 resources/test/

.github/workflows/deploy.yml

@@ -55,7 +55,7 @@ jobs:
         with:
           url: https://nomad.bcdc.robojackets.net
           jwtGithubAudience: https://nomad.bcdc.robojackets.net
-          methodName: GitHub
+          methodName: GitHubActions
 
       - name: Run Nomad job
         env:

.nomad/apiary.nomad

@@ -3,16 +3,6 @@ variable "image" {
   description = "The image to use for running the service"
 }
 
-variable "persist_resumes" {
-  type = bool
-  description = "Whether to store resumes on a host volume, or just inside the container"
-}
-
-variable "persist_docusign" {
-  type = bool
-  description = "Whether to store resumes on a host volume, or just inside the container"
-}
-
 variable "run_background_containers" {
   type = bool
   description = "Whether to start containers for horizon and scheduled tasks, or only the web task"
@@ -23,9 +13,9 @@ variable "precompressed_assets" {
   description = "Whether assets in the image are pre-compressed"
 }
 
-variable "environment_name" {
+variable "web_shutdown_delay" {
   type = string
-  description = "The name of the environment being deployed"
+  description = "How long to delay shutting down the web task after the allocation is stopped"
 }
 
 locals {
@@ -85,38 +75,11 @@ job "apiary" {
   type = "service"
 
   group "apiary" {
-    volume "assets" {
-      type = "host"
-      source = "assets"
-    }
-
     volume "run" {
       type = "host"
       source = "run"
     }
 
-    dynamic "volume" {
-      for_each = var.persist_resumes ? ["resumes"] : []
-
-      labels = ["resumes"]
-
-      content {
-        type = "host"
-        source = "apiary_production_resumes"
-      }
-    }
-
-    dynamic "volume" {
-      for_each = var.persist_docusign ? ["docusign"] : []
-
-      labels = ["docusign"]
-
-      content {
-        type = "host"
-        source = "apiary_${var.environment_name}_docusign"
-      }
-    }
-
     task "prestart" {
       driver = "docker"
 
@@ -136,6 +99,17 @@ job "apiary" {
           "-c",
           trimspace(file("scripts/prestart.sh"))
         ]
+
+        mount {
+          type = "volume"
+          target = "/assets/"
+          source = "assets"
+          readonly = false
+
+          volume_options {
+            no_copy = true
+          }
+        }
       }
 
       resources {
@@ -144,11 +118,6 @@ job "apiary" {
         memory_max = 2048
       }
 
-      volume_mount {
-        volume = "assets"
-        destination = "/assets/"
-      }
-
       volume_mount {
         volume = "run"
         destination = "/var/opt/nomad/run/"
@@ -158,17 +127,22 @@ job "apiary" {
         data = trimspace(file("conf/.env.tpl"))
 
         destination = "/secrets/.env"
+
         env = true
+
+        change_mode = "noop"
       }
 
       template {
         data = <<EOF
 DOCKER_IMAGE_DIGEST="${split("@", var.image)[1]}"
-PERSIST_RESUMES="${var.persist_resumes}"
 EOF
 
         destination = "/secrets/.docker_image_digest"
+
         env = true
+
+        change_mode = "noop"
       }
 
       template {
@@ -190,10 +164,21 @@ EOF
 
         mount {
           type   = "bind"
-          source = "local/fpm/"
+          source = "local/"
           target = "/etc/php/8.3/fpm/pool.d/"
         }
 
+        mount {
+          type = "volume"
+          target = "/app/storage/app/"
+          source = "${NOMAD_JOB_NAME}"
+          readonly = false
+
+          volume_options {
+            no_copy = false
+          }
+        }
+
         entrypoint = [
           "/bin/bash",
           "-xeuo",
@@ -214,35 +199,22 @@ EOF
         destination = "/var/opt/nomad/run/"
       }
 
-      dynamic "volume_mount" {
-        for_each = var.persist_resumes ? ["resumes"] : []
-
-        content {
-          volume = "resumes"
-          destination = "/app/storage/app/resumes/"
-        }
-      }
-
-      dynamic "volume_mount" {
-        for_each = var.persist_docusign ? ["docusign"] : []
-
-        content {
-          volume = "docusign"
-          destination = "/app/storage/app/docusign/"
-        }
-      }
-
       template {
         data = trimspace(file("conf/www.conf"))
 
-        destination = "local/fpm/www.conf"
+        destination = "local/www.conf"
+
+        change_mode = "restart"
       }
 
       template {
         data = trimspace(file("conf/.env.tpl"))
 
         destination = "/secrets/.env"
+
         env = true
+
+        change_mode = "restart"
       }
 
       template {
@@ -306,10 +278,9 @@ EOF
         mode = "fail"
       }
 
-      shutdown_delay = var.environment_name == "production" ? "30s" : "0s"
+      shutdown_delay = var.web_shutdown_delay
     }
 
-
     dynamic "task" {
       for_each = var.run_background_containers ? ["scheduler", "worker"] : []
 
@@ -318,6 +289,12 @@ EOF
       content {
         driver = "docker"
 
+        lifecycle {
+          hook = "poststart"
+
+          sidecar = true
+        }
+
         config {
           image = var.image
 
@@ -330,6 +307,17 @@ EOF
             "-c",
             trimspace(file("scripts/${task.value}.sh"))
           ]
+
+          mount {
+            type = "volume"
+            target = "/app/storage/app/"
+            source = "${NOMAD_JOB_NAME}"
+            readonly = false
+
+            volume_options {
+              no_copy = false
+            }
+          }
         }
 
         resources {
@@ -343,27 +331,22 @@ EOF
           destination = "/var/opt/nomad/run/"
         }
 
