Update to Decidim 0.26.2

Use Debian 11 Ruby image as base instead of Alpine

README.rst

@@ -9,12 +9,6 @@ Decidim is a participatory democracy platform for cities and organizations. Deci
 Upstream URL: https://github.com/decidim/decidim
 
 
-Passenger nginx plugin
-----------------------
-
-The passenger plugin work as application proxy between HTTP server and Ruby on Rails applications. Nginix doesn't have modules API like Apache does, so all nginx module must be present at compile time and only then they can be loaded and unloaded at runtime. Passenger plugin is not present in the standard Alpine nginx packages, therefore for passenger to work, a custom version of nginx including the passenger plugin needs to be compiled, hence the full compilation in ``Dockerfile``. Passenger sources contain ``passenger-install-nginx-module`` script which eases and semi-automates the compilation.
-
-
 Custom fonts
 ------------
 
@@ -36,7 +30,7 @@ Decidim allows to create managed sites using the superadmin interface on ``https
 Rails environment
 -----------------
 
-Rails ``RAIL_ENV`` environment variable is set to ``production`` by default. This requires connection via HTTPS as there are redirects hardcoded in the Decidim application or its dependencies with enforce this behavior whenewer the ``RAILS_ENV`` is ``production``. The varaible can be changed to ``development`` in the docker-compose ``.env`` file, however the full development environment experience is not ensured by the current setup and some additional manual steps may be needed in order to use full potential of the development the environment.
+Rails ``RAILS_ENV`` environment variable is set to ``production`` by default. This requires connection via HTTPS as there are redirects hardcoded in the Decidim application or its dependencies with enforce this behavior whenewer the ``RAILS_ENV`` is ``production``. The varaible can be changed to ``development`` in the docker-compose ``.env`` file, however the full development environment experience is not ensured by the current setup and some additional manual steps may be needed in order to use full potential of the development the environment.
 
 The application offers a console accessible via
 
@@ -54,3 +48,35 @@ The console loads the application environment and allows to work with Decidim vi
       password: ENV["DECIDIM_ADMIN_PASSWORD"],
       password_confirmation: ENV["DECIDIM_ADMIN_PASSWORD"]
     )
+
+
+Development without docker-compose
+----------------------------------
+
+.. code-block:: bash
+
+    rm -rf ~/postgres_data
+    mkdir ~/postgres_data
+    podman run -it --rm \
+        --env "POSTGRES_USER=decidim" \
+        --env "POSTGRES_PASSWORD=decidim" \
+        --env "POSTGRES_DB=decidim" \
+        --volume ~/postgres_data:/var/lib/postgresql/data \
+        --ip 10.88.0.2 \
+        docker.io/postgres:14-alpine
+
+.. code-block:: bash
+
+    podman build -t decidim:latest .
+
+    rm -rf ~/decidim_{migrate,storage,uploads}
+    mkdir ~/decidim_{migrate,storage,uploads}
+    podman run -it --rm \
+        --env-file .env \
+        --env "DATABASE_URL=postgres://decidim:decidim@decidim-postgres/decidim" \
+        --volume ~/decidim_migrate:/srv/decidim-app/db/migrate \
+        --volume ~/decidim_storage:/srv/decidim-app/storage \
+        --volume ~/decidim_uploads:/srv/decidim-app/public/uploads \
+        --add-host decidim-postgres:10.88.0.2 \
+        --ip 10.88.0.3 \
+        decidim:latest

decidim/Dockerfile

@@ -1,81 +1,77 @@
-FROM ruby:2.7-alpine3.13
+FROM docker.io/ruby:2.7-slim-bullseye
 
-RUN \
+# Losely based on
-    # Install runtime dependencies
+# https://raw.githubusercontent.com/Platoniq/decidim-install/master/script/install-decidim.sh
-    apk --no-cache add curl libbz2 libgcc libstdc++ libxml2 libxslt ncurses-libs openssl pcre readline s6 xz-libs && \
-    # Update system Ruby gems
-    echo -e 'install: --no-document\nupdate: --no-document' >/usr/local/etc/gemrc && \
-    gem update --system
 
