From: Grant Slater Date: Mon, 30 Jan 2023 14:42:48 +0000 (+0000) Subject: sotm: Do not install Gems as root X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/7a9d3eeee531641b13f1932b602eb63ea390c41e?ds=sidebyside sotm: Do not install Gems as root --- diff --git a/cookbooks/stateofthemap/recipes/jekyll.rb b/cookbooks/stateofthemap/recipes/jekyll.rb index a57d230b6..5a55092dc 100644 --- a/cookbooks/stateofthemap/recipes/jekyll.rb +++ b/cookbooks/stateofthemap/recipes/jekyll.rb @@ -48,29 +48,35 @@ apache_module "rewrite" group "nogroup" end - # Workaround https://github.com/jekyll/jekyll/issues/7804 - # by creating a .jekyll-cache folder - directory "/srv/#{year}.stateofthemap.org/.jekyll-cache" do - mode "755" + # FIXME: fix the the vendor directory permissions from prior root installs + directory "/srv/#{year}.stateofthemap.org/vendor" do + action :create + recursive true owner "nobody" group "nogroup" end bundle_install "/srv/#{year}.stateofthemap.org" do action :nothing - options "--deployment --jobs #{node.cpu_cores}" - user "root" - group "root" + user "nobody" + group "nogroup" + environment "BUNDLE_FROZEN" => "true", + "BUNDLE_WITHOUT" => "development:test", + "BUNDLE_PATH" => "vendor/bundle", + "BUNDLE_DEPLOYMENT" => "1", + "BUNDLE_JOBS" => node.cpu_cores.to_s notifies :run, "bundle_exec[/srv/#{year}.stateofthemap.org]" only_if { ::File.exist?("/srv/#{year}.stateofthemap.org/Gemfile") } end bundle_exec "/srv/#{year}.stateofthemap.org" do action :nothing - command "jekyll build --trace --baseurl=https://#{year}.stateofthemap.org" + command "jekyll build --trace --disable-disk-cache --baseurl=https://#{year}.stateofthemap.org" user "nobody" group "nogroup" - environment "LANG" => "C.UTF-8" + environment "LANG" => "C.UTF-8", + "BUNDLE_PATH" => "vendor/bundle", + "BUNDLE_DEPLOYMENT" => "1" end ssl_certificate "#{year}.stateofthemap.org" do