Improve build process

.github/workflows/deploy.yml

@@ -10,6 +10,64 @@ on:
     types: [published]
 
 jobs:
+  docker_production:
+    name: 'Docker: Production'
+    runs-on: ubuntu-20.04
+
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build test image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          target: production
+          tags: "gmmcal/gmmcal:latest"
+          cache-from: type=registry,ref=gmmcal/gmmcal:buildcache
+          cache-to: type=registry,ref=gmmcal/gmmcal:buildcache,mode=max
+
+  docker_development:
+    name: 'Docker: Development'
+    runs-on: ubuntu-20.04
+
+    if: github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build test image
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          context: .
+          target: development
+          tags: "gmmcal/gmmcal:development"
+          cache-from: type=registry,ref=gmmcal/gmmcal:buildcache
+          cache-to: type=registry,ref=gmmcal/gmmcal:buildcache,mode=max
+
   staging:
     name: 'Deploy: Staging'
     runs-on: ubuntu-20.04

.github/workflows/docker.yml

@@ -29,16 +29,14 @@ jobs:
           context: .
           target: test
           tags: "gmmcal/gmmcal:test"
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-from: type=registry,ref=gmmcal/gmmcal:buildcache
+          cache-to: type=registry,ref=gmmcal/gmmcal:buildcache,mode=max
 
   rubocop:
     name: 'Lint: Rubocop'
     runs-on: ubuntu-20.04
     needs: docker
 
-    if: github.event_name == 'pull_request'
-
     steps:
       - name: Run rubocop
         run: |
@@ -49,8 +47,6 @@ jobs:
     runs-on: ubuntu-20.04
     needs: docker
 
-    if: github.event_name == 'pull_request'
-
     steps:
       - name: Run reek
         run: |
@@ -61,8 +57,6 @@ jobs:
     runs-on: ubuntu-20.04
     needs: docker
 
-    if: github.event_name == 'pull_request'
-
     steps:
       - name: Run brakeman
         run: |
@@ -73,8 +67,6 @@ jobs:
     runs-on: ubuntu-20.04
     needs: docker
 
-    if: github.event_name == 'pull_request'
-
     steps:
       - name: Run SCSSLint
         run: |

Dockerfile

@@ -17,25 +17,12 @@ FROM base as build
 RUN apt-get update -qq && \
   apt-get install --no-install-recommends -y build-essential curl git libpq-dev libvips node-gyp pkg-config python-is-python3
 
-# Install JavaScript dependencies
-ARG NODE_VERSION=18.12.1
-ARG YARN_VERSION=1.22.19
-ENV PATH=/usr/local/node/bin:$PATH
-RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \
-  /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
-  npm install -g yarn@$YARN_VERSION && \
-  rm -rf /tmp/node-build-master
-
 # Install application gems
 COPY Gemfile Gemfile.lock ./
 RUN bundle install && \
   rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
   bundle exec bootsnap precompile --gemfile
 
-# Install node modules
-COPY package.json yarn.lock ./
-RUN yarn install --frozen-lockfile
-
 # Copy application code
 COPY . .
 
@@ -45,6 +32,35 @@ RUN bundle exec bootsnap precompile app/ lib/
 # Precompiling assets for production without requiring secret RAILS_MASTER_KEY
 RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
 
+# Development image
+FROM base as production
+
+ENV RAILS_ENV="production" \
+  BUNDLE_DEPLOYMENT="1" \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development"
+
+# Install packages needed for deployment
+RUN apt-get update -qq && \
+  apt-get install --no-install-recommends -y curl libvips postgresql-client && \
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
+# Copy built artifacts: gems, application
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build /rails /rails
+
+# Run and own only the runtime files as a non-root user for security
+RUN useradd rails --create-home --shell /bin/bash && \
+  chown -R rails:rails db log storage tmp
+USER rails:rails
+
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000
+CMD ["./bin/rails", "server"]
+
 # Development image
 FROM base as development