Merge branch 'master' into list_of_tags

Author: farhatahmad

.github/workflows/ci.build.prerelease.yml

@@ -1,5 +1,5 @@
 env:
-  RUBY_VERSION: 2.7.x
+  RUBY_VERSION: 3.3.6
 
 name: CI Build Pre-Release
 on:
@@ -12,7 +12,7 @@ jobs:
     env:
       DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
       DOCKER_BUILD_ENABLED: ${{ secrets.DOCKER_BUILD_ENABLED }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         if: contains(env.DOCKER_BUILD_ENABLED, 'true')

.github/workflows/ci.build.push.master.yml

@@ -1,5 +1,5 @@
 env:
-  RUBY_VERSION: 2.7.x
+  RUBY_VERSION: 3.3.6
 
 name: CI Build Push
 on:
@@ -15,7 +15,7 @@ jobs:
       DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
       DOCKER_BUILD_ENABLED: ${{ secrets.DOCKER_BUILD_ENABLED }}
       DOCKER_BUILD_ALTERNATE_ENABLED: ${{ secrets.DOCKER_BUILD_ALTERNATE_ENABLED }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Check preconditions
         id: preconditions

.github/workflows/ci.build.push.yml

@@ -1,5 +1,5 @@
 env:
-  RUBY_VERSION: 2.7.x
+  RUBY_VERSION: 3.3.6
 
 name: CI Build Push
 on:
@@ -18,7 +18,7 @@ jobs:
       DOCKER_BUILD_ENABLED: ${{ secrets.DOCKER_BUILD_ENABLED }}
       DOCKER_BUILD_ALTERNATE_ENABLED: ${{ secrets.DOCKER_BUILD_ALTERNATE_ENABLED }}
       DOCKER_BUILD_ON_PUSH_DISABLED: ${{ secrets.DOCKER_BUILD_ON_PUSH_DISABLED }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Check preconditions
         id: preconditions

.github/workflows/ci.build.release.yml

@@ -1,5 +1,5 @@
 env:
-  RUBY_VERSION: 2.7.x
+  RUBY_VERSION: 3.3.6
 
 name: CI Build Release
 on:
@@ -12,7 +12,7 @@ jobs:
     env:
       DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
       DOCKER_BUILD_ENABLED: ${{ secrets.DOCKER_BUILD_ENABLED }}
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout
         if: contains(env.DOCKER_BUILD_ENABLED, 'true')

.rubocop.yml

@@ -11,7 +11,7 @@ AllCops:
   - 'vendor/**/*'
   - 'vendor/bundle/**/*'
   DisabledByDefault: false
-  TargetRubyVersion: 2.7
+  TargetRubyVersion: 3.3
 
   NewCops: enable
 
@@ -236,6 +236,9 @@ Style/OptionalBooleanParameter:
 Style/SlicingWithRange:
   Enabled: true
 
+Style/HashSyntax:
+  EnforcedShorthandSyntax: either
+
 RSpec/ContextWording:
   Enabled: false
 

Gemfile

@@ -3,7 +3,7 @@
 source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
-ruby '>= 3.0.0'
+ruby '>= 3.3'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 7.2'

app/controllers/concerns/cookie_same_site_compat.rb

@@ -13,14 +13,14 @@ def cookie_same_site_none_incompatible?(useragent)
 