-        dynamic "volume_mount" {
-          for_each = var.persist_docusign ? ["docusign"] : []
-
-          content {
-            volume = "docusign"
-            destination = "/app/storage/app/docusign/"
-          }
-        }
-
         template {
           data = trimspace(file("conf/.env.tpl"))
 
           destination = "/secrets/.env"
           env = true
+
+          change_mode = "restart"
         }
 
         template {
           data = "DOCKER_IMAGE_DIGEST=\"${split("@", var.image)[1]}\""
 
           destination = "/secrets/.docker_image_digest"
           env = true
+
+          change_mode = "noop"
         }
 
         template {
@@ -377,6 +360,13 @@ EOF
     }
   }
 
+  reschedule {
+    delay = "10s"
+    delay_function = "fibonacci"
+    max_delay = "60s"
+    unlimited = true
+  }
+
   update {
     healthy_deadline = "5m"
     progress_deadline = "10m"

.nomad/conf/.env.tpl

@@ -18,10 +18,10 @@ REDIS_PORT="-1"
 REDIS_HOST="{{- index .ServiceMeta "socket" | trimSpace -}}"
 {{ end }}
 REDIS_PASSWORD="{{- key "redis/password" | trimSpace -}}"
-{{- range service "meilisearch-v1-5" }}
+{{- range service "meilisearch-v1-9-0-rc-3" }}
 MEILISEARCH_HOST="http://127.0.0.1:{{- .Port -}}"
 {{ end }}
-MEILISEARCH_KEY="{{- key "meilisearch/v1-5-admin-key" | trimSpace -}}"
+MEILISEARCH_KEY="{{- key "meilisearch/admin-key-v1.9.0-rc.3" | trimSpace -}}"
 SESSION_SECURE_COOKIE="true"
 SESSION_COOKIE="__Host-apiary_session"
 {{ range $key, $value := (key (printf "apiary/%s" (slice (env "NOMAD_JOB_NAME") 7)) | parseJSON) -}}

.nomad/conf/www.conf

@@ -17,7 +17,7 @@ php_admin_value[session.save_handler] = redis
 php_admin_value[session.save_path] = "unix://{{- index .ServiceMeta "socket" | trimSpace -}}?persistent=1&database={{- with (key "redis/session_database" | parseJSON) -}}{{- index . (env "NOMAD_JOB_NAME") -}}{{- end -}}&timeout=1&auth={{- key "redis/password" | trimSpace -}}"
 {{ end }}
 {{ end }}
-access.log = /local/access.log
+access.log = /proc/self/fd/2
 access.format = "%t %m %{REQUEST_URI}e %s %f %{mili}d %{kilo}M %C \"%{HTTP_USER_AGENT}e\"%"
 {{ if ne (env "NOMAD_JOB_NAME") "apiary-production" }}
 php_admin_value[display_errors] = On

.nomad/scripts/prestart.sh

@@ -27,11 +27,6 @@ fi
 mkdir --parents /assets/${NOMAD_JOB_NAME}/
 cp --recursive --verbose public/* /assets/${NOMAD_JOB_NAME}/
 
-if [ ${PERSIST_RESUMES} = "false" ] && [ ${DB_CONNECTION} = "mysql" ]
-then
-    mysql --execute="update users set resume_date=null"
-fi
-
 if [ ${SCOUT_DRIVER} = "meilisearch" ]
 then
     php artisan scout:sync-index-settings --no-interaction --verbose || true

.nomad/scripts/web.sh

@@ -1,3 +1,4 @@
+rm --force /var/opt/nomad/run/${NOMAD_JOB_NAME}-${NOMAD_ALLOC_ID}.sock
 if [ ${APP_ENV} = "sandbox" ]
 then
     php artisan passport:keys --no-interaction --verbose

.nomad/var-files/production.hcl

@@ -1,4 +1,2 @@
-persist_resumes = true
-persist_docusign = true
 run_background_containers = true
-environment_name = "production"
+web_shutdown_delay = "30s"

.nomad/var-files/sandbox.hcl

@@ -1,4 +1,2 @@
-persist_resumes = false
-persist_docusign = false
 run_background_containers = false
-environment_name = "sandbox"
+web_shutdown_delay = "0s"

.nomad/var-files/test.hcl

@@ -1,4 +1,2 @@
-persist_resumes = false
-persist_docusign = true
 run_background_containers = true
-environment_name = "test"
+web_shutdown_delay = "0s"

Dockerfile

@@ -80,7 +80,6 @@ COPY --link config-validation/ /app/config-validation/
 COPY --link database/ /app/database/
 COPY --link resources/ /app/resources/
 COPY --link routes/ /app/routes/
-COPY --link storage/ /app/storage/
 COPY --link lang/ /app/lang/
 COPY --link artisan composer.json composer.lock /app/
 COPY --link --from=frontend /app/public/ /app/public/
@@ -127,6 +126,7 @@ USER www-data
 
 RUN --mount=type=secret,id=composer_auth,dst=/app/auth.json,uid=33,gid=33,required=true \
     set -eux && \
+    mkdir --parents /app/storage/app/ /app/storage/framework/cache/ /app/storage/framework/sessions/ /app/storage/framework/testing/ /app/storage/framework/views/ /app/storage/logs/ && \
     composer check-platform-reqs --lock --no-dev && \
     composer install --no-interaction --no-progress --no-dev --optimize-autoloader --classmap-authoritative --no-cache && \
     php artisan nova:publish && \

config/app.php

@@ -6,8 +6,6 @@
 
 return [
 
-    'dev_url' => env('APP_DEV_URL', 'https://github.com/RoboJackets/apiary'),
-
     'aliases' => Facade::defaultAliases()->merge([
         'Alert' => RealRashid\SweetAlert\Facades\Alert::class,
         'Cas' => Subfission\Cas\Facades\Cas::class,