Update docker configs.

backend/.deploy/lib/Dockerfile

@@ -0,0 +1,57 @@
+# Stage: Builder
+FROM ruby:2.6.3-alpine3.9 as Builder
+
+ARG BUNDLE_WITHOUT
+ARG RAILS_ENV
+
+RUN apk add --update --no-cache \
+    build-base \
+    libxml2-dev \
+    libxslt-dev \
+    postgresql-dev \
+    tzdata \
+    bash \
+    curl \
+    git \
+    nodejs \
+    yarn
+
+ENV APP_HOME /home/www/backend
+ENV BUNDLE_WITHOUT=${BUNDLE_WITHOUT}
+
+WORKDIR $APP_HOME
+
+COPY Gemfile* $APP_HOME/
+RUN bundle install --jobs 20 --retry 5 \
+    && rm -rf /usr/local/bundle/cache/*.gem \
+    && find /usr/local/bundle/gems/ -name "*.c" -delete \
+    && find /usr/local/bundle/gems/ -name "*.o" -delete
+
+COPY . $APP_HOME
+
+RUN RAILS_ENV=${RAILS_ENV} bin/rake assets:precompile
+
+# Stage: Final
+FROM ruby:2.6.3-alpine3.9
+
+RUN apk add --update --no-cache \
+    libxml2-dev \
+    libxslt-dev \
+    postgresql-dev \
+    file \
+    tzdata \
+    curl
+
+ENV APP_USER app
+ENV APP_HOME /home/www/backend
+
+RUN addgroup -g 1000 -S $APP_USER  && adduser -u 1000 -S $APP_USER  -G $APP_USER
+
+USER $APP_USER
+
+COPY --from=Builder /usr/local/bundle/ /usr/local/bundle/
+COPY --from=Builder --chown=app:app $APP_HOME $APP_HOME
+
+WORKDIR $APP_HOME
+
+CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

backend/.deploy/lib/deploy.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+
+# Required variables:
+# - region # ECR Region
+# - aws-access-key # AWS Access Id
+# - aws-secret-key # AWS Secret Key
+# - service # Service's name
+# - cluster # Service's cluster
+# - file # docker-compose file path
+# - ecs_params # AWS ECS params file path
+# - containers # container names for push to ECR
+
+set -e
+
+deploy() {
+  while [[ $# -gt 0 ]]
+  do
+  key="$1"
+
+  case $key in
+      --region)
+      REGION="$2"
+      shift
+      shift
+      ;;
+      --aws-access-key)
+      AWS_ACCESS_KEY_ID="$2"
+      shift
+      shift
+      ;;
+      --aws-secret-key)
+      AWS_SECRET_ACCESS_KEY="$2"
+      shift
+      shift
+      ;;
+      --cluster)
+      CLUSTER="$2"
+      shift
+      shift
+      ;;
+      --file)
+      FILE="$2"
+      shift
+      shift
+      ;;
+      --service)
+      SERVICE="$2"
+      shift
+      shift
+      ;;
+      --ecs_params)
+      ECS_PARAMS="$2"
+      shift
+      shift
+      ;;
+      --containers)
+      CONTAINERS="$2"
+      shift
+      shift
+      ;;
+      *)
+      echo "Unknown option $1\n"
+      shift
+      shift
+  esac
+  done
+
+  export TAG=$(git log -1 --format=%h)
+  export REGION=$REGION
+
+  echo "🐳  Build docker image $BUILD_APP"
+  push_to_docker
+
+  echo "🚀  Deploy $BUILD_APP to $CLUSTER:$SERVICE"
+  ecs_deploy
+
+  echo '✅  Deploy successfully finished'
+}
+
+push_to_docker() {
+  $(aws ecr get-login --region $REGION --no-include-email)
+
+  docker-compose -f $FILE build $CONTAINERS
+  docker-compose -f $FILE push $CONTAINERS
+}
+
+ecs_deploy() {
+  ecs-cli configure \
+    --cluster $CLUSTER \
+    --region $REGION \
+    --default-launch-type EC2 \
+    --config-name $CLUSTER
+
+  ecs-cli compose \
+    --project-name $SERVICE \
+    --file $FILE \
+    --ecs-params $ECS_PARAMS \
+    service up \
+    --cluster-config $CLUSTER \
+    --force-deployment \
+    --timeout 2
+}
+
+exec "$@"

backend/.deploy/lib/entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+rm -f $APP_HOME/tmp/pids/server.pid
+rm -f $APP_HOME/tmp/pids/sidekiq.pid
+
+bundle exec rails db:create
+bundle exec rails db:migrate
+
+exec "$@"

backend/.deploy/lib/nginx/Dockerfile

@@ -0,0 +1,18 @@
+FROM nginx:1.16
+
+USER root
+
+RUN rm /usr/share/nginx/html/*
+
+COPY configs/nginx.conf /etc/nginx/nginx.conf
+COPY configs/default.conf /etc/nginx/conf.d/default.conf
+
+RUN touch /var/run/nginx.pid && \
+    chown -R www-data:www-data /var/run/nginx.pid && \
+    chown -R www-data:www-data /var/cache/nginx && \
+    chown -R www-data:www-data /etc/nginx && \
+    chown -R www-data:www-data /var/log
+
+USER www-data
+
+CMD ["nginx", "-g", "daemon off;"]

