From 29d5f8abffb2bed3100027f59fb378b0143643c4 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 29 Oct 2025 20:57:24 -0700 Subject: [PATCH 01/22] ci: fix publish-release workflow indentation and switch to GCP_ARTIFACT_REGISTRY_KEY --- .github/workflows/publish-release.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 90ccf5e6..8803e451 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -7,6 +7,7 @@ on: - '*' env: + GCP_REPO: us-west2-docker.pkg.dev/askdarcel-184805/sheltertech/askdarcel-api DOCKER_REPO: sheltertechsf/askdarcel-api jobs: @@ -23,15 +24,28 @@ jobs: prefix= suffix= images: | + ${{ env.GCP_REPO }} ${{ env.DOCKER_REPO }} tags: | type=semver,pattern={{version}} - uses: docker/setup-qemu-action@v1 - uses: docker/setup-buildx-action@v1 + - uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + # Login to google registry + - uses: docker/login-action@v3 + with: + registry: us-west2-docker.pkg.dev + username: _json_key + password: ${{ secrets.GCP_SA_KEY }} + + - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} + # Authenticate with Google Cloud - uses: docker/build-push-action@v2 with: push: true From cf4123c8d9aee3d938613488ea03b5a2c2064c38 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 29 Oct 2025 21:01:40 -0700 Subject: [PATCH 02/22] ci: push latest image to GCP Artifact Registry and Docker Hub using GCP_ARTIFACT_REGISTRY_KEY --- .github/workflows/ci.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 75cf50b1..9f0b89b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,7 @@ env: NODE_VERSION: 16.x RAILS_ENV: test TEXTELLENT_AUTH_CODE: ${{ secrets.TEXTELLENT_AUTH_CODE }} + GCP_REPO: us-west2-docker.pkg.dev/askdarcel-184805/sheltertech/askdarcel-api DOCKER_REPO: sheltertechsf/askdarcel-api jobs: @@ -71,6 +72,14 @@ jobs: - uses: actions/checkout@v2 - uses: docker/setup-qemu-action@v1 - uses: docker/setup-buildx-action@v1 + - uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ secrets.GCP_ARTIFACT_REGISTRY_KEY }} + - uses: docker/login-action@v3 + with: + registry: us-west2-docker.pkg.dev + username: _json_key + password: ${{ secrets.GCP_ARTIFACT_REGISTRY_KEY }} - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} @@ -78,5 +87,7 @@ jobs: - uses: docker/build-push-action@v2 with: push: true - tags: ${{ env.DOCKER_REPO }}:latest + tags: | + ${{ env.DOCKER_REPO }}:latest + ${{ env.GCP_REPO }}:latest - run: echo ${{ steps.docker_build.outputs.digest }} \ No newline at end of file From d97c37d433f362513ee947a588cb153e0f7720db Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 29 Oct 2025 21:08:02 -0700 Subject: [PATCH 03/22] updated name of secret --- .github/workflows/publish-release.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml index 8803e451..98316ba3 100644 --- a/.github/workflows/publish-release.yml +++ b/.github/workflows/publish-release.yml @@ -31,21 +31,20 @@ jobs: - uses: docker/setup-qemu-action@v1 - uses: docker/setup-buildx-action@v1 - uses: google-github-actions/auth@v2 + # Login to google registry with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - # Login to google registry + credentials_json: ${{ secrets.GCP_ARTIFACT_REGISTRY_KEY }} + # Authenticate with Google Cloud - uses: docker/login-action@v3 with: registry: us-west2-docker.pkg.dev username: _json_key - password: ${{ secrets.GCP_SA_KEY }} - - + password: ${{ secrets.GCP_ARTIFACT_REGISTRY_KEY }} - uses: docker/login-action@v1 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - # Authenticate with Google Cloud + # Build and push to both registries - uses: docker/build-push-action@v2 with: push: true From 3f027e0cd75d8747305a2dc334672d38d8db45ab Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 29 Oct 2025 21:09:57 -0700 Subject: [PATCH 04/22] test branch before publish --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f0b89b9..0d084596 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,9 +3,9 @@ name: testsuite on: push: - branches: [ master ] + branches: [ master, migrate-to-gcp ] pull_request: - branches: [ master ] + branches: [ master, migrate-to-gcp ] env: RUBY_VERSION: 2.7.4 From 3aaa20859fec05e7a50ec9d0e654135df977e82d Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 29 Oct 2025 21:25:48 -0700 Subject: [PATCH 05/22] Update --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0d084596..3e4ad302 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -67,7 +67,7 @@ jobs: publish-latest: runs-on: ubuntu-latest needs: [lint, test_unit, test_postman] - if: github.ref == 'refs/heads/master' && github.event_name == 'push' + if: github.ref == 'refs/heads/migrate-to-gcp' && github.event_name == 'push' steps: - uses: actions/checkout@v2 - uses: docker/setup-qemu-action@v1 From 06e6549f413a4e49b3e5a800f8f0571b75a646e5 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Thu, 30 Oct 2025 11:53:22 -0700 Subject: [PATCH 06/22] ci: update CI workflow --- .dockerignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.dockerignore b/.dockerignore index 85585d7c..d8d12e0f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,5 @@ .ruby-version .bundle + +# Ignore generated credentials from google-github-actions/auth +gha-creds-*.json From b3357e682d442920f5d8678047bbc59ec719d774 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Thu, 30 Oct 2025 12:29:25 -0700 Subject: [PATCH 07/22] build(docker): ensure /etc/service/appserver exists before moving appserver.sh to fix buildx error 100 --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c8f2ce67..abd787e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts / touch /var/lib/dpkg/status && \ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && \ + mkdir -p /etc/service/appserver && \ mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ chmod 777 /etc/service/appserver/run && \ echo 'deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ From 27b455ff86a2542c8da28e7448360191989ab3a9 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:05:10 -0700 Subject: [PATCH 08/22] build(docker): replace apt-key with keyrings, install gnupg/ca-certificates, add signed-by for Yarn and Postgres --- Dockerfile | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index abd787e4..013ceb7e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,16 +11,19 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ touch /var/lib/dpkg/status && \ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && \ + apt-get update && \ + apt-get install -y --no-install-recommends curl wget gnupg ca-certificates && \ + install -m 0755 -d /etc/apt/keyrings && \ + curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarn.gpg && \ + wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/keyrings/google.gpg && \ + echo 'deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list && \ mkdir -p /etc/service/appserver && \ mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ chmod 777 /etc/service/appserver/run && \ - echo 'deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ - curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ + curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgres.gpg && \ + echo 'deb [signed-by=/etc/apt/keyrings/postgres.gpg] http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ apt-get update && \ - apt-get install -y libglib2.0-dev && \ - apt-get install -y postgresql-client-common && \ + apt-get install -y libglib2.0-dev postgresql-client-common && \ rm -rf /var/lib/apt/lists/* ENV LD_PRELOAD=$LD_PRELOAD:/lib/x86_64-linux-gnu/libjemalloc.so.2 From 2c9bd8e556de93139894b8c35697423afbfe1097 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Thu, 30 Oct 2025 13:10:45 -0700 Subject: [PATCH 09/22] revert(docker): restore Dockerfile to original state prior to recent changes --- Dockerfile | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 013ceb7e..c8f2ce67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,19 +11,15 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ touch /var/lib/dpkg/status && \ - apt-get update && \ - apt-get install -y --no-install-recommends curl wget gnupg ca-certificates && \ - install -m 0755 -d /etc/apt/keyrings && \ - curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarn.gpg && \ - wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/keyrings/google.gpg && \ - echo 'deb [signed-by=/etc/apt/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main' > /etc/apt/sources.list.d/yarn.list && \ - mkdir -p /etc/service/appserver && \ + curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && \ mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ chmod 777 /etc/service/appserver/run && \ - curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgres.gpg && \ - echo 'deb [signed-by=/etc/apt/keyrings/postgres.gpg] http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ + echo 'deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ + curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ apt-get update && \ - apt-get install -y libglib2.0-dev postgresql-client-common && \ + apt-get install -y libglib2.0-dev && \ + apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* ENV LD_PRELOAD=$LD_PRELOAD:/lib/x86_64-linux-gnu/libjemalloc.so.2 From fd3c23b3a877a155eeb8383519c44c9a926a11a0 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:53:09 -0700 Subject: [PATCH 10/22] build(docker): replace deprecated apt-key with modern GPG keyring management --- Dockerfile | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8f2ce67..e5396687 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,17 +9,38 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 # NB The xenial-pgdg package that we're installing with APT below may be removed from Postgres' repo # when future Linux updates come out. See: https://wiki.postgresql.org/wiki/Apt for updates. +# Restore dpkg directories and status file RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ - touch /var/lib/dpkg/status && \ - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ - wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && \ - mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ - chmod 777 /etc/service/appserver/run && \ - echo 'deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ - curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ - apt-get update && \ - apt-get install -y libglib2.0-dev && \ - apt-get install -y postgresql-client-common && \ + touch /var/lib/dpkg/status + +# Install prerequisites for GPG keyring management +RUN apt-get update && \ + apt-get install -y --no-install-recommends curl wget gnupg ca-certificates && \ + rm -rf /var/lib/apt/lists/* + +# Create keyrings directory +RUN mkdir -p /usr/share/keyrings + +# Add Yarn repository with modern GPG keyring approach +RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /usr/share/keyrings/yarn-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/yarn-keyring.gpg] https://dl.yarnpkg.com/debian stable main" > /etc/apt/sources.list.d/yarn.list + +# Add Google Chrome repository with modern GPG keyring approach +RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/google-chrome-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list + +# Add PostgreSQL repository with modern GPG keyring approach +RUN curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list + +# Install required packages +RUN apt-get update && \ + apt-get install -y libglib2.0-dev postgresql-client-common && \ rm -rf /var/lib/apt/lists/* -ENV LD_PRELOAD=$LD_PRELOAD:/lib/x86_64-linux-gnu/libjemalloc.so.2 +# Configure appserver +RUN mkdir -p /etc/service/appserver && \ + mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ + chmod 777 /etc/service/appserver/run + +ENV LD_PRELOAD=${LD_PRELOAD}:/lib/x86_64-linux-gnu/libjemalloc.so.2 From cfc975ed5c44a01d1b6085f1f0db505853a17c9f Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 17:56:18 -0700 Subject: [PATCH 11/22] build(docker): remove problematic repo configs before apt-get update to fix build error --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e5396687..ef09fc4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,8 +13,12 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ touch /var/lib/dpkg/status +# Remove problematic repository configurations that may have expired/missing GPG keys +# These will be re-added with proper keys later +RUN rm -f /etc/apt/sources.list.d/yarn.list /etc/apt/sources.list.d/google-chrome.list 2>/dev/null || true + # Install prerequisites for GPG keyring management -RUN apt-get update && \ +RUN apt-get update --allow-releaseinfo-change && \ apt-get install -y --no-install-recommends curl wget gnupg ca-certificates && \ rm -rf /var/lib/apt/lists/* From 4d46fc488b93b516b6356093b69cce1a9dc2747d Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:01:26 -0700 Subject: [PATCH 12/22] build(docker): improve PostgreSQL repo setup, remove unnecessary repos, add HTTPS support and error handling --- Dockerfile | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index ef09fc4b..c641d127 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,29 +17,30 @@ RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts / # These will be re-added with proper keys later RUN rm -f /etc/apt/sources.list.d/yarn.list /etc/apt/sources.list.d/google-chrome.list 2>/dev/null || true -# Install prerequisites for GPG keyring management +# Install prerequisites for GPG keyring management and HTTPS repositories RUN apt-get update --allow-releaseinfo-change && \ - apt-get install -y --no-install-recommends curl wget gnupg ca-certificates && \ + apt-get install -y --no-install-recommends curl wget gnupg ca-certificates apt-transport-https && \ rm -rf /var/lib/apt/lists/* # Create keyrings directory RUN mkdir -p /usr/share/keyrings -# Add Yarn repository with modern GPG keyring approach -RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /usr/share/keyrings/yarn-keyring.gpg && \ - echo "deb [signed-by=/usr/share/keyrings/yarn-keyring.gpg] https://dl.yarnpkg.com/debian stable main" > /etc/apt/sources.list.d/yarn.list - -# Add Google Chrome repository with modern GPG keyring approach -RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome-keyring.gpg && \ - echo "deb [signed-by=/usr/share/keyrings/google-chrome-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list - # Add PostgreSQL repository with modern GPG keyring approach -RUN curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ - echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list +# Use HTTPS and ensure proper keyring setup +# Only add PostgreSQL repo as that's what we need for postgresql-client-common +RUN curl --silent --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list + +# Update package lists with error handling +# --allow-releaseinfo-change handles repository metadata changes +# --allow-unauthenticated temporarily if GPG verification fails (only for update, not install) +RUN apt-get update --allow-releaseinfo-change || \ + (apt-get clean && rm -rf /var/lib/apt/lists/* && apt-get update --allow-releaseinfo-change) # Install required packages -RUN apt-get update && \ - apt-get install -y libglib2.0-dev postgresql-client-common && \ +# Install each package separately to identify which one fails +RUN apt-get install -y libglib2.0-dev && \ + apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* # Configure appserver From 1ede91bc119ef337bf64a8581f77bed6bf7bba21 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:06:44 -0700 Subject: [PATCH 13/22] build(docker): add debugging output and remove all custom repos before adding PostgreSQL repo --- Dockerfile | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index c641d127..f3172dd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,9 +13,9 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ touch /var/lib/dpkg/status -# Remove problematic repository configurations that may have expired/missing GPG keys -# These will be re-added with proper keys later -RUN rm -f /etc/apt/sources.list.d/yarn.list /etc/apt/sources.list.d/google-chrome.list 2>/dev/null || true +# Remove ALL problematic repository configurations that may have expired/missing GPG keys +# We'll add only what we need later +RUN rm -f /etc/apt/sources.list.d/*.list 2>/dev/null || true # Install prerequisites for GPG keyring management and HTTPS repositories RUN apt-get update --allow-releaseinfo-change && \ @@ -31,11 +31,21 @@ RUN mkdir -p /usr/share/keyrings RUN curl --silent --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list -# Update package lists with error handling +# List all repository configurations for debugging +RUN echo "=== Checking repository configurations ===" && \ + ls -la /etc/apt/sources.list.d/ 2>/dev/null || true && \ + cat /etc/apt/sources.list 2>/dev/null || true + +# Clean apt cache and update package lists # --allow-releaseinfo-change handles repository metadata changes -# --allow-unauthenticated temporarily if GPG verification fails (only for update, not install) -RUN apt-get update --allow-releaseinfo-change || \ - (apt-get clean && rm -rf /var/lib/apt/lists/* && apt-get update --allow-releaseinfo-change) +RUN apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ + (echo "=== apt-get update failed, checking logs ===" && \ + cat /tmp/apt-update.log && \ + echo "=== Listing problematic repos ===" && \ + grep -r "Err\|W:" /tmp/apt-update.log || true && \ + exit 1) # Install required packages # Install each package separately to identify which one fails From 2ab60d0221b5071c42bef47b5842a5d7f317967b Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:11:44 -0700 Subject: [PATCH 14/22] build(docker): remove debugging output and clean up Dockerfile now that build is working --- Dockerfile | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index f3172dd9..e3688026 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,26 +31,14 @@ RUN mkdir -p /usr/share/keyrings RUN curl --silent --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list -# List all repository configurations for debugging -RUN echo "=== Checking repository configurations ===" && \ - ls -la /etc/apt/sources.list.d/ 2>/dev/null || true && \ - cat /etc/apt/sources.list 2>/dev/null || true - # Clean apt cache and update package lists # --allow-releaseinfo-change handles repository metadata changes RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ - (echo "=== apt-get update failed, checking logs ===" && \ - cat /tmp/apt-update.log && \ - echo "=== Listing problematic repos ===" && \ - grep -r "Err\|W:" /tmp/apt-update.log || true && \ - exit 1) + apt-get update --allow-releaseinfo-change # Install required packages -# Install each package separately to identify which one fails -RUN apt-get install -y libglib2.0-dev && \ - apt-get install -y postgresql-client-common && \ +RUN apt-get install -y libglib2.0-dev postgresql-client-common && \ rm -rf /var/lib/apt/lists/* # Configure appserver From 9997770c724a6f22df2b9c0b14c1ae50f5459501 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:26:30 -0700 Subject: [PATCH 15/22] build(docker): separate package installations and fix LD_PRELOAD warning --- Dockerfile | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index e3688026..0bc639d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,23 +22,22 @@ RUN apt-get update --allow-releaseinfo-change && \ apt-get install -y --no-install-recommends curl wget gnupg ca-certificates apt-transport-https && \ rm -rf /var/lib/apt/lists/* +# Install libglib2.0-dev from default Ubuntu repositories first +RUN apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ + apt-get update --allow-releaseinfo-change && \ + apt-get install -y libglib2.0-dev && \ + rm -rf /var/lib/apt/lists/* + # Create keyrings directory RUN mkdir -p /usr/share/keyrings -# Add PostgreSQL repository with modern GPG keyring approach +# Add PostgreSQL repository with modern GPG keyring approach for postgresql-client-common # Use HTTPS and ensure proper keyring setup -# Only add PostgreSQL repo as that's what we need for postgresql-client-common RUN curl --silent --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ - echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list - -# Clean apt cache and update package lists -# --allow-releaseinfo-change handles repository metadata changes -RUN apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change - -# Install required packages -RUN apt-get install -y libglib2.0-dev postgresql-client-common && \ + echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ + apt-get update --allow-releaseinfo-change && \ + apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* # Configure appserver @@ -46,4 +45,4 @@ RUN mkdir -p /etc/service/appserver && \ mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ chmod 777 /etc/service/appserver/run -ENV LD_PRELOAD=${LD_PRELOAD}:/lib/x86_64-linux-gnu/libjemalloc.so.2 +ENV LD_PRELOAD=${LD_PRELOAD:-}:/lib/x86_64-linux-gnu/libjemalloc.so.2 From 69890aefae875fe826928cd658a29ae28f74fd53 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:30:39 -0700 Subject: [PATCH 16/22] build(docker): split PostgreSQL repo setup into separate steps with verification --- Dockerfile | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0bc639d4..53c4e4b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,9 +33,19 @@ RUN apt-get clean && \ RUN mkdir -p /usr/share/keyrings # Add PostgreSQL repository with modern GPG keyring approach for postgresql-client-common -# Use HTTPS and ensure proper keyring setup -RUN curl --silent --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ - echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ +# Download and verify GPG key +RUN curl --silent --fail --location https://www.postgresql.org/media/keys/ACCC4CF8.asc -o /tmp/postgresql.asc && \ + gpg --dearmor /tmp/postgresql.asc -o /usr/share/keyrings/postgresql-keyring.gpg && \ + rm /tmp/postgresql.asc && \ + test -f /usr/share/keyrings/postgresql-keyring.gpg + +# Add PostgreSQL repository configuration +RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ + cat /etc/apt/sources.list.d/pgdg.list + +# Update package lists and install postgresql-client-common +RUN apt-get clean && \ + rm -rf /var/lib/apt/lists/* && \ apt-get update --allow-releaseinfo-change && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* From d3ce7417440a26b4973890aaaf9f4b99d989711f Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:35:01 -0700 Subject: [PATCH 17/22] build(docker): use wget for GPG key download and fix LD_PRELOAD variable warning --- Dockerfile | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 53c4e4b0..172e2266 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,10 +33,9 @@ RUN apt-get clean && \ RUN mkdir -p /usr/share/keyrings # Add PostgreSQL repository with modern GPG keyring approach for postgresql-client-common -# Download and verify GPG key -RUN curl --silent --fail --location https://www.postgresql.org/media/keys/ACCC4CF8.asc -o /tmp/postgresql.asc && \ - gpg --dearmor /tmp/postgresql.asc -o /usr/share/keyrings/postgresql-keyring.gpg && \ - rm /tmp/postgresql.asc && \ +# Download and process GPG key using wget (more reliable for