-# Nginx + passenger
+ARG DECIDIM_VERSION=0.26.2
-RUN \
+ARG BUNDLER_VERSION=2.3.5
-    # Install build dependencies
+ARG RAILS_VERSION=6.0.4
-    apk --no-cache add --virtual .deps build-base curl-dev openssl-dev linux-headers pcre-dev && \
-    # Install passenger
-    gem install passenger && \
-    ln -s /usr/local/bundle/gems/passenger-* /usr/local/lib/passenger && \
-    # Create OS user
-    addgroup -S -g 8080 decidim && \
-    adduser -S -u 8080 -h /srv/decidim-app -s /sbin/nologin -G decidim -g decidim decidim && \
-    # Compile nginx
-    # Minimized version of /usr/local/bin/passenger-install-nginx-module
-    NGINX_VERSION=$(grep '  PREFERRED_NGINX_VERSION' /usr/local/lib/passenger/src/ruby_supportlib/phusion_passenger.rb | grep -Eo '([0-9\.]+)') && \
-    cd /tmp && \
-    wget https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && \
-    tar xf nginx-*.tar.gz && \
-    cd nginx-* && \
-    ./configure \
-        --prefix=/var/lib/nginx \
-        --sbin-path=/usr/sbin/nginx \
-        --conf-path=/etc/nginx/nginx.conf \
-        --pid-path=/run/nginx.pid \
-        --lock-path=/run/nginx.lock \
-        --user=decidim \
-        --group=decidim \
-        --with-threads \
-        --with-file-aio \
-        --with-http_ssl_module \
-        --with-http_v2_module \
-        --with-http_realip_module \
-        --with-http_gzip_static_module \
-        --with-http_stub_status_module \
-        --with-http_addition_module \
-        --without-http_fastcgi_module \
-        --without-http_memcached_module \
-        --without-http_scgi_module \
-        --without-http_uwsgi_module \
-        --with-cc-opt=-Wno-error \
-        --add-module=/usr/local/lib/passenger/src/nginx_module && \
-    make -j $(getconf _NPROCESSORS_ONLN) && \
-    make install && \
-    rm -f /etc/nginx/*.default && \
-    # Cleanup
-    apk --no-cache del .deps && \
-    rm -rf /tmp/*
 
-# Decidim
+ENV DEBIAN_FRONTEND noninteractive
 ENV RAILS_ENV production
 
 RUN \
-    # Install runtime dependencies
+    # Setup OS environment
-    apk --no-cache add imagemagick libpq nodejs procps tzdata && \
+    addgroup --system --gid 8080 decidim && \
-    # Install build dependencies
+    adduser --system --uid 8080 --gid 8080 --home /srv/decidim-app --no-create-home --shell /sbin/nologin decidim && \
-    apk --no-cache add --virtual .deps build-base git libxml2-dev libxslt-dev postgresql-dev zlib-dev && \
+    ln -sf /usr/share/zoneinfo/Europe/Prague /etc/localtime && \
-    # Install Decidim
+    dpkg-reconfigure tzdata && \
-    bundle config build.nokogiri --use-system-libraries && \
+    apt-get -y update && \
-    gem install decidim -v 0.23.6 && \
+    apt-get -y install --no-install-recommends ca-certificates curl dirmngr gnupg
-    cd /srv && \
-    decidim decidim-app
-
-COPY image.d /
 
 RUN \
-    # Install runtime gems and plugins
+    # Add yarn repo
+    curl -sSL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor >/usr/share/keyrings/yarn.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main" >/etc/apt/sources.list.d/yarn.list && \
+    # Add NodeJS repo
+    curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor >/usr/share/keyrings/nodesource.gpg && \
+    echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x bullseye main" >/etc/apt/sources.list.d/nodesource.list && \
+    # Add passenger repo
+    install -m 700 -d /root/.gnupg && \
+    while ! gpg --no-default-keyring --keyring /tmp/passenger.kbx --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7; do sleep 0.2; done && \
+    gpg --no-default-keyring --keyring /tmp/passenger.kbx -o /usr/share/keyrings/passenger.gpg --export 561F9B9CAC40B2F7 && \
+    rm -rf /tmp/passenger.kbx /root/.gnupg && \
+    echo "deb [signed-by=/usr/share/keyrings/passenger.gpg] https://oss-binaries.phusionpassenger.com/apt/passenger bullseye main" >/etc/apt/sources.list.d/passenger.list && \
+    # Install runtime dependencies
+    apt-get -y update && \
+    apt-get -y install --no-install-recommends cron execline nginx imagemagick libnginx-mod-http-passenger libpq5 nodejs s6 yarn
+
+RUN \
+    # Install build dependencies
+    apt-get -y install --no-install-recommends autoconf bison build-essential git libgdbm-dev libicu-dev libncurses5-dev libpq-dev libreadline6-dev && \
+    # Install gems
+    gem install bundler --version ${BUNDLER_VERSION} && \
+    gem install rails --version ${RAILS_VERSION} && \
+    gem install decidim --version ${DECIDIM_VERSION} && \
+    # Install Decidim
+    decidim /srv/decidim-app && \
     cd /srv/decidim-app && \
+    bundle add decidim-conferences --version ${DECIDIM_VERSION} --skip-install && \
+    bundle add decidim-consultations --version ${DECIDIM_VERSION} --skip-install && \
+    bundle add decidim-initiatives --version ${DECIDIM_VERSION} --skip-install && \
+    bundle add decidim-templates --version ${DECIDIM_VERSION} --skip-install && \
+    bundle add figaro --skip-install && \
+    bundle add passenger --group production --skip-install && \
+    bundle add delayed_job_active_record --group production --skip-install && \
+    bundle add daemons --group production --skip-install && \
+    bundle add twilio-ruby --group production --skip-install && \
+    # Install Decidim modules
+    bundle add omniauth-decidim --github "decidim/omniauth-decidim" --skip-install && \
+    bundle add decidim-calendar --github "luizsanches/decidim-module-calendar" --skip-install && \
+    bundle add decidim-challenges --github "gencat/decidim-module-challenges" --branch "upgrade/0.26-stable" --skip-install && \
+    bundle add decidim-decidim_awesome --github "Platoniq/decidim-module-decidim_awesome" --skip-install && \
+    bundle add decidim-direct_verifications --github "Platoniq/decidim-verifications-direct_verifications" --skip-install && \
+    bundle add decidim-navigation_maps --github "Platoniq/decidim-module-navigation_maps" --skip-install && \
+    bundle add decidim-term_customizer --github "mainio/decidim-module-term_customizer" --skip-install && \
     bundle install && \
     # Setup delayed job for mail sending
     bin/rails generate delayed_job:active_record && \
     # Precompile static assets
+    curl -sSL https://repo.spotter.cz/Source_Sans_Pro.tar.gz | tar xzf - -C /usr/local/bundle/gems/decidim-core-${DECIDIM_VERSION}/app/packs/fonts/decidim/ && \
+    npm install && \
+    npm install --install-links /usr/local/bundle/bundler/gems/decidim-module-decidim_awesome-* && \
+    npm install --install-links /usr/local/bundle/bundler/gems/decidim-module-calendar-* && \
+    npm install --install-links /usr/local/bundle/bundler/gems/decidim-module-navigation_maps-* && \
     bin/rails assets:precompile && \
     # Remove database migrations (will be recreated in entrypoint.sh) and temp cache
     rm /srv/decidim-app/db/migrate/* && \
@@ -86,9 +82,16 @@ RUN \
     # Change ownership
     chown -R decidim:decidim /srv/decidim-app && \
     # Cleanup
-    apk --no-cache del .deps && \
+    apt-get -y purge --autoremove dirmngr gnupg autoconf bison build-essential git libgdbm-dev libicu-dev libncurses5-dev libpq-dev libreadline6-dev && \
-    rm -rf /root/.bundle /root/.gem
+    apt-get -y clean && \
+    rm -rf /srv/decidim/node_modules && \
+    rm -rf /root/.bundle && \
+    rm -rf /root/.gem && \
+    rm -rf /root/.npm
+
+COPY --chown=decidim:decidim image.d/srv/decidim-app/ /srv/decidim-app/
+COPY image.d/etc/ /etc/
+COPY image.d/entrypoint.sh /
 
