From a2e28a0820874f8c94a9f0b6837d8b703d141156 Mon Sep 17 00:00:00 2001 From: Disassembler Date: Sun, 14 May 2023 16:34:12 +0200 Subject: [PATCH] Sanitize entrypoint exec, update build command --- README.rst | 34 +++++++++++++++++++++++++++------- decidim/image.d/entrypoint.sh | 2 +- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/README.rst b/README.rst index ea09e99..a3b23cf 100644 --- a/README.rst +++ b/README.rst @@ -4,7 +4,9 @@ Decidim Overview -------- -Decidim is a participatory democracy platform for cities and organizations. Decidim is written and runs on Ruby 2.7, where it is installed as Ruby Gem (i.e. not compiled from source). Incoming HTTP requests are handled via passenger nginx plugin. +Decidim is a participatory democracy platform for cities and organizations. Decidim is written +and runs on Ruby 2.7, where it is installed as Ruby Gem (i.e. not compiled from source). +Incoming HTTP requests are handled via passenger nginx plugin. Upstream URL: https://github.com/decidim/decidim @@ -12,25 +14,41 @@ Upstream URL: https://github.com/decidim/decidim Custom fonts ------------ -The image is distributed with custom version of *Source Sans Pro* font support for latin-ext characters included (i.e. diactitics). The original upstream version of the font omits these characters in order ta minimize the load times in web browsers. +The image is distributed with custom version of *Source Sans Pro* font support for latin-ext +characters included (i.e. diactitics). The original upstream version of the font omits +these characters in order ta minimize the load times in web browsers. Database upgrades ----------------- -Decidim creates a series of database migration scripts under ``db/migrate`` directory. Unfortunately, these script are not created deterministically as their file names are always created with current build's timestamp. The same script using the same Decidim version therefore always ends up with different database migration scripts. Newly added scripts in a new version of Decidim are not sorted at the end, so it's impossible to determine which scripts need to applied from the filenames alone. The ``db/migrate`` directory is therefore stored on a persisten sotrage outside of the container to ensure that only the new database migration will be applied whenever the container is upgraded to a newer version of Decidim image. +Decidim creates a series of database migration scripts under ``db/migrate`` directory. +Unfortunately, these script are not created deterministically as their file names are always +created with current build's timestamp. The same script using the same Decidim version therefore +always ends up with different database migration scripts. Newly added scripts in a new +version of Decidim are not sorted at the end, so it's impossible to determine which scripts +need to applied from the filenames alone. The ``db/migrate`` directory is therefore stored +on a persisten sotrage outside of the container to ensure that only the new database migration +will be applied whenever the container is upgraded to a newer version of Decidim image. Additional site creation ------------------------ -Decidim allows to create managed sites using the superadmin interface on ``https:///system/``. The sites require their own (sub)domains, therefore some additional considerations must be taken when setting up HTTP reverse proxies and TLS certificates. +Decidim allows to create managed sites using the superadmin interface on +``https:///system/``. The sites require their own (sub)domains,therefore some +additional considerations must be taken when setting up HTTP reverse proxies and TLS certificates. Rails environment ----------------- -Rails ``RAILS_ENV`` environment variable is set to ``production`` by default. This requires connection via HTTPS as there are redirects hardcoded in the Decidim application or its dependencies with enforce this behavior whenewer the ``RAILS_ENV`` is ``production``. The varaible can be changed to ``development`` in the docker-compose ``.env`` file, however the full development environment experience is not ensured by the current setup and some additional manual steps may be needed in order to use full potential of the development the environment. +Rails ``RAILS_ENV`` environment variable is set to ``production`` by default. +This requires connection via HTTPS as there are redirects hardcoded in the Decidim application +or its dependencies with enforce this behavior whenewer the ``RAILS_ENV`` is ``production``. +The varaible can be changed to ``development`` in the docker-compose ``.env`` file, however +the full development environment experience is not ensured by the current setup and some additional +manual steps may be needed in order to use full potential of the development the environment. The application offers a console accessible via @@ -39,7 +57,9 @@ The application offers a console accessible via cd /srv/decidim-app bin/rails console -The console loads the application environment and allows to work with Decidim via CLI. This is used by the docker entrypoint to ensure the superadmin credentials are always set according to the respective environment variables. +The console loads the application environment and allows to work with Decidim via CLI. This is used +by the docker entrypoint to ensure the superadmin credentials are always set according to +the respective environment variables. .. code-block:: ruby @@ -67,7 +87,7 @@ Development without docker-compose .. code-block:: bash - podman build -t decidim:latest . + podman build -t decidim:latest decidim rm -rf ~/decidim_{migrate,storage,uploads} mkdir ~/decidim_{migrate,storage,uploads} diff --git a/decidim/image.d/entrypoint.sh b/decidim/image.d/entrypoint.sh index 5da29c0..cf60133 100755 --- a/decidim/image.d/entrypoint.sh +++ b/decidim/image.d/entrypoint.sh @@ -2,7 +2,7 @@ set -e if [ "$*" != "" ]; then - exec $@ + exec "$@" fi echo "Starting Decidim..."