-
Notifications
You must be signed in to change notification settings - Fork 8
/
Dockerfile
81 lines (54 loc) · 2.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
FROM hexpm/elixir:1.17.2-erlang-26.1.2-alpine-3.17.9 AS elixir-builder
# elixir expects utf8.
ENV LANG=C.UTF-8 \
MIX_ENV=prod
WORKDIR /root
ADD . .
# Install git so we can install dependencies from GitHub
RUN apk add --no-cache --update git
# Install Hex+Rebar+deps
RUN mix local.hex --force && \
mix local.rebar --force && \
mix do deps.get --only prod
FROM node:20.11.0-alpine3.19 as assets-builder
WORKDIR /root
ADD . .
# Copy in elixir deps required to build node modules for phoenix
COPY --from=elixir-builder /root/deps ./deps
# Build dependencies in case certain packages don't have prebuild binaries
RUN apk add --no-cache --update python3 build-base
RUN npm --prefix assets ci
RUN npm --prefix assets run deploy
FROM elixir-builder as app-builder
ENV LANG="C.UTF-8" MIX_ENV=prod
RUN apk add --no-cache --update curl
WORKDIR /root
ADD \
--checksum=sha256:390fdc813e2e58ec5a0def8ce6422b83d75032899167052ab981d8e1b3b14ff2 \
https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem \
aws-cert-bundle.pem
# Add frontend assets compiled in node container, required by phx.digest
COPY --from=assets-builder /root/priv/static ./priv/static
ARG SENTRY_RELEASE
ENV SENTRY_RELEASE=${SENTRY_RELEASE}
RUN mix do compile --force, phx.digest, sentry.package_source_code, release
FROM alpine:3.17.5
RUN apk upgrade --no-cache --update
RUN apk add --no-cache --update libssl1.1 libstdc++ \
libgcc ncurses-libs bash curl dumb-init
# Create non-root user
RUN addgroup -S skate && adduser -S -G skate skate
WORKDIR /home/skate
USER skate
# Set environment
ENV MIX_ENV=prod TERM=xterm LANG="C.UTF-8" PORT=4000 REPLACE_OS_VARS=true
# Add frontend assets with manifests from app-builder container
COPY --from=app-builder --chown=skate:skate /root/priv/static ./priv/static
# Add application artifact compiled in app-builder container
COPY --from=app-builder --chown=skate:skate /root/_build/prod/rel/skate .
COPY --from=app-builder --chown=skate:skate /root/aws-cert-bundle.pem ./priv/aws-cert-bundle.pem
# Expose HTTP, EPMD, and Erlang RPC
EXPOSE 4000 4369 57195
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
# Run the application
CMD ["bin/skate", "start"]