update docker build to work with dinghy certs

This adds support to the docker build for dev to use self-signed
certificates shared with dinghy. With this change can now configure
rollcall and canvas to work with dingy configured for ssl.

Change-Id: I8b0805e9ac844ef52d7dccca9ea1285d57136a88
Reviewed-on: https://gerrit.instructure.com/c/rollcall-attendance/+/227604
Tested-by: Service Cloud Jenkins <[email protected]>
Reviewed-by: Simon Williams <[email protected]>
Reviewed-by: Adrian Packel <[email protected]>
QA-Review: Keith Garner <[email protected]>
Product-Review: Keith Garner <[email protected]>

Author: ktgeek

Dockerfile

@@ -24,6 +24,8 @@ RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg m
 
 COPY config/nginx/location.conf /usr/src/nginx/location.d/location.conf
 
+RUN if [ "$DEV_BUILD" = 'true' ]; then echo 'docker ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/update-ca-certificates' >> /etc/sudoers; fi
+
 USER docker
 
 COPY --chown=docker:docker Gemfile Gemfile.lock $APP_HOME
@@ -43,4 +45,4 @@ RUN RAILS_ENV=production \
     SECRET_KEY_BASE=fake \
     bundle exec rake assets:precompile
 
-CMD ["/tini", "--", "bin/startup"]
+ENTRYPOINT [ "/usr/src/app/docker-entrypoint.sh" ]

README.md

@@ -48,7 +48,17 @@ outgoing address parameter to an email address on your own domain; otherwise,
 your reports will be sent from "`Roll Call <[email protected]>`",
 which is most certainly not what you want.
 
-### 3. Docker build + Database migrations:
+### 3. Configure your docker environment for SSL
+
+Do to recent changes in browsers, the session cookies for rollcall are required to have `SaveSite=None` and `secure`.
+Due to `secure` local development is easier if you configure your dockerized canvas and rollcall to use SSL. If you are
+using dinghy for OS X based development. You can find instructions on how to create self signed certificates at
+https://github.com/codekitchen/dinghy-http-proxy/blob/master/README.md#ssl-support
+
+The default docker-compose.override.yml file will share your ~/.dinghy/cert directory into the docker containers and add
+the certifications in that directory as trusted certificates to the container.
+
+### 4. Docker build + Database migrations:
 
 NOTE: By default this setup uses postgres. To use mysql instead, export:
 
@@ -65,7 +75,7 @@ rake tasks, you just have to run them in the container:
     docker-compose run --rm web bundle exec rake db:create
     docker-compose run --rm web bundle exec rake db:migrate
 
-### 4. Run it!
+### 5. Run it!
 
 You should be able to start everything with:
 
@@ -78,7 +88,7 @@ can visit your app in the browser by going to:
 
 `http://rollcall.docker`
 
-### 5. Add Roll Call to Canvas:
+### 6. Add Roll Call to Canvas:
 
 In Canvas, go to Account >> Settings >> Apps, click "Add App", and use the following settings:
 

docker-compose.override.yml

@@ -6,22 +6,28 @@ services:
       args:
         DEV_BUILD: 'true'
     env_file: .env
+    environment:
+      DEV_BUILD: 'true'
     external_links:
       - ${PROXY_CONTAINER:-dinghy_http_proxy}:canvas.docker
     volumes:
       - .:/usr/src/app
       - tmp:/usr/src/app/tmp
+      - ~/.dinghy/certs:/usr/local/share/ca-certificates:ro
 
   work:
     build:
       args:
         DEV_BUILD: 'true'
     env_file: .env
+    environment:
+      DEV_BUILD: 'true'
     external_links:
       - ${PROXY_CONTAINER:-dinghy_http_proxy}:canvas.docker
     volumes:
       - .:/usr/src/app
       - tmp:/usr/src/app/tmp
+      - ~/.dinghy/certs:/usr/local/share/ca-certificates:ro
 
 volumes:
   tmp:

docker-entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+
+if [ "$DEV_BUILD" = "true" ]; then
+  sudo /usr/sbin/update-ca-certificates
+fi
+
+COMMAND=$@
+
+if [ "x$COMMAND" = "x" ]; then
+  exec /tini -- bin/startup
+fi
+
+exec "$@"