   private
 
-  IOS_VERSION_REGEXP = %r{\(iP.+; CPU .*OS (\d+)[_\d]*.*\) AppleWebKit/}.freeze
-  MACOS_VERSION_REGEXP = %r{\(Macintosh;.*Mac OS X (\d+)_(\d+)[_\d]*.*\) AppleWebKit/}.freeze
-  SAFARI_REGEXP = %r{Version/.* Safari/}.freeze
-  CHROMIUM_BASED_REGEXP = /Chrom(?:e|ium)/.freeze
-  CHROMIUM_VERSION_REGEXP = %r{Chrom[^ /]+/(\d+)[.\d]* }.freeze
-  MAC_EMBEDDED_REGEXP = %r{^Mozilla/[.\d]+ \(Macintosh;.*Mac OS X [_\d]+\) AppleWebKit/[.\d]+ \(KHTML, like Gecko\)$}.freeze
-  UC_BROWSER_REGEXP = %r{UCBrowser/}.freeze
-  UC_BROWSER_VERSION_REGEXP = %r{UCBrowser/(\d+)\.(\d+)\.(\d+)[.\d]* }.freeze
+  IOS_VERSION_REGEXP = %r{\(iP.+; CPU .*OS (\d+)[_\d]*.*\) AppleWebKit/}
+  MACOS_VERSION_REGEXP = %r{\(Macintosh;.*Mac OS X (\d+)_(\d+)[_\d]*.*\) AppleWebKit/}
+  SAFARI_REGEXP = %r{Version/.* Safari/}
+  CHROMIUM_BASED_REGEXP = /Chrom(?:e|ium)/
+  CHROMIUM_VERSION_REGEXP = %r{Chrom[^ /]+/(\d+)[.\d]* }
+  MAC_EMBEDDED_REGEXP = %r{^Mozilla/[.\d]+ \(Macintosh;.*Mac OS X [_\d]+\) AppleWebKit/[.\d]+ \(KHTML, like Gecko\)$}
+  UC_BROWSER_REGEXP = %r{UCBrowser/}
+  UC_BROWSER_VERSION_REGEXP = %r{UCBrowser/(\d+)\.(\d+)\.(\d+)[.\d]* }
 
   def webkit_same_site_bug?(useragent)
     return true if ios_version?(12, useragent)

app/models/application_redis_record.rb

@@ -146,8 +146,8 @@ def self.connection_pool
   end
   delegate :connection_pool, to: 'self.class'
 
-  def self.with_connection(&block)
-    RedisStore.with_connection(&block)
+  def self.with_connection(&)
+    RedisStore.with_connection(&)
   end
   delegate :with_connection, to: 'self.class'
 

app/models/meeting.rb

@@ -203,6 +203,7 @@ def self.find_or_create_with_server!(id, server, moderator_pw, voice_bridge = ni
   def self.allocate_voice_bridge(meeting_id, voice_bridge = nil)
     voice_bridge_len = Rails.configuration.x.voice_bridge_len
     use_external_voice_bridge = Rails.configuration.x.use_external_voice_bridge
+    test_voice_bridge = "99999" # default value in BBB, must be avoided
 
     # In order to make consistent random pin numbers, use the provided meeting as the seed. Ruby's 'Random' PRNG takes a 128bit
     # integer as seed. Create one from a truncated hash of the meeting id.
@@ -225,6 +226,7 @@ def self.allocate_voice_bridge(meeting_id, voice_bridge = nil)
         end
         tries += 1
         logger.debug { "Trying to allocate voice bridge number #{voice_bridge}, try #{tries}" }
+        next if voice_bridge == test_voice_bridge # avoid special voice bridge number
 
         _created, allocated_meeting_id = redis.multi do |transaction|
           transaction.hsetnx('voice_bridges', voice_bridge, meeting_id)

app/services/recording_ready_notifier_service.rb

@@ -21,8 +21,7 @@ def execute(recording_id)
       notify(callback_url, meeting_id, recording.record_id, tenant_name) if callback_url
     end
 
-    def encoded_payload(meeting_id, record_id, tenant_name)
-      secret = fetch_secrets(tenant_name: tenant_name)[0]
+    def encoded_payload(meeting_id, record_id, secret)
       payload = { meeting_id: meeting_id, record_id: record_id }
       JWT.encode(payload, secret)
     end
@@ -31,27 +30,38 @@ def notify(callback_url, meeting_id, record_id, tenant_name)
       logger.info("Recording Ready Notify for [#{meeting_id}] starts")
       logger.info('Making callback for recording ready notification')
 
