Merge pull request #174 from textbook/feat-single-artifact-deploy

Allow running the app as a single artifact

.gitignore

@@ -1,5 +1,8 @@
-package
+last-release/
+package/
+tmp/
 package.zip
+last-release.zip
 .idea/
 .DS_Store
 node_modules/

api/.gitignore

@@ -26,3 +26,6 @@ vendor
 /.idea
 postfacto-api.iml
 db/schema.rb
+
+# Ignore public client files
+/client

api/Gemfile

@@ -45,6 +45,7 @@ gem 'jbuilder'
 gem 'premailer-rails', '>= 1.10.2'
 gem 'puma'
 gem 'rack-cors', require: 'rack/cors'
+gem 'rack-ssl'
 gem 'rest-client'
 gem 'uglifier'
 gem 'jwt'

api/Gemfile.lock

@@ -189,6 +189,8 @@ GEM
     puma (3.12.0)
     rack (2.0.7)
     rack-cors (1.0.2)
+    rack-ssl (1.4.1)
+      rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails (5.2.3)
@@ -339,6 +341,7 @@ DEPENDENCIES
   pry-byebug
   puma
   rack-cors
+  rack-ssl
   rails (>= 5.2.2.1)
   redis (~> 3.3.3)
   rest-client

api/app/controllers/static_controller.rb

@@ -0,0 +1,35 @@
+#
+# Postfacto, a free, open-source and self-hosted retro tool aimed at helping
+# remote teams.
+#
+# Copyright (C) 2016 - Present Pivotal Software, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+#
+# it under the terms of the GNU Affero General Public License as
+#
+# published by the Free Software Foundation, either version 3 of the
+#
+# License, or (at your option) any later version.
+#
+#
+#
+# This program is distributed in the hope that it will be useful,
+#
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+#
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#
+# GNU Affero General Public License for more details.
+#
+#
+#
+# You should have received a copy of the GNU Affero General Public License
+#
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
+class StaticController < ApplicationController
+  def home
+    render file: 'client/index.html', layout: false
+  end
+end

api/config.ru

@@ -1,18 +1,44 @@
+#
+# Postfacto, a free, open-source and self-hosted retro tool aimed at helping
+# remote teams.
+#
+# Copyright (C) 2016 - Present Pivotal Software, Inc.
+#
+# This program is free software: you can redistribute it and/or modify
+#
+# it under the terms of the GNU Affero General Public License as
+#
+# published by the Free Software Foundation, either version 3 of the
+#
+# License, or (at your option) any later version.
+#
+#
+#
+# This program is distributed in the hope that it will be useful,
+#
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+#
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#
+# GNU Affero General Public License for more details.
+#
+#
+#
+# You should have received a copy of the GNU Affero General Public License
+#
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+#
 # This file is used by Rack-based servers to start the application.
 
 require_relative 'config/environment'
 
-run Rails.application
+if ENV['RAILS_ENV'] == 'production'
+  require 'rack/ssl'
 
-require 'rack/cors'
-unless ENV['RAILS_ENV'] == 'production'
-  use Rack::Cors do
-    # allow all origins in development
-    allow do
-      origins '*'
-      resource '*',
-               headers: :any,
-               methods: [:get, :patch, :post, :delete, :put, :options]
-    end
-  end
+  use Rack::SSL,
+      exclude: (lambda do |env|
+        env['HTTP_CONNECTION'] == 'Upgrade' && env['HTTP_UPGRADE'] == 'websocket'
+      end)
 end
+
+run Rails.application

api/config/application.rb

@@ -52,5 +52,14 @@ class Application < Rails::Application
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
     config.autoload_paths << Rails.root.join('lib', 'configurations')
+    if ENV['RAILS_ENV'] != 'production' || ENV['RAILS_SERVE_STATIC_FILES'].present?
+      config.middleware.insert_after(
+        ActionDispatch::Static,
+        ActionDispatch::Static,
+        Rails.root.join('client').to_s,
+        index: config.public_file_server.index_name,
+        headers: config.public_file_server.headers || {}
+      )
+    end
   end
 end

api/config/environments/development.rb

@@ -84,13 +84,6 @@
   # routes, locales, etc. This feature depends on the listen gem.
   config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 
-  config.middleware.insert_before 0, Rack::Cors do
-    allow do
-      origins 'http://localhost:3000'
-      resource '*', headers: :any, methods: [:get, :post, :patch, :delete, :options, :put]
-    end
-  end
-
   config.after_initialize do
     Bullet.enable = true
     Bullet.bullet_logger = true

api/config/environments/test.rb

@@ -69,13 +69,6 @@
 
   config.action_cable.allowed_request_origins = [/.*/]
 