 ENTRYPOINT ["/entrypoint.sh"]
 EXPOSE 8080
-VOLUME ["/srv/decidim-app/db/migrate", "/srv/decidim-app/storage", "/srv/decidim-app/public/uploads"]

decidim/image.d/entrypoint.sh

@@ -8,34 +8,35 @@ fi
 echo "Starting Decidim..."
 
 # Set passenger environment
-export RAILS_ENV=${RAILS_ENV:-production}
+if [ -n "${RAILS_ENV}" ]; then
-echo "passenger_app_env ${RAILS_ENV};" >/etc/nginx/rails_env.conf
+    echo "passenger_app_env ${RAILS_ENV};" >/etc/nginx/rails_env.conf
+fi
+
+# Fix volume permissions
+chown decidim:decidim \
+    /srv/decidim-app/db/migrate \
+    /srv/decidim-app/storage \
+    /srv/decidim-app/public/uploads
 
 # Upgrade database
 cd /srv/decidim-app
-s6-setuidgid decidim sh -c '
+HOME=/srv/decidim-app s6-setuidgid decidim sh -c '
     bin/rails decidim:upgrade
-    bin/rails generate delayed_job:active_record >/dev/null 2>&1
+    bin/rails generate delayed_job:active_record
     bin/rails decidim_conferences:install:migrations
     bin/rails decidim_consultations:install:migrations
     bin/rails decidim_initiatives:install:migrations
-    # bin/rails decidim_templates:install:migrations
+    bin/rails decidim_templates:install:migrations
-    bin/rails decidim_calendar:install:migrations
+    bin/rails decidim_event_calendar:install:migrations
-    bin/rails decidim_comparative_stats:install:migrations
+    bin/rails decidim_challenges:install:migrations
     bin/rails decidim_decidim_awesome:install:migrations
-    # bin/rails decidim_favorites:install:migrations
-    # bin/rails decidim_feedback:install:migrations
-    # bin/rails decidim_ideas:install:migrations
-    # bin/rails decidim_ldap:install:migrations
-    bin/rails decidim_navbar_links:install:migrations
     bin/rails decidim_navigation_maps:install:migrations
-    bin/rails decidim_time_tracker:install:migrations
+    bin/rails decidim_term_customizer:install:migrations
-    bin/rails redirector_engine:install:migrations
-    bin/rails decidim_url_aliases:install:migrations
     bin/rails db:migrate
 '
 
