]> git.openstreetmap.org Git - chef.git/commitdiff
sotm: Do not install Gems as root
authorGrant Slater <github@firefishy.com>
Mon, 30 Jan 2023 14:42:48 +0000 (14:42 +0000)
committerGrant Slater <github@firefishy.com>
Mon, 30 Jan 2023 14:42:48 +0000 (14:42 +0000)
cookbooks/stateofthemap/recipes/jekyll.rb

index a57d230b6771b7ba7493d5fd01f9ca156d40163a..5a55092dcbdf107b34d883d209c103e0c0018623 100644 (file)
@@ -48,29 +48,35 @@ apache_module "rewrite"
     group "nogroup"
   end
 
     group "nogroup"
   end
 
-  # Workaround https://github.com/jekyll/jekyll/issues/7804
-  # by creating a .jekyll-cache folder
-  directory "/srv/#{year}.stateofthemap.org/.jekyll-cache" do
-    mode "755"
+  # FIXME: fix the the vendor directory permissions from prior root installs
+  directory "/srv/#{year}.stateofthemap.org/vendor" do
+    action :create
+    recursive true
     owner "nobody"
     group "nogroup"
   end
 
   bundle_install "/srv/#{year}.stateofthemap.org" do
     action :nothing
     owner "nobody"
     group "nogroup"
   end
 
   bundle_install "/srv/#{year}.stateofthemap.org" do
     action :nothing
-    options "--deployment --jobs #{node.cpu_cores}"
-    user "root"
-    group "root"
+    user "nobody"
+    group "nogroup"
+    environment "BUNDLE_FROZEN" => "true",
+                "BUNDLE_WITHOUT" => "development:test",
+                "BUNDLE_PATH" => "vendor/bundle",
+                "BUNDLE_DEPLOYMENT" => "1",
+                "BUNDLE_JOBS" => node.cpu_cores.to_s
     notifies :run, "bundle_exec[/srv/#{year}.stateofthemap.org]"
     only_if { ::File.exist?("/srv/#{year}.stateofthemap.org/Gemfile") }
   end
 
   bundle_exec "/srv/#{year}.stateofthemap.org" do
     action :nothing
     notifies :run, "bundle_exec[/srv/#{year}.stateofthemap.org]"
     only_if { ::File.exist?("/srv/#{year}.stateofthemap.org/Gemfile") }
   end
 
   bundle_exec "/srv/#{year}.stateofthemap.org" do
     action :nothing
-    command "jekyll build --trace --baseurl=https://#{year}.stateofthemap.org"
+    command "jekyll build --trace --disable-disk-cache --baseurl=https://#{year}.stateofthemap.org"
     user "nobody"
     group "nogroup"
     user "nobody"
     group "nogroup"
-    environment "LANG" => "C.UTF-8"
+    environment "LANG" => "C.UTF-8",
+                "BUNDLE_PATH" => "vendor/bundle",
+                "BUNDLE_DEPLOYMENT" => "1"
   end
 
   ssl_certificate "#{year}.stateofthemap.org" do
   end
 
   ssl_certificate "#{year}.stateofthemap.org" do