How to resolve the master.key problem with a Rails 5.2 dockerized project, using Gitlab CI ?

Hi everyone,

First, a great thank you for this platform: I learned a lot here!

I'm trying to deploy a dockerized Rails 5.2 application, using Gitlab CI/CD... First steps were going fine, but when I want to build my app, I get an error of missing master.key... So I learned here and there, to find how to solve this...

So I put the master key as a Gitlab variable (through settings > CI), and tried to copy it into a master.key file generated by script (see below). After trying a lot of methods, I'm still stuck with a "base64" issue, which I can't understand how to fix.

I'm getting started on Rails, and also on CI/CD... So if anyone could help me, it would be really great! Thx in advance.

.gitlab-ci.yml

image: docker
services:
  - docker:dind

cache:
  paths:
    - node_modules

stages:
  - build
  - test
  - release
  - deploy # staging ?

build:
  stage: build
  before_script:
    - apk add --no-cache py-pip python-dev libffi-dev openssl-dev gcc libc-dev make
    - pip install docker-compose
    - docker-compose --version
  script:
    - docker-compose build
    - docker-compose run app docker/wait_for_it.sh db:5433 --  "rake db:create db:migrate"

test:
  stage: test
  before_script:
    - apk add --no-cache py-pip python-dev libffi-dev openssl-dev gcc libc-dev make
    - pip install docker-compose
    - docker-compose --version
  script:
    - docker-compose --version
    # Here we will run tests when available...

release:
  stage: release
  only:
    - "feat-dockerisation"
  before_script:
    - docker info
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
    - echo "$RAILS_MASTER_KEY" | tr -d '\r' > config/master.key
  script:
    - docker build -t registry.gitlab.com/soykje/beweeg-ror:latest --pull .
    - docker push registry.gitlab.com/soykje/beweeg-ror:latest
  after_script:
    - docker logout registry.gitlab.com

Dockerfile

FROM ruby:2.5.5-slim

ARG PRECOMPILEASSETS

RUN apt-get update && apt-get install -y curl gnupg
RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ stretch-pgdg main" > /etc/apt/sources.list.d/pgdg.list
RUN curl -q https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -

RUN apt-get -y update && \
    apt-get install --fix-missing --no-install-recommends -qq -y \
      build-essential \
      vim \
      wget gnupg \
      git-all \
      curl \
      ssh \
      postgresql-client-10 libpq5 libpq-dev -y && \
    wget -qO- https://deb.nodesource.com/setup_9.x  | bash - && \
    apt-get install -y nodejs && \
    wget -qO- https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
    apt-get update && \
    apt-get install yarn && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

RUN gem install bundler
#Install gems
RUN mkdir /gems
WORKDIR /gems
COPY Gemfile .
COPY Gemfile.lock .
RUN bundle install

ARG INSTALL_PATH=/opt/beweeg
ENV INSTALL_PATH $INSTALL_PATH
WORKDIR $INSTALL_PATH
COPY . .

# Precompile assets (or not)
RUN docker/potential_asset_precompile.sh $PRECOMPILEASSETS

Hey soykje!

Rails will actually look for the RAILS_MASTER_KEY env variable, so if you just set that you should be fine. Saves you from the trouble of trying to write that out to a file and you can just set the env var like any other environment variable through docker.

Hi Chris,

Thx for your quick answer! Maybe I don't understand... but your suggestion is exactly what I am trying to do :

1. Save the master key as Gitlab variable
2. Use this variable to generate a master.key file, through Docker

And here is my problem: the echo "$RAILS_MASTER_KEY" | tr -d '\r' > config/master.key doesn't seem to work, and I'm stuck with a base64 issue... I also tried using the | base64 -d filter instead of | tr -d '\r', and then I'm having a missing key error... What am I missing?

Thank you for your help and your explanations.

I haven't actually used Gitlab's CI, but it's close.

So you don't need a master.key file as long as you have the RAILS_MASTER_KEY environment variable. Rails will check for the env var first and use that if it exists, otherwise it falls back to the file.

You should be able to set the env var using Gitlab and then you'd just need to make sure the env var from Gitlab is accessible in your docker image.

No need to write anything to master.key this way.