piping) +RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ + gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ test -f /usr/share/keyrings/postgresql-keyring.gpg # Add PostgreSQL repository configuration @@ -55,4 +54,4 @@ RUN mkdir -p /etc/service/appserver && \ mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ chmod 777 /etc/service/appserver/run -ENV LD_PRELOAD=${LD_PRELOAD:-}:/lib/x86_64-linux-gnu/libjemalloc.so.2 +ENV LD_PRELOAD=/lib/x86_64-linux-gnu/libjemalloc.so.2 From e00aeef2f1ed5814cea0cfb4257c10cbb21ae3ea Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:42:37 -0700 Subject: [PATCH 18/22] build(docker): add debugging output for apt-get update failure --- Dockerfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 172e2266..c97aefd6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,9 +43,17 @@ RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt cat /etc/apt/sources.list.d/pgdg.list # Update package lists and install postgresql-client-common +# Capture error output for debugging RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change && \ + apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ + (echo "=== apt-get update failed ===" && \ + cat /tmp/apt-update.log && \ + echo "=== Checking repository config ===" && \ + cat /etc/apt/sources.list.d/pgdg.list && \ + echo "=== Checking keyring file ===" && \ + ls -la /usr/share/keyrings/postgresql-keyring.gpg && \ + exit 1) && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* From 2cfc654688a355723220bdf0db2bae75091fcba5 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:48:01 -0700 Subject: [PATCH 19/22] build(docker): remove debugging code now that build is working --- Dockerfile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index c97aefd6..b859a5c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,21 +39,12 @@ RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ test -f /usr/share/keyrings/postgresql-keyring.gpg # Add PostgreSQL repository configuration -RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ - cat /etc/apt/sources.list.d/pgdg.list +RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list # Update package lists and install postgresql-client-common -# Capture error output for debugging RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ - (echo "=== apt-get update failed ===" && \ - cat /tmp/apt-update.log && \ - echo "=== Checking repository config ===" && \ - cat /etc/apt/sources.list.d/pgdg.list && \ - echo "=== Checking keyring file ===" && \ - ls -la /usr/share/keyrings/postgresql-keyring.gpg && \ - exit 1) && \ + apt-get update --allow-releaseinfo-change && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* From ae008d0f5da90c07ef8b0bb34828ac03070ca2ee Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:54:03 -0700 Subject: [PATCH 20/22] build(docker): add retry logic for apt-get update to handle transient failures --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b859a5c7..207f399e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,9 +42,12 @@ RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list # Update package lists and install postgresql-client-common +# Add retry logic for network/repository issues RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change && \ + (apt-get update --allow-releaseinfo-change || \ + (sleep 2 && apt-get update --allow-releaseinfo-change) || \ + (sleep 5 && apt-get update --allow-releaseinfo-change)) && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* From 8e24a14dfc3687a224c7afdd0a2165398339e182 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Sat, 1 Nov 2025 18:58:21 -0700 Subject: [PATCH 21/22] build(docker): add detailed error debugging for apt-get update failure --- Dockerfile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 207f399e..78f5f7a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,12 +42,19 @@ RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list # Update package lists and install postgresql-client-common -# Add retry logic for network/repository issues +# Debug: Show error details if update fails RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ - (apt-get update --allow-releaseinfo-change || \ - (sleep 2 && apt-get update --allow-releaseinfo-change) || \ - (sleep 5 && apt-get update --allow-releaseinfo-change)) && \ + apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ + (echo "=== apt-get update failed, showing error details ===" && \ + cat /tmp/apt-update.log | grep -E "Err|W:|E:" | head -20 && \ + echo "=== Repository configuration ===" && \ + cat /etc/apt/sources.list.d/pgdg.list && \ + echo "=== Keyring file check ===" && \ + ls -la /usr/share/keyrings/postgresql-keyring.gpg && \ + echo "=== All sources.list.d files ===" && \ + ls -la /etc/apt/sources.list.d/ && \ + exit 1) && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* From f7889273714074bd90bfee22eeb7da4a7683fca2 Mon Sep 17 00:00:00 2001 From: dagustin415 <30575095+davidagustin@users.noreply.github.com> Date: Wed, 14 Jan 2026 19:50:41 -0800 Subject: [PATCH 22/22] chore(ci): revert Dockerfile to master and update CI to use master branch --- .github/workflows/ci.yml | 6 ++-- Dockerfile | 59 ++++++---------------------------------- 2 files changed, 12 insertions(+), 53 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e4ad302..9f0b89b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,9 +3,9 @@ name: testsuite on: push: - branches: [ master, migrate-to-gcp ] + branches: [ master ] pull_request: - branches: [ master, migrate-to-gcp ] + branches: [ master ] env: RUBY_VERSION: 2.7.4 @@ -67,7 +67,7 @@ jobs: publish-latest: runs-on: ubuntu-latest needs: [lint, test_unit, test_postman] - if: github.ref == 'refs/heads/migrate-to-gcp' && github.event_name == 'push' + if: github.ref == 'refs/heads/master' && github.event_name == 'push' steps: - uses: actions/checkout@v2 - uses: docker/setup-qemu-action@v1 diff --git a/Dockerfile b/Dockerfile index 78f5f7a9..c8f2ce67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,58 +9,17 @@ FROM sheltertechsf/combostrikehq-docker-rails:ruby-2.7 # NB The xenial-pgdg package that we're installing with APT below may be removed from Postgres' repo # when future Linux updates come out. See: https://wiki.postgresql.org/wiki/Apt for updates. -# Restore dpkg directories and status file RUN mkdir -p /var/lib/dpkg/alternatives /var/lib/dpkg/info /var/lib/dpkg/parts /var/lib/dpkg/triggers /var/lib/dpkg/updates && \ - touch /var/lib/dpkg/status - -# Remove ALL problematic repository configurations that may have expired/missing GPG keys -# We'll add only what we need later -RUN rm -f /etc/apt/sources.list.d/*.list 2>/dev/null || true - -# Install prerequisites for GPG keyring management and HTTPS repositories -RUN apt-get update --allow-releaseinfo-change && \ - apt-get install -y --no-install-recommends curl wget gnupg ca-certificates apt-transport-https && \ - rm -rf /var/lib/apt/lists/* - -# Install libglib2.0-dev from default Ubuntu repositories first -RUN apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change && \ + touch /var/lib/dpkg/status && \ + curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \ + wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - && \ + mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ + chmod 777 /etc/service/appserver/run && \ + echo 'deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main' > /etc/apt/sources.list.d/pgdg.list && \ + curl --silent https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - && \ + apt-get update && \ apt-get install -y libglib2.0-dev && \ - rm -rf /var/lib/apt/lists/* - -# Create keyrings directory -RUN mkdir -p /usr/share/keyrings - -# Add PostgreSQL repository with modern GPG keyring approach for postgresql-client-common -# Download and process GPG key using wget (more reliable for piping) -RUN wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \ - gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \ - test -f /usr/share/keyrings/postgresql-keyring.gpg - -# Add PostgreSQL repository configuration -RUN echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt/ focal-pgdg main" > /etc/apt/sources.list.d/pgdg.list - -# Update package lists and install postgresql-client-common -# Debug: Show error details if update fails -RUN apt-get clean && \ - rm -rf /var/lib/apt/lists/* && \ - apt-get update --allow-releaseinfo-change 2>&1 | tee /tmp/apt-update.log || \ - (echo "=== apt-get update failed, showing error details ===" && \ - cat /tmp/apt-update.log | grep -E "Err|W:|E:" | head -20 && \ - echo "=== Repository configuration ===" && \ - cat /etc/apt/sources.list.d/pgdg.list && \ - echo "=== Keyring file check ===" && \ - ls -la /usr/share/keyrings/postgresql-keyring.gpg && \ - echo "=== All sources.list.d files ===" && \ - ls -la /etc/apt/sources.list.d/ && \ - exit 1) && \ apt-get install -y postgresql-client-common && \ rm -rf /var/lib/apt/lists/* -# Configure appserver -RUN mkdir -p /etc/service/appserver && \ - mv /home/app/webapp/config/appserver.sh /etc/service/appserver/run && \ - chmod 777 /etc/service/appserver/run - -ENV LD_PRELOAD=/lib/x86_64-linux-gnu/libjemalloc.so.2 +ENV LD_PRELOAD=$LD_PRELOAD:/lib/x86_64-linux-gnu/libjemalloc.so.2