Remove CONTAINER_ID, add SSH

- CONTAINER_ID was only used for Google Optimize, which is discontinued - SSH will be needed for ongoing maintenance by developers see https://learn.microsoft.com/en-gb/azure/app-service/configure-custom-container?tabs=alpine&pivots=container-linux#enable-ssh
DFE-Digital · Oct 13, 2023 · b05dc19 · b05dc19
1 parent 2242bf7
commit b05dc19
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 5 deletions.
diff --git a/.env.example b/.env.example
@@ -8,3 +8,4 @@ RAILS_ENV=development
 WEBPACKER_DEV_SERVER_HOST=0.0.0.0
 FEEDBACK_URL=
 SIGNUP_URL=
+TRACKING_ID=
diff --git a/.github/workflows/azure-deploy-dev.yml b/.github/workflows/azure-deploy-dev.yml
@@ -102,7 +102,7 @@ jobs:
             BUILDKIT_INLINE_CACHE=1
             SHA=${{ github.sha }}
           cache-from: |
-            type=registry,ref=${{ env.DOCKER_IMAGE }}-prod:latest
+            type=registry,ref=${{ env.DOCKER_IMAGE }}:latest
           push: true
           tags: |
             ${{ env.DOCKER_IMAGE }}:latest

diff --git a/Dockerfile b/Dockerfile
@@ -102,6 +102,20 @@ COPY --from=assets-precompile /usr/local/bundle/ usr/local/bundle/
 # The application runs from /app
 WORKDIR /app
 
+COPY sshd_config /etc/ssh/
+COPY ./entrypoints/docker-entrypoint.sh ./
+
+# Start and enable SSH
+RUN apk add openssh \
+  && echo "root:Docker!" | chpasswd \
+  && chmod +x ./docker-entrypoint.sh \
+  && cd /etc/ssh/ \
+  && ssh-keygen -A
+
+EXPOSE 3000 2222
+
+ENTRYPOINT [ "./docker-entrypoint.sh" ]
+
 # Use the following for development testing
 CMD bundle exec rails db:migrate && bundle exec rails server -b 0.0.0.0
 

diff --git a/app/views/layouts/_analytics_header.html.erb b/app/views/layouts/_analytics_header.html.erb
@@ -1,5 +1,3 @@
-<script src="https://www.googleoptimize.com/optimize.js?id=<%= GoogleAnalytics::CONTAINER_ID %>"></script>
-
 <!-- Google tag (gtag.js) -->
 <script async src=<%= "https://www.googletagmanager.com/gtag/js?id=#{GoogleAnalytics::TRACKING_ID}" %>></script>
 <script>

diff --git a/config/initializers/google_analytics.rb b/config/initializers/google_analytics.rb
@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 module GoogleAnalytics
-  CONTAINER_ID = Rails.application.credentials.dig :google_analytics, Rails.configuration.space.to_sym, :container_id
-  TRACKING_ID = Rails.application.credentials.dig :google_analytics, Rails.configuration.space.to_sym, :tracking_id
+  TRACKING_ID = ENV.fetch("TRACKING_ID", "#TRACKING_ID_env_var_missing")
   JS_URL = "https://www.googletagmanager.com/ns.html?id=#{GoogleAnalytics::TRACKING_ID}"
 end
diff --git a/entrypoints/docker-entrypoint.sh b/entrypoints/docker-entrypoint.sh
@@ -7,6 +7,8 @@ if [ -f tmp/pids/server.pid ]; then
   rm tmp/pids/server.pid
 fi
 
+/usr/sbin/sshd
+
 bundle exec rake db:prepare db:seed
 
 # Start the application

diff --git a/sshd_config b/sshd_config
@@ -0,0 +1,12 @@
+Port 			2222
+ListenAddress 		0.0.0.0
+LoginGraceTime 		180
+X11Forwarding 		yes
+Ciphers aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
+MACs hmac-sha1,hmac-sha1-96
+StrictModes 		yes
+SyslogFacility 		DAEMON
+PasswordAuthentication 	yes
+PermitEmptyPasswords 	no
+PermitRootLogin 	yes
+Subsystem sftp internal-sftp