Feature/662 cleanup docker setup (#690)

* remove ember from docker

* remove old docker setup and start configure keycloak

* connect rails with local keycloak

* create new keycloak export

* clean up

* setup keycloak properly

* clean up keycloak login

* delete uselss files

* clean up application.html.haml

* improve config

* clean up docker compose file

* add container to compile assets on runtime

* display auth strategy in devmode

* update env variables

* update env fetch logic

* split docker compose file for usecases with and without keycloak

* add keycloak dockerfile

* add proper docker-compose files

* change name of db

* update env vars

* fix yarn script and env settings

* Use proper strategy to check authentication method

* update readme

* Update dockerfile and add warning for non seeded db

* rollback rails-entrypoint

* use default Rails.env.development?

* unify all param methods

* User param converter

---------

Co-authored-by: Yanick Minder <minder@puzzle.ch>

.env

@@ -1,2 +1,13 @@
 LOCAL=true
 DEVELOPMENT=true
+KEYCLOAK=false
+
+DISPLAY= ${DISPLAY}
+RAILS_DB_NAME=skills_development
+RAILS_DB_USERNAME=skills
+RAILS_DB_PASSWORD=skills
+
+# Postgres
+POSTGRES_DB=skills_development
+POSTGRES_USER=skills
+POSTGRES_PASSWORD=skills

.github/workflows/rails.yml

@@ -39,19 +39,19 @@ jobs:
       - name: 'Run database migrations'
         env:
           RAILS_ENV: test
-          PGHOST: ${{ env.PGHOST }}
-          POSTGRES_DB: ${{ env.POSTGRES_DB }}
-          POSTGRES_USER: ${{ env.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          RAILS_DB_HOST: ${{ env.PGHOST }}
+          RAILS_DB_NAME: ${{ env.POSTGRES_DB }}
+          RAILS_DB_USERNAME: ${{ env.POSTGRES_USER }}
+          RAILS_DB_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
         run: |
           bundle exec rake db:create db:migrate
 
       - name: 'Run tests'
         env:
           PGHOST: ${{ env.PGHOST }}
-          POSTGRES_DB: ${{ env.POSTGRES_DB }}
-          POSTGRES_USER: ${{ env.POSTGRES_USER }}
-          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          RAILS_DB_NAME: ${{ env.POSTGRES_DB }}
+          RAILS_DB_USERNAME: ${{ env.POSTGRES_USER }}
+          RAILS_DB_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
           IS_CI: true
         run: bundle exec rake
 

Procfile.assets

@@ -1,2 +1,2 @@
-js: yarn build --watch
+js: yarn build --watch=forever
 css: yarn watch:css

README.md

@@ -38,9 +38,6 @@ You will need the following things properly installed on your computer:
 -   [RVM (Ruby Version Manager)](https://rvm.io/) ([installation](https://rvm.io/rvm/install) requires `curl` and `gpg`)
 -   Either [PostgreSQL](https://www.postgresql.org/) or [Docker](https://www.docker.com/) for the Database (Docker is recommended)
 
-## Setup dockerized Application👩🏽‍💻
-We're glad you want to setup your machine for PuzzleSkills development 💃
-
 ## Openshift deployment
 To deploy the project to openshift make sure you set the following environment variables:
 - LOCAL=false
@@ -50,6 +47,8 @@ To deploy the project to openshift make sure you set the following environment v
 - realm: 
 - admin_role: (Not required)
 
+## Setup dockerized Application👩🏽‍💻
+We're glad you want to setup your machine for PuzzleSkills development 💃
 
 ### Windows users
 If you're on Windows you should be able to Download Ubuntu from Microsoft Store. Note that you need to enable Subsystem for Linux and virtual machine platform in your Windows features.  
@@ -67,33 +66,47 @@ git clone https://github.com/puzzle/skills.git && cd ~/git/skills
 ⚡ If your user id is not 1000 (run id -u to check), you need to export this as env variable: **export UID=$UID** before running any of the further commands. Maybe you want to add this to your bashrc.
 