 # Create or update superadmin account
+if [ -n "${DECIDIM_ADMIN_USER}" -a -n "${DECIDIM_ADMIN_PASSWORD}" ]; then
 cat <<EOF | bin/rails console
 Decidim::System::Admin.find_or_initialize_by(id: 1).update!(
     email: ENV["DECIDIM_ADMIN_USER"],
@@ -43,8 +44,9 @@ Decidim::System::Admin.find_or_initialize_by(id: 1).update!(
     password_confirmation: ENV["DECIDIM_ADMIN_PASSWORD"]
 )
 EOF
+fi
 unset DECIDIM_ADMIN_USER
 unset DECIDIM_ADMIN_PASSWORD
 
 # Exec into s6 supervisor
-exec /bin/s6-svscan /etc/services.d
+exec /usr/bin/s6-svscan /etc/services.d

decidim/image.d/etc/cron.d/decidim

@@ -0,0 +1 @@
+*/5 * * * * decidim [ -s /srv/decidim-app/tmp/pids/delayed_job.pid ] || /srv/decidim-app/bin/delayed_job start

decidim/image.d/etc/crontabs/decidim

@@ -1 +0,0 @@
-*/5 * * * * [ -s /srv/decidim-app/tmp/pids/delayed_job.pid ] || /srv/decidim-app/bin/delayed_job start

decidim/image.d/etc/nginx/nginx.conf

@@ -2,13 +2,14 @@ user decidim;
 pid /run/nginx.pid;
 worker_processes 1;
 error_log /dev/stderr warn;
+load_module /usr/lib/nginx/modules/ngx_http_passenger_module.so;
 
 events {
 	worker_connections 1024;
 }
 
 http {
-	include mime.types;
+	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 
 	access_log off;
@@ -18,8 +19,7 @@ http {
 	tcp_nodelay on;
 	send_timeout 300;
 
-	passenger_root /usr/local/lib/passenger;
+	passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
-	passenger_ruby /usr/local/bin/ruby;
 
 	server {
 		listen 8080;
@@ -32,6 +32,7 @@ http {
 
 		passenger_enabled on;
 		passenger_set_header Host $passenger_host;
+		# rails_env.conf containing passenger_app_env is set by entrypoint.sh
 		include /etc/nginx/rails_env.conf;
 
 		root /srv/decidim-app/public;

decidim/image.d/etc/nginx/rails_env.conf

@@ -0,0 +1 @@
+passenger_app_env production;

decidim/image.d/etc/services.d/.s6-svscan/finish

@@ -1,4 +1,4 @@
 #!/bin/execlineb -P
 
-foreground { s6-svwait -d -t 3000 cron }
+/usr/lib/execline/bin/foreground { /usr/bin/s6-svwait -d -t 3000 cron }
-foreground { s6-svwait -d -t 3000 nginx }
+/usr/lib/execline/bin/foreground { /usr/bin/s6-svwait -d -t 3000 nginx }

decidim/image.d/etc/services.d/cron/run

@@ -1,4 +1,4 @@
-#!/bin/execlineb -P
+#!/usr/bin/execlineb -P
 
-fdmove -c 2 1
+/usr/lib/execline/bin/fdmove -c 2 1
-crond -f -d 8
+/usr/sbin/cron -f

decidim/image.d/etc/services.d/nginx/run

@@ -1,3 +1,3 @@
-#!/bin/execlineb -P
+#!/usr/bin/execlineb -P
 
-nginx -g "daemon off;"
+/usr/sbin/nginx -g "daemon off;"

