-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This reverts commit 1da09ce.
- Loading branch information
Showing
5 changed files
with
1,042 additions
and
1,170 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,80 +1,28 @@ | ||
| # syntax = docker/dockerfile:1 | ||
| FROM ruby:2.7.8-bullseye as builder | ||
| LABEL maintainer="nabeta@fastmail.fm" | ||
|
|
||
| # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile | ||
| ARG RUBY_VERSION=2.7.8 | ||
| FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base | ||
|
|
||
| # Rails app lives here | ||
| WORKDIR /enju | ||
|
|
||
| # Set production environment | ||
| ENV RAILS_ENV="production" \ | ||
| BUNDLE_DEPLOYMENT="1" \ | ||
| BUNDLE_PATH="/usr/local/bundle" \ | ||
| BUNDLE_WITHOUT="development" | ||
|
|
||
|
|
||
| # Throw-away build stage to reduce size of final image | ||
| FROM base as build | ||
|
|
||
| # Install packages needed to build gems | ||
| RUN apt-get update -qq && apt-get install --no-install-recommends -y curl gnupg && \ | ||
| mkdir -p /etc/apt/keyrings && \ | ||
| curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ | ||
| curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarnkey.gpg && \ | ||
| echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ | ||
| echo "deb [signed-by=/etc/apt/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list && \ | ||
| apt-get update -qq && \ | ||
| apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config nodejs yarn | ||
|
|
||
| # Install application gems | ||
| COPY Gemfile Gemfile.lock ./ | ||
| RUN bundle install && \ | ||
| rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ | ||
| bundle exec bootsnap precompile --gemfile && \ | ||
| yarn install | ||
|
|
||
| # Copy application code | ||
| COPY . . | ||
|
|
||
| # Precompile bootsnap code for faster boot times | ||
| RUN bundle exec bootsnap precompile app/ lib/ | ||
|
|
||
| # Precompiling assets for production without requiring secret RAILS_MASTER_KEY | ||
| # RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile | ||
|
|
||
|
|
||
| # Final stage for app image | ||
| FROM base | ||
| ARG UID=1000 | ||
| ARG GID=1000 | ||
| ARG http_proxy | ||
| ARG https_proxy | ||
|
|
||
| # Install packages needed for deployment | ||
| RUN apt-get update -qq && apt-get install --no-install-recommends -y curl gnupg && \ | ||
| mkdir -p /etc/apt/keyrings && \ | ||
| curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ | ||
| curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor -o /etc/apt/keyrings/yarnkey.gpg && \ | ||
| echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ | ||
| echo "deb [signed-by=/etc/apt/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | tee /etc/apt/sources.list.d/yarn.list && \ | ||
| apt-get update -qq && \ | ||
| apt-get install --no-install-recommends -y libvips postgresql-client nodejs yarn && \ | ||
| rm -rf /var/lib/apt/lists /var/cache/apt/archives | ||
|
|
||
| # Copy built artifacts: gems, application | ||
| COPY --from=build /usr/local/bundle /usr/local/bundle | ||
| COPY --from=build /enju /enju | ||
| COPY Gemfile / | ||
| COPY Gemfile.lock / | ||
| RUN apt-get update -qq && apt-get install -y libpq-dev && bundle install | ||
|
|
||
| # Run and own only the runtime files as a non-root user for security | ||
| RUN groupadd --gid ${GID} enju && \ | ||
| useradd enju --uid ${UID} --gid ${GID} --create-home --shell /bin/bash && \ | ||
| chown -R enju:enju db log storage tmp | ||
| USER enju:enju | ||
| FROM ruby:2.7.8-bullseye | ||
| LABEL maintainer="nabeta@fastmail.fm" | ||
|
|
||
| # Entrypoint prepares the database. | ||
| ENTRYPOINT ["/enju/bin/docker-entrypoint"] | ||
| ARG http_proxy | ||
| ARG https_proxy | ||
| ARG UID=1000 | ||
| ARG GID=1000 | ||
|
|
||
| # Start the server by default, this can be overwritten at runtime | ||
| EXPOSE 3000 | ||
| CMD ["./bin/rails", "server"] | ||
| RUN groupadd --gid ${GID} enju && useradd -m --uid ${UID} --gid ${GID} enju | ||
| RUN apt-get update -qq && curl -sL https://deb.nodesource.com/setup_16.x | bash - && \ | ||
| apt-get install -y nodejs postgresql-client imagemagick poppler-utils ffmpeg && npm install -g yarn | ||
| RUN mkdir /enju && chown -R enju:enju /enju | ||
| USER enju | ||
| WORKDIR /enju | ||
| ADD package.json yarn.lock ./ | ||
| RUN yarn install --frozen-lockfile | ||
| COPY --from=builder /usr/local/bundle /usr/local/bundle | ||
| COPY . /enju/ |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.