 ## Start Development Containers
+<img src="https://developers.redhat.com/sites/default/files/styles/article_feature/public/blog/2014/05/homepage-docker-logo.png?itok=zx0e-vcP" alt="docker whale" width="350">
+
+**Without Keycloak (recommended)**
+Since this is the default, you don't have to do anything and can run all commands inside the root of the project.
+
+**With Keycloak**
+To use the application with Keycloak, navigate to `config/docker/keycloak` and run all commands from this directory.
+You can log in either as `user` or as `admin`. The password for both accounts is `password`.
+
+
+### Start application
 To start the PuzzleSkills application, run the following commands in your shell:
 
 ```bash
-docker compose build
 docker compose up -d
 ```
 
-⚡ This will also install all required gems and seed the database, which takes some time to complete if it's executed the first time. You can follow the progress using `docker-compose logs --follow rails` (exit with Ctrl+C).
+⚡ This will also install all required gems and seed the database, which takes some time to complete if it's executed the first time. You can follow the progress using `docker logs -f rails` (exit with Ctrl+C).
 
-After the startup has completed (once you see `Listening on tcp://0.0.0.0:4200` in the logs), make sure all services are up and running:
+After the startup has completed (once you see `Listening on http://0.0.0.0:3000` in the logs), make sure all services are up and running:
 
 ```bash
-docker-compose ps
+docker ps
 ```
 
 This should look something like this:
 
 ```
-Name                           Command                State   Ports                                                            
--------------------------------------------------------------------------------------------------------
-skills-ember-1                 skills-postgres-1      Up      0.0.0.0:4200->4200/tcp, :::4200->4200/tcp
-skills-postgres-1              docker-entrypoint.s…   Up      0.0.0.0:5432->5432/tcp, :::5432->5432/tcp
-skills-rails-1                 rails-entrypoint ra…   Up      0.0.0.0:3000->3000/tcp, :::3000->3000/tcp
+IMAGE              COMMAND                   PORTS                                       NAMES
+ruby:3.2           "/bin/bash -c '\n apt…"                                               assets
+skills-dev/rails   "rails-entrypoint ra…"    0.0.0.0:3000->3000/tcp, :::3000->3000/tcp   rails
+postgres:16        "docker-entrypoint.s…"    0.0.0.0:5432->5432/tcp, :::5432->5432/tcp   postgres
 ```
 
-Access the web application by browser: http://localhost:4200 and enjoy the ride!
-<img src="https://developers.redhat.com/sites/default/files/styles/article_feature/public/blog/2014/05/homepage-docker-logo.png?itok=zx0e-vcP" alt="docker whale" width="350">
+Access the web application by browser: http://localhost:3000 and enjoy the ride!
+
+## Debugging
+To interact with `pry` inside a controller, you have to attach to the container first using `docker attach rails`.
+This will show you any **new** logs, and if you encounter a `pry` prompt, you can interact with it.
+To detach from the container without stopping it, press `CTRL + p` then `CTRL + q`.
+
 
 ## Testing
 

app/controllers/application_controller.rb

@@ -7,9 +7,11 @@ class ApplicationController < ActionController::Base
   helper_method :find_profile_by_keycloak_user
 
   def authenticate_auth_user!
-    return super unless helpers.development?
+    return super unless helpers.devise?
 
     admin = AuthUser.find_by(email: 'admin@skills.ch')
+    raise 'User not found. This is highly likely due to a non-seeded database.' unless admin
+
     request.env['warden'].set_user(admin, :scope => :auth_user)
   end
 