decidim/image.d/srv/decidim-app/Gemfile

@@ -1,66 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-
-ruby RUBY_VERSION
-
-gem "decidim", "0.23.6"
-gem "decidim-conferences", "0.23.6"
-gem "decidim-consultations", "0.23.6"
-gem "decidim-initiatives", "0.23.6"
-# gem "decidim-templates", "0.23.6"
-
-gem "bootsnap", "~> 1.3"
-
-gem "puma", ">= 4.3.5"
-gem "uglifier", "~> 4.1"
-
-gem "faker", "~> 1.9"
-
-gem "wicked_pdf", "~> 1.4"
-
-group :development, :test do
-  gem "byebug", "~> 11.0", platform: :mri
-
-  gem "decidim-dev", "0.23.6"
-end
-
-group :development do
-  gem "letter_opener_web", "~> 1.3"
-  gem "listen", "~> 3.1"
-  gem "spring", "~> 2.0"
-  gem "spring-watcher-listen", "~> 2.0"
-  gem "web-console", "~> 3.5"
-end
-
-group :production do
-  gem "passenger"
-  gem "delayed_job_active_record"
-  gem "daemons"
-  gem "twilio-ruby"
-end
-
-# Modules
-gem "omniauth-decidim", github: "decidim/omniauth-decidim"
-# gem "decidim-access_requests", github: "mainio/decidim-module-access_requests" # Supported until 0.22.0
-# gem "decidim-action_delegator", github: "coopdevs/decidim-module-action_delegator" # Supported until 0.23.2
-# gem "decidim-antivirus", github: "mainio/decidim-module-antivirus" # Supported until 0.22.0
-# gem "decidim-budgets_enhanced", github: "OpenSourcePolitics/decidim-module-budgets_enhanced", branch: "0.22-dev" # Supported until 0.19.0, development branch exists up to 0.22.0
-gem "decidim-calendar", github: "alabs/decidim-module-calendar"
-gem "decidim-comparative_stats", github: "Platoniq/decidim-module-comparative_stats"
-# gem "decidim-cookies", github: "OpenSourcePolitics/decidim-module_cookies" # Supported until 0.21.0
-gem "decidim-decidim_awesome", github: "Platoniq/decidim-module-decidim_awesome"
-# gem "decidim-department_admin", github: "gencat/decidim-department-admin" # Supported until 0.22.0
-gem "decidim-direct_verifications", github: "Platoniq/decidim-verifications-direct_verifications"
-# gem "decidim-favorites", github: "mainio/decidim-module-favorites" # Required by ideas, plans
-# gem "decidim-feedback", github: "mainio/decidim-module-feedback" # Required by ideas
-# gem "decidim-ideas", github: "mainio/decidim-module-ideas" # Supported until 0.23.0, has graphql dependency problems
-# gem "decidim-ldap", github: "diputacioBCN/decidim-diba", glob: "decidim-ldap/decidim-ldap.gemspec", Supported until 0.18.0, installable until 0.23.1
-gem "decidim-navbar_links", github: "OpenSourcePolitics/decidim-module-navbar_links", branch: "0.23-stable"
-gem "decidim-navigation_maps", github: "Platoniq/decidim-module-navigation_maps", ref: "5199551350d05a24c439b4c6dc5946f12eafaa30"
-# gem "decidim-plans", github: "mainio/decidim-module-plans" # Supported until 0.22.0
-# gem "decidim-process_groups_content_block", github: "mainio/decidim-module-process_groups_content_block" # Supported until 0.22.0
-# gem "decidim-term_customizer", github: "mainio/decidim-module-term_customizer" # Supported until 0.22.0
-gem "decidim-time_tracker", github: "Platoniq/decidim-module-time_tracker", branch: "main"
-# gem "decidim-unique_identity", github: "OpenSourcePolitics/decidim-module-unique-identity" # Supported until 0.18.0
-gem "decidim-url_aliases", github: "OpenSourcePolitics/decidim-urlaliases"

decidim/image.d/srv/decidim-app/config/environments/production.rb

@@ -22,14 +22,11 @@ Rails.application.configure do
   # Apache or NGINX already handles this.
   config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
-  # Compress JavaScripts and CSS.
+  # Compress CSS using a preprocessor.
-  config.assets.js_compressor = Uglifier.new(:harmony => true)
+  # 
-  # config.assets.css_compressor = :sass
 
   # Do not fallback to assets pipeline if a precompiled asset is missed.
-  config.assets.compile = false
+  
-
-  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
 
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.action_controller.asset_host = 'http://assets.example.com'
@@ -38,17 +35,17 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
-  # Store uploaded files on the local file system (see config/storage.yml for options)
+  # Store uploaded files on the local file system (see config/storage.yml for options).
   config.active_storage.service = :local
 
-  # Mount Action Cable outside main process or domain
+  # Mount Action Cable outside main process or domain.
   # config.action_cable.mount_path = nil
   # config.action_cable.url = 'wss://example.com/cable'
   # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   config.force_ssl = true
-  
+
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.
   config.log_level = :info
@@ -59,9 +56,9 @@ Rails.application.configure do
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
-  # Use a real queuing backend for Active Job (and separate queues per environment)
+  # Use a real queuing backend for Active Job (and separate queues per environment).
   # config.active_job.queue_adapter     = :resque
-  # config.active_job.queue_name_prefix = "decidim_#{Rails.env}"
+  # config.active_job.queue_name_prefix = "decidim_app_production"
 
   config.action_mailer.perform_caching = false
 
@@ -101,4 +98,25 @@ Rails.application.configure do
 
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
+
+  # Inserts middleware to perform automatic connection switching.
+  # The `database_selector` hash is used to pass options to the DatabaseSelector
+  # middleware. The `delay` is used to determine how long to wait after a write
+  # to send a subsequent read to the primary.
+  #
+  # The `database_resolver` class is used by the middleware to determine which
+  # database is appropriate to use based on the time delay.
+  #
+  # The `database_resolver_context` class is used by the middleware to set
+  # timestamps for the last write to the primary. The resolver uses the context
+  # class timestamps to determine how long to wait before reading from the
+  # replica.
+  #
+  # By default Rails will store a last write timestamp in the session. The
+  # DatabaseSelector middleware is designed as such you can define your own
+  # strategy for connection switching and pass that into the middleware through
+  # these configuration options.
+  # config.active_record.database_selector = { delay: 2.seconds }
+  # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver
+  # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session
 end

decidim/image.d/srv/decidim-app/config/initializers/decidim.rb

@@ -256,7 +256,7 @@ Decidim.configure do |config|
   # Etherpad configuration
   #
   # Only needed if you want to have Etherpad integration with Decidim. See
-  # Decidim docs at docs/services/etherpad.md in order to set it up.
+  # Decidim docs at https://docs.decidim.org/en/services/etherpad/ in order to set it up.
   #
   # config.etherpad = {
   #   server: Rails.application.secrets.etherpad[:server],
@@ -281,12 +281,19 @@ Decidim.configure do |config|
 
