Skip to content
Galley

Stacks / Rails

Preview environments for Rails.

Rails with Postgres, Redis, and Sidekiq.

  • Rails 7
  • Postgres 16
  • Redis 7
  • Sidekiq

A well-set-up Rails monolith is one of the most review-friendly stacks to put into preview environments. Active Record handles migrations, Sidekiq does the background work, and everything lives in one repo. Galley’s job is to not get in the way.

The config

version: 1

services:
  web:
    kind: web
    build:
      path: ./
    expose: 3000
    depends_on: [postgres, cache]
    env:
      DATABASE_URL: postgres://app:pw@postgres:5432/app
      REDIS_URL: redis://cache:6379/0
      RAILS_ENV: production
      RAILS_LOG_TO_STDOUT: "1"
      RAILS_SERVE_STATIC_FILES: "1"
      RAILS_MASTER_KEY: "${RAILS_MASTER_KEY}"

  sidekiq:
    kind: worker
    build:
      path: ./
      start: "bundle exec sidekiq"
    depends_on: [postgres, cache]
    env:
      DATABASE_URL: postgres://app:pw@postgres:5432/app
      REDIS_URL: redis://cache:6379/0
      RAILS_ENV: production
      RAILS_MASTER_KEY: "${RAILS_MASTER_KEY}"

  postgres:
    kind: database
    image: postgres:16-alpine
    expose: 5432
    env:
      POSTGRES_USER: app
      POSTGRES_PASSWORD: pw
      POSTGRES_DB: app

  cache:
    kind: cache
    image: redis:7-alpine
    expose: 6379

RAILS_MASTER_KEY is a project-level env var managed in the dashboard, marked secret: true so it’s encrypted under the instance master key. Galley decrypts and injects it at deploy time. The plaintext never lives on disk after install.

Migrations: run on web start (bin/rails db:migrate && bin/rails server) or extract them to a one-shot kind: worker with restart: never.

The usual gotcha

RAILS_MASTER_KEY ergonomics. Previews need it (or a preview-scoped variant) to decrypt config/credentials.yml.enc. The temptation to commit it to avoid the config step is strong and always a mistake.

Put the key in Settings → Environment vars as a secret. Reference it from galley.yml as ${RAILS_MASTER_KEY}. The plaintext stays out of the image, out of build logs, out of any audit trail for users without access. Rotation is one click.

For open-source Rails repos that want previews on drive-by PRs, generate a preview-only credentials file with test data and commit that master key. Keep the real production key scoped to trusted contributors only.