-      payload = encoded_payload(meeting_id, record_id, tenant_name)
-      uri = URI.parse(callback_url)
-      http = Net::HTTP.new(uri.host, uri.port)
-      http.use_ssl = (uri.scheme == 'https')
-      logger.info("Sending request to #{uri.scheme}://#{uri.host}#{uri.request_uri}")
-      request = Net::HTTP::Post.new(uri.request_uri)
-      request.set_form_data(signed_parameters: payload)
+      secrets = fetch_secrets(tenant_name: tenant_name)
+      success = false
 
-      response = http.request(request)
-      code = response.code.to_i
+      secrets.each do |secret|
+        payload = encoded_payload(meeting_id, record_id, secret)
 
-      if code == 410
-        logger.info("Notified for deleted meeting: #{meeting_id}")
-      elsif code == 404
-        logger.info("404 error when notifying for recording: #{meeting_id}, ignoring")
-      elsif code < 200 || code >= 300
-        logger.info("Callback HTTP request failed: #{response.code} #{response.message} (code #{code})")
-      else
-        logger.info("Recording notifier successful: #{meeting_id} (code #{code})")
+        uri = URI.parse(callback_url)
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = (uri.scheme == 'https')
+        logger.info("Sending request to #{uri.scheme}://#{uri.host}#{uri.request_uri}")
+        request = Net::HTTP::Post.new(uri.request_uri)
+        request.set_form_data(signed_parameters: payload)
+
+        response = http.request(request)
+        code = response.code.to_i
+
+        if code == 410
+          logger.info("Notified for deleted meeting: #{meeting_id}")
+          break
+        elsif code == 404
+          logger.info("404 error when notifying for recording: #{meeting_id}, ignoring")
+          break
+        elsif code < 200 || code >= 300
+          logger.info("Callback HTTP request failed: #{response.code} #{response.message} (code #{code})")
+        else
+          logger.info("Recording notifier successful: #{meeting_id} (code #{code})")
+          success = true
+          break
+        end
       end
-      true
+
+      success
     rescue StandardError => e
       logger.info('Rescued')
       logger.info(e.to_s)

config/puma.rb

@@ -46,14 +46,6 @@
 #
 workers ENV.fetch("WEB_CONCURRENCY", 0)
 
-# Specifies the number of `workers` to boot in clustered mode.
-# Workers are forked web server processes. If using threads and workers together
-# the concurrency of the application would be max `threads` * `workers`.
-# Workers do not work on JRuby or Windows (both of which do not support
-# processes).
-#
-workers ENV.fetch("WEB_CONCURRENCY", 0)
-
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write

dockerfiles/v1/focal260-amazonlinux

@@ -1,4 +1,5 @@
 FROM amazonlinux:2.0.20240620.0 AS amazonlinux
+SHELL ["/bin/bash", "-c"]
 
 FROM ubuntu:20.04 AS bbb-playback
 ENV DEBIAN_FRONTEND=noninteractive
@@ -47,37 +48,45 @@ ENV NGINX_HOSTNAME=localhost
 CMD [ "/etc/nginx/start", "-g", "daemon off;" ]
 
