Build Rails app for production environment

Author: NathanielRN

.gitignore

@@ -7,3 +7,4 @@
 # ruby-on-rails
 **/ruby-on-rails/tmp
 **/ruby-on-rails/log
+master.key

sample-apps/manual-instrumentation/ruby-on-rails/Dockerfile

@@ -8,4 +8,11 @@ RUN bundle install
 
 ENV HOME=/
 
+ENV RACK_ENV=production
+
+# DO NOT follow this pattern of committing your master key into source code.
+# This is just required to run a `production` rails app.
+
+ENV RAILS_MASTER_KEY=e6780fe49c28c60ed2b594459981580c
+
 CMD rails server

sample-apps/manual-instrumentation/ruby-on-rails/README.md

@@ -30,6 +30,34 @@ Sending metrics to Amazon CloudWatch is not yet validated. Check out the [OpenTe
 
 ## Application structure
 
-Although this app was created with the `ruby new ruby-on-rails --minimal` command, it has been even further stripped down to focus on the OpenTelemetry changes needed to get tracing in this ruby on rails app.
+This section describes the decisions made when designing this sample app structure
+
+### A minimal app
+
+Although this app was created with the `rails new ruby-on-rails --minimal` command, it has been even further stripped down to focus on the OpenTelemetry changes needed to get tracing in this ruby on rails app.
 
 The changes needed to trace with OpenTelemetry are found in [sample-apps/manual-instrumentation/ruby-on-rails/config/initializers/opentelemetry.rb](sample-apps/manual-instrumentation/ruby-on-rails/config/initializers/opentelemetry.rb).
+
+### Running the app in `production` for tests
+
+We build our application for a `production` environment because of https://github.com/aws-observability/aws-otel-ruby/pull/10.
+
+However, to allow for a `production` environment, the rails app requires a "secret_base_key". Otherwise it will spam the log output with warnings which is really troublesome.
+
+To solve this, we added **dummy credentials** which don't do anything. Because this is an example, **we directly commit the security credentials in the Dockerfile** but this is **NOT GOOD PRACTICE FOR REAL PRODUCTION ENVIRONMENTS**. We allow it to be like this because we want this demo example to work.
+
+You can confirm the credentials work and view the encoded contents of by doing the following command:
+
+```bash
+$ cd sample-apps/manual-instrumentation/ruby-on-rails
+$ RAILS_MASTER_KEY=<KEY_IN_SAMPLE-APP_DOCKERFILE> bin/rails credentials:edit
+```
+
+This will show the following contents:
+
+```yaml
+# NOTE: DO NOT USE THIS IN PRODUCTION ENVIRONMENTS, WE ONLY SET THIS TO SIMULATE A REAL RAILS APP.
+
+# Used as the base secret for all MessageVerifiers in Rails, including the one protecting cookies.
+secret_key_base: DO_NOT_STORE_A_SECRET_THIS_IS_JUST_FOR_AN_EXAMPLE
+```

sample-apps/manual-instrumentation/ruby-on-rails/bin/rails

@@ -0,0 +1 @@
+HuW+UqYwDMY5cxouXkoD+0COlk6eGJv5s3evlSyjOzw0NT1aFarbTaDpHhxiPfB2IrZ/hD7yMg7MvcFU9S5KxlJABOSK5jBQ9eZV2BQcW6/vJsPca4dntwTuf6wDbD6YVFnsF5MJ1lDjUjNy4SGrxsxwqUhx73fZIfbllNais2lV5uGAgIpGQA6x/DPZ2QOcTYd46tMdz7TxHyv9vWIgJensUMZoQ5L2+vlXhHRJ3XVoM+Dz2AU3ubll95gglTOd33BqEbUcen5VvdYB49ugg8WE+7mayC9DTzsLkOe72Vbw7T2m5KXJzsR+ZesSFaW+oJQaeDseHRM0kHfHqdk9Nr3dpaLQXdWG93uap2rh+pw=--koERuqkTE0/631gF--1ZFLVbmAiutXQs+cTnTlAA==

sample-apps/manual-instrumentation/ruby-on-rails/config/credentials.yml.enc

@@ -18,7 +18,7 @@
 
   # Ensures that a master key has been made available in either ENV['RAILS_MASTER_KEY']
   # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
-  # config.require_master_key = true
+  config.require_master_key = true
 
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.