@@ -29,10 +31,4 @@ def render_error(title_key, body_key, status = :bad_request)
                      body: translate("devise.failure.#{body_key}") },
            :status => status
   end
-
-  protected
-
-  def find_profile_by_keycloak_user
-    Person.find_by(name: current_auth_user&.name)
-  end
 end

app/controllers/concerns/param_converters.rb

@@ -1,15 +1,25 @@
 # frozen_string_literal: true
 
 module ParamConverters
-
   private
 
+  TRUTHY_VALUES = %w(t true yes y 1).freeze
+  FALSEY_VALUES = %w(f false n no 0).freeze
+
+
   def true?(value)
-    %w[1 yes true].include?(value.to_s.downcase)
+    TRUTHY_VALUES.include?(value.to_s.downcase)
   end
 
   def false?(value)
-    %w[0 no false].include?(value.to_s.downcase)
+    FALSEY_VALUES.include?(value.to_s.downcase)
+  end
+
+  def to_boolean(value)
+    return true if true?(value)
+    return false if false?(value)
+
+    raise "Invalid value '#{value}' for boolean casting"
   end
 
   def nil_param?(value)

app/helpers/auth_helper.rb

@@ -9,7 +9,12 @@ def admin?
     current_auth_user&.is_admin
   end
 
-  def development?
-    ENV['DEVELOPMENT'] == 'true' && ENV['RAILS_ENV'] == 'development'
+  def find_person_by_auth_user
+    Person.find_by(name: current_auth_user&.name)
+  end
+
+  # This method returns true if the user should be authenticated by devise
+  def devise?
+    AuthConfig.keycloak? || !Rails.env.test?
   end
 end

app/models/auth_user.rb

@@ -23,8 +23,11 @@ def set_admin(person, auth)
     end
 
     def admin?(auth)
-      resources = auth.extra.raw_info.resource_access[AuthConfig.client_id]
-      resources.roles.include? AuthConfig.admin_role
+      client_roles(auth).include? AuthConfig.admin_role
+    end
+
+    def client_roles(auth)
+      auth.extra&.raw_info&.resource_access&.[](AuthConfig.client_id)&.roles || []
     end
   end
 end

app/views/layouts/application.html.haml

@@ -20,24 +20,36 @@
               %img{:src=> "/assets/logo.svg",:height=>"32"}
             %text.d-flex.align-items-end.ms-2.small= "5.0.0"
           %ul.navbar.text-gray
-            %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100
-              %div.scale-icon-06(name="user")
-              %span#username
-                - if find_profile_by_keycloak_user.nil?
-                  = link_to current_auth_user&.name, people_path(alert: "true")
-                - else
-                  = link_to find_profile_by_keycloak_user.name, person_path(find_profile_by_keycloak_user)
-                - if admin?
-                  (Admin)
-            %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2
-              %a.d-flex.align-items-center{:href => "https://github.com/puzzle/skills/issues"}
-                %pzsh-icon.scale-icon-08.text-gray(name="question-circle")
-            %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2{"data-action": "click->skills-empty-space#goCrazy"}
-              - if !development?
+            - if Rails.env.development?
+              %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100
+                %span#username
+                  - if devise?
+                    Devise
+                  - else
+                    Mockdata
+            -# Username 
+            - if auth_user_signed_in?
+              %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100
+                %div.scale-icon-06(name="user")
+                %span#username
+                  - if find_person_by_auth_user.nil?
+                    = link_to current_auth_user&.name, people_path(alert: "true")
+                  - else
+                    = link_to find_person_by_auth_user.name, person_path(find_person_by_auth_user)
+                  - if admin?
+                    (Admin)
+            -# Login/Logout
+            - if devise?
+              %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2
                 - if auth_user_signed_in?
-                  =link_to "Logout", destroy_auth_user_session_path, data: { "turbo-method": :delete}
+                  =link_to "Logout", destroy_auth_user_session_path, data: { "turbo-method": :delete}, class: "btn btn-link"
                 - elsif devise_mapping.omniauthable?
                   =button_to "Login", omniauth_authorize_path(resource_name, resource_class.omniauth_providers.first), {data: { "turbo": false }, class: "btn btn-link"}
+            -# Help
+            %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.h-100
+              %a.d-flex.align-items-center{:href => "https://github.com/puzzle/skills/issues"}
+                %pzsh-icon.scale-icon-08.text-gray(name="question-circle")
+            %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2{"data-action": "click->skills-empty-space#goCrazy"}
         %div.puzzle-header
           %div.d-flex.h-100
             %ul.navbar.h-100

