-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
134 lines (100 loc) · 3.37 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Set the alpine version so they match for both images
ARG ALPINE_VERSION=3.20
# Set the NodeJS version
ARG NODE_VERSION=jod
# Set the Ruby version
ARG RUBY_VERSION=3.3.6
# Pull in the NodeJS image
FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} AS node
# Pull in the Ruby image
FROM ruby:${RUBY_VERSION}-alpine${ALPINE_VERSION} AS base
# Rails app lives here
WORKDIR /rails
# Set production environment
ENV RAILS_ENV="production" \
RAILS_SERVE_STATIC_FILES="true" \
RAILS_LOG_TO_STDOUT="true" \
BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle" \
BUNDLE_WITHOUT="development test"
# Set environment args from build args
ARG GIT_COMMIT
ENV GIT_COMMIT=$GIT_COMMIT
ARG APP_RUN_SIDEKIQ
ENV APP_RUN_SIDEKIQ=$APP_RUN_SIDEKIQ
ARG APP_RUN_RAKE_TASKS
ENV APP_RUN_RAKE_TASKS=$APP_RUN_RAKE_TASKS
ARG CLAMAV_SERVER_IP
ENV CLAMAV_SERVER_IP=$CLAMAV_SERVER_IP
ARG ASSETS_BUCKET
ENV ASSETS_BUCKET=$ASSETS_BUCKET
ARG APP_RUN_PRECOMPILE_ASSETS
ENV APP_RUN_PRECOMPILE_ASSETS=$APP_RUN_PRECOMPILE_ASSETS
# Collects the environment variables from the parameter store
##_PARAMETER_STORE_MARKER_##
# Throw-away build stage to reduce size of final image
FROM base AS build
# As this is a multistage Docker image build
# we will pull in the contents from the previous node image build stage
# to our current ruby build image stage
# so that the ruby image build stage has the correct nodejs version
COPY --from=node /usr/local/bin /usr/local/bin
# Install application dependencies
RUN apk add --update --no-cache \
build-base \
curl \
git \
libpq-dev \
npm \
tzdata
# Enable corepack for yarn
RUN corepack enable
# Install application gems
COPY Gemfile Gemfile.lock ./
RUN bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
bundle exec bootsnap precompile --gemfile
# Install node modules
COPY package.json yarn.lock .yarnrc.yml ./
COPY .yarn ./.yarn
RUN yarn workspaces focus --all --production
# Copy application code
COPY . .
# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN GOOGLE_GEOCODING_API_KEY=dummy SECRET_KEY_BASE_DUMMY=1 APP_RUN_PRECOMPILE_ASSETS="FALSE" ./bin/rails assets:precompile
# Final stage for app image
FROM base
# Install packages needed for deployment
RUN apk add --update --no-cache \
bash \
ca-certificates \
clamav \
clamav-daemon \
curl \
libpq-dev \
nginx \
tzdata
# Setup nginx for Sidekiq
RUN mkdir -p /run/nginx
COPY default.conf /etc/nginx/http.d/default.conf
# Copy built artifacts: gems, application
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build /rails /rails
# Run and own only the runtime files as a non-root user for security
RUN adduser rails -D --shell /bin/bash
# Own the runtime files for the app
RUN chown -R rails:rails db log storage tmp data
# Own the runtime files for ClamAV
RUN chown -R rails:rails /etc/clamav/clamd.conf
# Own the runtime files for nginx
RUN chown -R rails:rails /var/lib/nginx /var/log/nginx /var/run/nginx
USER rails:rails
# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
# Run the web app on port 8080
ENV PORT=8080
EXPOSE 8080
# Start the server by default, this can be overwritten at runtime
CMD ["./bin/rails", "server"]