backend/.deploy/lib/nginx/configs/default.conf

@@ -0,0 +1,27 @@
+upstream rails {
+  server rails:8000;
+}
+
+server {
+  listen 8080 default deferred;
+  server_name _;
+
+  access_log off;
+  error_log /var/log/nginx.error.log crit;
+
+  client_max_body_size 100M;
+  keepalive_timeout 30;
+
+  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
+    return 405;
+  }
+
+  location / {
+    proxy_redirect off;
+    proxy_set_header Client-Ip $remote_addr;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_pass http://rails;
+  }
+}

backend/.deploy/lib/nginx/configs/nginx.conf

@@ -0,0 +1,33 @@
+worker_processes auto;
+
+worker_rlimit_nofile 4096;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  server_tokens off;
+
+  add_header X-Frame-Options SAMEORIGIN;
+
+  add_header X-Content-Type-Options nosniff;
+
+  add_header X-XSS-Protection "1; mode=block";
+  server_names_hash_bucket_size 64;
+  server_names_hash_max_size 512;
+
+  sendfile on;
+  tcp_nopush on;
+
+  types_hash_max_size 2048;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript;
+
+  include /etc/nginx/conf.d/default.conf;
+}

backend/.deploy/production/deploy.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source '.deploy/lib/deploy.sh'
+
+if [ ! -f config/master.key ]; then
+  if [ -z "$RAILS_PRODUCTION_KEY" ]; then
+    echo "No rails master key"
+    exit 1
+  fi
+
+  echo "$RAILS_PRODUCTION_KEY" > config/master.key
+fi
+
+deploy \
+  --aws-access-key "$AWS_ACCESS_KEY_ID" \
+  --aws-secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --region 'us-west-1' \
+  --cluster 'backend-production' \
+  --service 'backend' \
+  --file '.deploy/production/docker-compose.yml' \
+  --ecs_params '.deploy/production/ecs-params.yml' \
+  --containers 'rails nginx'

backend/.deploy/production/docker-compose.yml

@@ -0,0 +1,62 @@
+version: '3'
+
+services:
+  nginx:
+    image: "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${REGION}.amazonaws.com/backend/nginx:${TAG}"
+    build: ../lib/nginx
+    ports:
+      - 80:8080
+    links:
+      - rails
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: backend-production
+        awslogs-region: ${REGION}
+        awslogs-stream-prefix: nginx
+    healthcheck:
+      test: ["CMD-SHELL", "service nginx status || exit 1"]
+
+  rails: &rails
+    image: "${AWS_ACCOUNT_NUMBER}.dkr.ecr.${REGION}.amazonaws.com/backend/rails:${TAG}"
+    build:
+      context: ../../.
+      dockerfile: .deploy/lib/Dockerfile
+      args:
+        BUNDLE_WITHOUT: development test
+        RAILS_ENV: production
+    command: bundle exec puma -C config/puma.rb
+    entrypoint: "./.deploy/lib/entrypoint.sh"
+    ports:
+      - 8000
+    environment: &rails_env
+      RAILS_ENV: production
+      PORT: 8000
+      RAILS_MAX_THREADS: 25
+      RAILS_LOG_TO_STDOUT: "true"
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: backend-production
+        awslogs-region: ${REGION}
+        awslogs-stream-prefix: rails
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:8000/health_check"]
+
+  sidekiq:
+    <<: *rails
+    command: bundle exec sidekiq
+    entrypoint: ""
+    environment:
+      <<: *rails_env
+      PORT: 8001
+    ports:
+      - 8001
+    logging:
+      driver: awslogs
+      options:
+        awslogs-group: backend-production
+        awslogs-region: ${REGION}
+        awslogs-stream-prefix: sidekiq
+    healthcheck:
+      test: ["CMD-SHELL", "ps ax | grep -v grep | grep sidekiq || exit 1"]

backend/.deploy/production/esc-params.yml

@@ -0,0 +1,15 @@
+version: 1
+task_definition:
+  ecs_network_mode: bridge
+
+  task_size:
+    cpu_limit: 1000
+    mem_limit: 3000
+
+  services:
+    nginx:
+      essential: true
+    rails:
+      essential: true
+    sidekiq:
+      essential: true

backend/.deploy/staging/deploy.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+source '.deploy/lib/deploy.sh'
+
+if [ ! -f config/credentials/staging.key ]; then
+  if [ -z "$RAILS_STAGING_KEY" ]; then
+    echo "No rails master key"
+    exit 1
+  fi
+
+  echo "$RAILS_STAGING_KEY" > config/credentials/staging.key
+fi
+
+deploy \
+  --aws-access-key "$AWS_ACCESS_KEY_ID" \
+  --aws-secret-key "$AWS_SECRET_ACCESS_KEY" \
+  --region 'us-west-1' \
+  --cluster 'backend-staging' \
+  --service 'backend' \
+  --file '.deploy/staging/docker-compose.yml' \
+  --ecs_params '.deploy/staging/ecs-params.yml' \
+  --containers 'rails nginx'