config/auth.yml

@@ -1,5 +1,5 @@
-client_id: pitc_skills_rails_backend
+admin_role: ADMIN
+host_url:
+realm:
+client_id:
 secret: 
-host_url: https://sso-test.puzzle.ch
-realm: pitc
-admin_role: ADMIN

config/docker/development/Rails.dockerfile

@@ -9,12 +9,11 @@ WORKDIR /myapp
 
 COPY ./rails-entrypoint /usr/local/bin
 
-RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
+RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash -
 RUN apt-get update
 RUN apt-get install direnv -y
 RUN apt-get install firefox-esr -y
-RUN apt-get install nodejs -y
-RUN apt-get install npm -y
+RUN apt-get install -y nodejs
 RUN npm install -g yarn
 
 RUN mkdir /opt/bundle && chmod 777 /opt/bundle

config/docker/development/rails-entrypoint

@@ -5,7 +5,7 @@ set -e
 rm -f tmp/pids/server.pid
 
 echo "running bundle install"
-gem install bundler -v 2.2.17
+gem install bundler -v 2.4.10
 bundle install
 
 yarn install --check-files

config/docker/keycloak/docker-compose.override.yml

@@ -0,0 +1,3 @@
+services:
+  rails:
+    env_file: rails.env

config/docker/keycloak/docker-compose.yml

@@ -1,45 +1,16 @@
-version: '3'
+include:
+  - ../../../docker-compose.yml
 
 services:
   keycloak:
     container_name: keycloak
-    image: quay.io/keycloak/keycloak:8.0.1
+    image: quay.io/keycloak/keycloak:23.0.7
     env_file: keycloak.env
-    command: "-Djboss.socket.binding.port-offset=100 -Dkeycloak.import=/realm-export.json -Dkeycloak.migration.strategy=IGNORE_EXISTING"
     ports:
-      - 8180:8180
+      - 8080:8080
+    command:
+      - start-dev
+      - --import-realm
+      - --http-relative-path=/auth
     volumes:
-      - ${PWD}/realm-export.json:/realm-export.json
-    depends_on:
-      - postgres
-  postgres:
-    image: postgres
-    volumes:
-      - postgres_data:/var/lib/postgresql/data
-    env_file: keycloak.env
-  web:
-    image: puzzle/skills:latest
-    container_name: skills_web
-    ports:
-      - '8080:3000'
-    depends_on:
-      - db
-    env_file:
-      - skills.env
-    volumes:
-      - skills-store:/opt/app-root/src/uploads/
-  db:
-    image: postgres:9.5.7
-    container_name: skills_db
-    ports:
-      - '5432:5432'
-    restart: always
-    env_file:
-      - skills.env
-    volumes:
-      - skills-postgresql:/var/lib/postgresql/data
-
-volumes:
-  postgres_data:
-  skills-postgresql:
-  skills-store:
+      - ${PWD}/pitc-with-users.json:/opt/keycloak/data/import/realm.json

config/docker/keycloak/keycloak.env

@@ -1,15 +1,7 @@
-#Keycloak container
-DB_VENDOR=POSTGRES
-DB_ADDR=postgres
-DB_DATABASE=keycloak
-DB_USER=keycloak
-DB_SCHEMA=public
-DB_PASSWORD=password
-KEYCLOAK_USER=admin
+KEYCLOAK_USER=user
 KEYCLOAK_PASSWORD=password
-KEYCLOAK_LOGLEVEL=INFO
 
-#Postgres container keyclaok
-POSTGRES_DB=keycloak
-POSTGRES_USER=keycloak
-POSTGRES_PASSWORD=password
+KEYCLOAK_ADMIN=admin
+KEYCLOAK_ADMIN_PASSWORD=password
+
+KEYCLOAK_LOGLEVEL=INFO