Bump actions/checkout from 3 to 4

.gitattributes

@@ -5,3 +5,5 @@ db/schema.rb linguist-generated
 
 # Mark any vendored files as having been vendored.
 vendor/* linguist-vendored
+config/credentials/*.yml.enc diff=rails_credentials
+config/credentials.yml.enc diff=rails_credentials

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+- package-ecosystem: bundler
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10

.github/workflows/ci.yml

@@ -8,9 +8,8 @@
 name: CI
 
 on:
-  push:
-    branches: [main]
   pull_request:
+  push:
     branches: [main]
 
 jobs:
@@ -45,7 +44,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "3.3"
+          ruby-version: .ruby-version
           bundler-cache: true
       - name: Create test database
         env:
@@ -72,7 +71,7 @@ jobs:
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: "3.3"
+          ruby-version: .ruby-version
           bundler-cache: true
       - name: Run Rubocop
         run: |
@@ -85,6 +84,6 @@ jobs:
           cp .rubocop-rails/.rubocop-rails.yml .
           cat .rubocop.yml | sed -e 's/~\/.rubocop/.rubocop/' | sed -e 's/.rubocop.yml/.rubocop-ruby.yml/' > .rubocop2.yml
           mv .rubocop2.yml .rubocop.yml
-          rubocop --parallel
+          rubocop --parallel -f github
       - name: Run Brakeman
-        uses: artplan1/brakeman-action@v1
+        run: bin/brakeman --no-pager

.github/workflows/deploy.yml

@@ -25,7 +25,7 @@ jobs:
       runs-on: ubuntu-latest
       steps:
         - name: Check out repository
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
         - name: Set up flyctl
           uses: superfly/flyctl-actions/setup-flyctl@master
         - name: Deploy to Fly.io

Dockerfile

@@ -1,39 +1,46 @@
 # syntax = docker/dockerfile:1
 
-# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
+# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
+# docker build -t my-app .
+# docker run -d -p 80:80 -p 443:443 --name my-app -e RAILS_MASTER_KEY=<value from config/master.key> my-app
+
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
 ARG RUBY_VERSION=3.3.4
-FROM ruby:$RUBY_VERSION-slim as base
+FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
 
 LABEL fly_launch_runtime="rails"
 
 # Rails app lives here
 WORKDIR /rails
 
+# Install base packages
+RUN apt-get update -qq && \
+    apt-get install --no-install-recommends -y curl libjemalloc2 libvips postgresql-client && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+
 # Set production environment
-ENV BUNDLE_DEPLOYMENT="1" \
+ENV RAILS_ENV="production" \
+    BUNDLE_DEPLOYMENT="1" \
     BUNDLE_PATH="/usr/local/bundle" \
     BUNDLE_WITHOUT="development:test" \
-    RAILS_ENV="production"
-
-# Update gems and bundler
-RUN gem update --system --no-document && \
-    gem install -N bundler
-
 
 # Throw-away build stage to reduce size of final image
-FROM base as build
+FROM base AS build
 
 # Install packages needed to build gems
 RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential libpq-dev libyaml-dev git
+    apt-get install --no-install-recommends -y build-essential git libpq-dev pkg-config libyaml-dev && \
+    rm -rf /var/lib/apt/lists /var/cache/apt/archives
 
 # Install application gems
-COPY --link Gemfile Gemfile.lock ./
+COPY Gemfile Gemfile.lock ./
 RUN bundle install && \
     rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 
 # Copy application code
-COPY --link . .
+COPY . .
+
+
 
 
 # Final stage for app image
@@ -51,11 +58,12 @@ COPY --from=build /rails /rails
 # Run and own only the runtime files as a non-root user for security
 RUN groupadd --system --gid 1000 rails && \
     useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
-    chown -R 1000:1000 db log storage tmp
+    chown -R rails:rails db log storage tmp
 USER 1000:1000
 
-# Entrypoint sets up the container.
+# Entrypoint prepares the database.
 ENTRYPOINT ["/rails/bin/docker-entrypoint"]
 
 # Start the server by default, this can be overwritten at runtime
 EXPOSE 3000
+CMD ["./bin/rails", "server"]

Gemfile

@@ -15,6 +15,7 @@ gem "devise"
 gem "devise-jwt"
 gem "rack-cors"
 gem "redis"
+gem 'kredis'
 gem "sidekiq"
 
 # MODELS
@@ -27,6 +28,9 @@ gem "jbuilder"
 gem "bugsnag"
 
 group :development do
+  # LINT
+  gem "brakeman", require: false
+
   # ERRORS
   gem "binding_of_caller"
 
@@ -35,8 +39,8 @@ group :development do
 end
 
 group :doc do
-  gem "redcarpet", require: nil
-  gem "yard", require: nil
+  gem "redcarpet", require: false
+  gem "yard", require: false
 end
 
 group :test do