   # Machine Translation Configuration
   #
+  # See Decidim docs at https://docs.decidim.org/en/develop/machine_translations/
+  # for more information about how it works and how to set it up.
+  #
   # Enable machine translations
   config.enable_machine_translations = false
   #
   # If you want to enable machine translation you can create your own service
   # to interact with third party service to translate the user content.
   #
+  # If you still want to use "Decidim::Dev::DummyTranslator" as translator placeholder,
+  # add the follwing line at the beginning of this file:
+  # require "decidim/dev/dummy_translator"
+  #
   # An example class would be something like:
   #
   # class MyTranslationService
@@ -312,3 +319,6 @@ end
 
 Rails.application.config.i18n.available_locales = Decidim.available_locales
 Rails.application.config.i18n.default_locale = Decidim.default_locale
+
+# Inform Decidim about the assets folder
+Decidim.register_assets_path File.expand_path("app/packs", Rails.application.root)

decidim/image.d/srv/decidim-app/config/secrets.yml

@@ -10,6 +10,16 @@
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
 
+elections_default: &elections_default
+  bulletin_board_server: <%= ENV["ELECTIONS_BULLETIN_BOARD_SERVER"] || 'http://bulletin-board.lvh.me:8000/api' %>
+  bulletin_board_public_key: {"kty":"RSA","n":"zMXsZpYPKkDlSmezX898y7zNOaJ7ENIN4kj4UhQ95Vm4HlgTpIs2VMMsO0eqynMaOR_G1mXdqbpbaJtXijBe4V8323QwGm6WVAa71E7pDXa5g6-uo5f8GePitN0YER9y2yNQN4uTaNzJiWV2uLBUYfMdj3SIif31YwLULHAOj3B_oleFK8coE_Qr3NzATcYBmsqE8AR4NljxTO6KDmP1SLdf5GBOBhOAIFbnL_Kpj2xkm7MS3hjMVKpiRhqA1UgX5oKZ8ixBv46fNJF0pBsHi3fHNjK9oZzgdx_AI-YFpdE_40-8bh_g9sWzxacqOM2-MdQLHbvRPEVltO3E8tr6I5YWrylcP7l9VD8OJeqjq2qFYHnGYdmLoD2XuXmI9EuBvSb9H4-qcartxZSIQCimKib_fxZvgrG1FSRRhK6YpvIdGv4-G2zfCCRsC4XD80TYI2bf-oYCoy7eU3_eVHFMV2yg4p1Wnuw2Vgq0edPL_bKaV9JvGx7F-U5juxNN0WZR9LzbPl4ReejzN95lyHgbj0nTH_u3bSpZmgJrQF-PwdnPcG46deVjJgUeosrlC4lQxVrRz0GL58BuFunnz2uYDBDrcJCiG60EbdkAFHjOcXU4wrUWATin7je_aqdBXhSnkTafcJAMvL7Y2Ld7vDge8nLqjAVlAi5am3rN0kqKT6M","e":"AQAB","kid":"a8e86f02ca27e1861bfc49e2a9a4614ca9068f8efdb6d42d19d3aab0eb2a31be"}
+  authority_private_key: {"kty":"RSA","n":"pNgMt8lnPDD3TlWYGhRiV1oZkPQmnLdiUzwyb_-35qKD9k-HU86xo0uSgoOUWkBtnvFscq8zNDPAGAlZVokaN_z9ksZblSce0LEl8lJa3ICgghg7e8vg_7Lz5dyHSQ3PCLgenyFGcL401aglDde1Xo4ujdz33Lklc4U9zoyoLUI2_viYmNOU6n5Mn0sJd30FeICMrLD2gX46pGe3MGug6groT9EvpKcdOoJHKoO5yGSVaeY5-Bo3gngvlgjlS2mfwjCtF4NYwIQSd2al-p4BKnuYAVKRSgr8rYnnjhWfJ4GsCaqiyXNi5NPYRV6gl_cx_1jUcA1rRJqQR32I8c8QbAXm5qNO4URcdaKys9tNcVgXBL1FsSdbrLVVFWen1tfWNfHm-8BjiWCWD79-uk5gI0SjC9tWvTzVvswWXI5weNqqVXqpDydr46AsHE2sG40HRCR3UF3LupT-HwXTcYcOZr5dJClJIsU3Hrvy4wLssub69YSNR1Jxn-KX2vUc06xY8CNIuSMpfufEq5cZopL6O2l1pRsW1FQnF3s078_Y9MaQ1gPyBo0IipLBVUj5IjEIfPuiEk4jxkiUYDeqzf7bAvSFckp94yLkRWTs_pEZs7b_ogwRG6WMHjtcaNYe4CufhIm9ekkKDeAWOPRTHfKNmohRBh09XuvSjqrx5Z7rqb8","e":"AQAB","kid":"b8dba1459df956d60107690c34fa490db681eac4f73ffaf6e4055728c02ddc8e","d":"Uh3KIBe1VJez6pLbBUrYPlmE2N-3CGSWF46qNX62lq6ofB_b8xTJCuaPonJ3iYoE0aPEeVDrefq5m3-0wFXl-LQPgXlMj_1_7UgB9jeuSZ_N1WDK6P