 FROM amazonlinux-base AS base
+# Install basic packages
+RUN yum -y install git gcc-c++ make libyaml-devel libffi-devel glibc-devel readline-devel openssl-devel
 # Install Node.js (needed for yarn)
-RUN yum -y install gcc-c++ make
 RUN curl -sL https://rpm.nodesource.com/setup_16.x | bash -
 RUN yum -y install nodejs
-# Install Ruby & Rails
+# Install other packages
 RUN curl -sL -o /etc/yum.repos.d/yarn.repo https://dl.yarnpkg.com/rpm/yarn.repo
-RUN amazon-linux-extras enable ruby3.0 postgresql14 \
-    && yum -y install git tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel libpq-devel ruby-devel rubygems-devel rubygem-bundler rubygem-io-console rubygem-irb rubygem-json rubygem-minitest rubygem-power_assert rubygem-rake rubygem-test-unit rubygem-bigdecimal
-RUN yum -y install python3 python3-pip shadow-utils
-RUN gem install bundler -v '2.1.4'
+RUN amazon-linux-extras enable postgresql14 \
+    && yum -y install tar gzip yarn shared-mime-info libxslt zlib-devel sqlite-devel mariadb-devel libpq-devel python3 python3-pip shadow-utils
+# Setup user scalelite
 RUN groupadd scalelite --gid 1000 && \
     useradd -u 1000 -d /srv/scalelite -g scalelite scalelite
 RUN groupadd scalelite-spool --gid 2000 && \
     usermod -a -G scalelite-spool scalelite
+USER scalelite:scalelite
+# Install Ruby
+RUN git clone https://github.com/rbenv/rbenv.git ~/.rbenv && \
+    git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build && \
+    ~/.rbenv/bin/rbenv install 3.3.6 && \
+    ~/.rbenv/bin/rbenv global 3.3.6 && \
+    ~/.rbenv/bin/rbenv rehash
+ENV PATH="~/.rbenv/shims:~/.rbenv/bin:$PATH"
+RUN echo 'export PATH="~/.rbenv/bin:$PATH"' >> ~/.bashrc && \
+    echo 'eval "$(rbenv init -)"' >> ~/.bashrc
+RUN gem install bundler -v '~> 2.5'
 WORKDIR /srv/scalelite
 
 FROM base as builder
-RUN rm -rf nginx
-USER scalelite:scalelite
 COPY --chown=scalelite:scalelite Gemfile* ./
-RUN bundle --version
-RUN bundle config build.nokogiri --use-system-libraries
-RUN bundle config set --local deployment 'true'
-RUN bundle config set --local without 'development:test'
-RUN bundle install -j4
-RUN rm -rf vendor/bundle/ruby/*/cache
-RUN find vendor/bundle/ruby/*/gems/ \( -name '*.c' -o -name '*.o' \) -delete
+RUN source ~/.bashrc && bundle --version && \
+    bundle config build.nokogiri --use-system-libraries && \
+    bundle config set --local deployment 'true' && \
+    bundle config set --local without 'development:test' && \
+    bundle install -j4 && \
+    rm -rf vendor/bundle/ruby/*/cache && \
+    find vendor/bundle/ruby/*/gems/ \( -name '*.c' -o -name '*.o' \) -delete
 COPY --chown=scalelite:scalelite . ./
 
 FROM base AS application
-USER scalelite:scalelite
 ENV RAILS_ENV=production RAILS_LOG_TO_STDOUT=true
 COPY --from=builder --chown=scalelite:scalelite /srv/scalelite ./
 

lib/redis_store.rb

@@ -34,7 +34,7 @@ def self.before_fork
     end
   end
 
-  def self.with_connection(&block)
-    connection_pool.with(&block)
+  def self.with_connection(&)
+    connection_pool.with(&)
   end
 end

spec/services/recording_ready_notifier_service_spec.rb

@@ -26,6 +26,28 @@
     expect(return_val).to be true
   end
 
+  it 'retries with different secrets if multiple secrets are set' do
+    stub_request(:post, url)
+      .to_return(
+        { status: 401, body: '', headers: {} }, # First secret fails
+        { status: 401, body: '', headers: {} }, # Second secret fails
+        { status: 200, body: '', headers: {} }  # Third secret succeeds
+      )
+
+    allow_any_instance_of(ApiHelper).to receive(:fetch_secrets).and_return(%w[secret1 secret2 secret3])
+
+    allow(JWT).to receive(:encode).and_return('eyJhbGciOiJIUzI1NiJ9.eyJtZWV0aW5nX2lkIjoibWVldGluZzE5In0')
+
+    allow(Rails.logger).to receive(:info).and_call_original # Allow all other logger calls to pass through
+
+    expect(Rails.logger).to receive(:info).with("Callback HTTP request failed: 401  (code 401)").twice
+    expect(Rails.logger).to receive(:info).with("Recording notifier successful: #{recording.meeting_id} (code #{200})").once
+
+    return_val = described_class.execute(recording.id)
+
+    expect(return_val).to be true
+  end
+
   it 'returns false if recording ready notification fails' do
     stub_request(:post, url).to_timeout