-  config.middleware.insert_before 0, Rack::Cors do
-    allow do
-      origins 'http://localhost:3000'
-      resource '*', headers: :any, methods: [:get, :post, :patch, :delete, :options, :put]
-    end
-  end
-
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
 

api/config/routes.rb

@@ -32,26 +32,32 @@
   devise_for :admin_users, ActiveAdmin::Devise.config
   ActiveAdmin.routes(self)
 
-  put '/retros/:id/archive', to: 'retros#archive'
-  patch '/retros/:id/password', to: 'retros#update_password', as: :retro_update_password
+  scope '/api' do
+    put '/retros/:id/archive', to: 'retros#archive'
+    patch '/retros/:id/password', to: 'retros#update_password', as: :retro_update_password
 
-  get '/config', to: 'config#show'
+    get '/config', to: 'config#show'
 
-  resources :oauth_sessions, path: 'sessions', only: [:create]
-  resources :users, only: [:create]
+    resources :oauth_sessions, path: 'sessions', only: [:create]
+    resources :users, only: [:create]
 
-  resources :retros, only: [:index, :create, :show, :update] do
-    resources :archives, only: [:index, :show]
-    resources :settings, only: [:index]
-    resources :action_items, only: [:create, :destroy, :update]
-    resources :items, only: [:create, :update, :destroy] do
-      patch 'done', to: :done, controller: 'items'
-      post 'vote', to: :vote, controller: 'items'
-    end
-    resource :discussion, only: [:create, :destroy, :update] do
-      post 'transitions', controller: 'transitions'
-    end
+    resources :retros, only: [:index, :create, :show, :update] do
+      resources :archives, only: [:index, :show]
+      resources :settings, only: [:index]
+      resources :action_items, only: [:create, :destroy, :update]
+      resources :items, only: [:create, :update, :destroy] do
+        patch 'done', to: :done, controller: 'items'
+        post 'vote', to: :vote, controller: 'items'
+      end
+      resource :discussion, only: [:create, :destroy, :update] do
+        post 'transitions', controller: 'transitions'
+      end
 
-    resources :sessions, only: [:new, :create]
+      resources :sessions, only: [:new, :create]
+    end
   end
+
+  # pushstate routing
+  get '/' => 'static#home', as: 'home', constraints: { format: :html }
+  get '*url' => 'static#home', constraints: { format: :html }
 end

api/spec/requests/oauth_sessions_request_spec.rb

@@ -47,7 +47,7 @@
       end
 
       it 'returns user details' do
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
 
         expect(response.status).to eq(200)
 
@@ -76,7 +76,7 @@
       end
 
       it 'returns user details' do
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
 
         expect(response.status).to eq(200)
 
@@ -85,7 +85,7 @@
       end
 
       it 'returns a token' do
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
 
         expect(response.status).to eq(200)
 
@@ -107,7 +107,7 @@
         end
 
         it 'responds with an expiring token' do
-          post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+          post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
 
           data = JSON.parse(response.body)
           jwt = JWT.decode(data['auth_token'], nil, false)
@@ -129,7 +129,7 @@
       end
 
       it 'returns 404' do
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
 
         expect(response.status).to eq(404)
       end
@@ -143,7 +143,7 @@
       end
 
       it 'returns 500' do
-        post '/sessions', params: { access_token: 'invalid-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'invalid-access-token' }, as: :json
 
         expect(response.status).to eq(500)
       end
@@ -155,7 +155,7 @@
           .with('the-access-token')
           .and_raise(GoogleClient::InvalidUserDomain.new)
 
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
         expect(response).to be_forbidden
       end
 
@@ -168,7 +168,7 @@
 
         expect(GOOGLE_CLIENT).to receive(:get_user!).with('the-access-token').and_return(google_user_data)
 
-        post '/sessions', params: { access_token: 'the-access-token' }, as: :json
+        post '/api/sessions', params: { access_token: 'the-access-token' }, as: :json
         expect(response).to be_not_found
       end
     end