2EJPx5YS09O1gkpVxK7Mx_sZQe77wmUUH-eI7tg__qfUrB7E0Yn_cTpBATI2qlYaQsz6-A7e1MVvixq_ilmzVAZvuBrPp5mCZVb6FlXrV_PU9-UPIrD3O1La1lfO6SPBSbSGQkmGHwD2QbkHn9D_R_Vs-z_0TkM_dX71jIPQhrle3pN222KuJ8eQqwr9QP6biQMBuT5eKgr3MVtfUDRpp4sCEq9GIFwSd8LvbmGPrOoz8ueOEQ05nisIBQuOTYiWpYs2CEV062HR1bLFRLDUcSlflGNr0bgiXTUFx4wxRG06OaI-rQ6nG3M8TE0I0phMNCG3c7YyV28z_k2I65oQF9aKtiwFwc0YsUSGPTOFZGWHuCCPLm0lFeebpI_JIYqIv70NJxbSZEBY8DAIqZPqP6y_CRo2_C7piCgsjg9pnF8cp45vz4L6DWZ0Tumc_5aRuqIBkYXXwP9TjqhzxL-2SQHIqUAjj6Y6S35tZT6ekZSbnPIKX_e42y6bDT_Ztf01QfKiTkcx3_I8RwOuh6CzJzr72AykQpU3XKOKF1x1GBtYyrno4jG5LgaGE","p":"1UARZ-rRnpKG5NHKlXTys3irCy-d91edHL3fEIzDKvhMRQCIWh7dt8l0_sIpcBF-EbVilbFKj7yfgZBTr8EkAXHgweayK8rnlMqi2jte1_u-5DBtrGVVUTSQltSLDOZHK5QfUxVK6Bbk8K5ROLvef91oNgnSNWNOeoCZdlS55nMZcAgY_6mxSuuMq54Tgy8o4Ip890-ZEYY6OSFXhU-ieoGO4Jw--c6QzmCa3gGo2oVClidMNaM1jquK4Pj6xaoxR2NWeIX9Ix7k1P2B24pegyHXjSIpQ6JYdn352VViXi2tx7TTJh6ClNVjgoRmL4Gfy_IJNx0GhF5OB3yughUc7w","q":"xePJGBt466qM9F0BPxWFjyWbIs_GNXr-lBGASui0Z94cfgFbsZwqRsWQEf7jDVQsDNVnPSWZ_Wd6UqoQaIxc0tE8gaokPG6A4EUDyoLaZ231ZydDVoWof8FnPDaJwrcPwZ4R6ZLKGmkfytCZuU9I_9B4uuV0dyjEzKfS-Os3UcLumKPlgJ71OZAb49GTqUHuTePcSJjyYOYXx6eE7i_1m8TjU9Ut18BJNQhLqWmerA6X1ijbR2_syY6GXhGSfciSBH8xVkiUnqXb2jt1bE8nwWw-Sam5ikjzNbXqqs978IcCE5HTddQmy99bwuArA8PLqIFj3OOO1CSo8oyn2XDgMQ","dp":"Diky_rOZN-6DBq7nxQT_GOvqb9O5qbMnu8DgDzlJvJDAf9SJOXLTRmEaY9CA7_A5bvOcmFQtn13nObNb20_4FCB7zGSFcGMI_dh2-Ab5RV5yTrTok4onID1dXKbAlRq1ny825U2Eq-TZTyJEQoA3RkZtpSkBzInLrFbd2f3GWodKKSZggpnCLDd4H-1fXlbDYCXSJpoikAdZ1nFgXnnrUDdKRaAajnwpIYtIvXVewSQYR-BULzunUtIRZt8hx_6FRzhRha9gH_TtPTeYZ_vISuz0Y2rhUpx1Q2kaLlR9M8PUxm47l0xvX3LMKN6h6oWxFtn7wq0qwZ-Bjv24mOrOAQ","dq":"nXGD10hURrwk9W7hxP0sjB2Rdnr06iv3THs4JWFL16_h32bZO1BSWoho_chbgYlMmtFXGFFIWVLxAcAI2gWC_MA4cbmapvIMW2LNh1vgxJW5v95_NuGUlECeEEwcAu1-_b7z5XBCmAy3nLem9sbb_5wv0hMpPH0VRvbnZeBO3SBIkO0lddYCqU-8wN9HqkyoexQleSUnAm1O0iy4GIHT2aEmdNaRaKy2EhmNiTZdZeseZueOvyGPtTVONp2ofacMdcN0z39jr22qo9DWtdusd7nVPOpqkllEF6GrGUeHBnGD92n4YjDuxRnqefu8fXxUFrcLav0p8CNSv9ek291woQ","qi":"w6hfKEBLLHRWPkjajgxZyyetj-UFfVkILRT0plOllJ2JV8whcOXRXbiXH2r8zqMeyMFrrMwmuvv4TVQaruKB0ZQOG7Tz5Lw0RZEREOLnBwc3vSi_iLd-jBz01LdExTpqsAHMkaMQR9x62J8DE1ZNxVdn3ELYKik0f1L2r_WErzhvT1uq69HAybUp6WHcFYH0PSqHg4LOneXAdU1_g-ji2Zn9dlA_2oYGQ5S6JXPV7v2IVbEFpxyVD1lPbFT0iKhyZZevictjgD_JGHveIVqsq5w0Csyz08h0oEW9hYEq-4bquMxSf18gjldoS5uQPD7FUECgL8bxsCdc4hP6UEKYGw"}
+  authority_name: "Decidim Test Authority"
+  authority_api_key: "89Ht70GZNcicu8WEyagz_rRae6brbqZAGuBEICYBCii-PTV3MAstAtx1aRVe5H5YfODi-JgYPvyf9ZMH7tOeZ15e3mf9B2Ymgw7eknvBFMRP213YFGo1SPn_C4uLK90G"
+  scheme_name: "dummy"
+  quorum: 2
+  number_of_trustees: 3
+
 default: &default
   omniauth:
     facebook:
@@ -32,11 +42,8 @@ default: &default
     server: <%= ENV["ETHERPAD_SERVER"] %>
     api_key: <%= ENV["ETHERPAD_API_KEY"] %>
     api_version: "1.2.1"
-  bulletin_board:
+  elections:
-    identification_private_key: |
+    <<: *elections_default
-
-    server: 
-    api_key: 
   twilio:
     account_sid: <%= ENV["TWILIO_ACCOUNT_SID"] %>
     auth_token: <%= ENV["TWILIO_AUTH_TOKEN"] %>
@@ -44,7 +51,7 @@ default: &default
 
