Octree |
Contact Us |
Our Blog (FR)
Decidim |
Decidim Docs |
Participatory Governance (meta decidim)
Decidim Community (Matrix+Element.io)
This app is a Ruby on Rails app running Decidim for participer.ge.ch, the official participatory platform for the state of Geneva.
This app uses Octree's Decidim version, used for all Octree projects.
This application's infrastructure is under the responsibility of Office cantonal des systèmes d'information et du numérique (OCSIN). They fully deploy the application into their infrastructures after strict security pipelines. Underlying infrastructure can not be disclosed at this time.
A docker image is used for deployment, the docker image is ready for production, with some common configurations for RoR production images. The docker image includes:
- ImageMagick configurations, to avoid ImageTragick issues on image manipulations and avoid Server-side interaction (see https://thoughtbot.com/blog/paperclip-is-vulnerable-to-the-imagetragick-vulnerability and https://imagetragick.com/ for references)
- Non-root user and group to run the puma application (see docker docs https://docs.docker.com/engine/install/linux-postinstall/ as references, and https://engineering.bitnami.com/articles/why-non-root-containers-are-important-for-security.html#:~:text=So why would you do,on your server%2C for example.)
This app uses an Octree version of Decidim, where we do as few changes as possible to stay near the main branch. The updates concern mainly theming and exploitation:
- The main body class has a class for each organization. This allows having multi-tenant instances with different custom themes
- The theme is customized to overload the Foundation for Sites library
- Logs of the system are done on a daily matter, to isolate issues faster
- Puma is optimized and uses a custom SSL certificate, served by the OCSIN