 development:
   <<: *default
-  secret_key_base: 8c1ae960e908eeb50b0a0d95ad2318277a5a8ffb3202c242ab5e8642946c8c4cffba1a8afa54e9fbe4386ab2af880ad4fd2a467d3e2e37c9b279e2badb9bfbb9
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   omniauth:
     developer:
       enabled: true
@@ -52,7 +59,7 @@ development:
 
 test:
   <<: *default
-  secret_key_base: e6f5a697254308dcb178c4945e55e6846d4770ef2ec2d07b9926313aebc7928bcc2d7331c273a2f02b730943adb304d8dc9cd54ea55be90e31a07f2690f20636
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   omniauth:
     facebook:
       enabled: true
@@ -66,6 +73,10 @@ test:
       enabled: true
       client_id:
       client_secret:
+  elections:
+    <<: *elections_default
+    bulletin_board_server: <%= ENV["ELECTIONS_BULLETIN_BOARD_SERVER"] || 'http://bulletin-board.lvh.me:5017/api' %>
+
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
@@ -79,3 +90,12 @@ production:
   smtp_port: "587"
   smtp_starttls_auto: true
   smtp_authentication: "plain"
+  elections:
+    bulletin_board_server: <%= ENV["BULLETIN_BOARD_SERVER"] %>
+    bulletin_board_public_key: <%= ENV["BULLETIN_BOARD_PUBLIC_KEY"] %>
+    authority_api_key: <%= ENV["BULLETIN_BOARD_API_KEY"] %>
+    authority_name: <%= ENV["AUTHORITY_NAME"] %>
+    authority_private_key: <%= ENV["AUTHORITY_PRIVATE_KEY"] %>
+    scheme_name: <%= ENV["ELECTIONS_SCHEME_NAME"] %>
+    number_of_trustees: <%= ENV["ELECTIONS_NUMBER_OF_TRUSTEES"] %>
+    quorum: <%= ENV["ELECTIONS_QUORUM"] %>

docker-compose.yml

@@ -4,7 +4,7 @@ services:
 
   decidim:
     build: decidim
-    image: decidim:0.23.6-210515
+    image: decidim:0.26.2-220910
     restart: unless-stopped
     depends_on:
       - decidim-postgres
@@ -20,7 +20,7 @@ services:
       - decidim_uploads:/srv/decidim-app/public/uploads
 
   decidim-postgres:
-    image: postgres:12-alpine
+    image: postgres:14-alpine
     restart: unless-stopped
     environment:
       - POSTGRES_USER