From https://github.com/ledermann/docker-rails-base <3
Building Docker images usually takes a long time. This repo contains base images with preinstalled dependencies for Ruby on Rails, so building a production image will be 2-3 times faster.
When using the official Ruby image, building a Docker image for a typical Rails application requires lots of time for installing dependencies - mainly OS packages, Ruby gems, Ruby gems with native extensions (Nokogiri etc.) and Node modules. This is required every time the app needs to be deployed to production.
I was looking for a way to reduce this time, so I created base images that contain most of the dependencies used in my applications.
And while I'm at it, I also moved as much as possible from the app-specific Dockerfile into the base image by using ONBUILD triggers. This makes the Dockerfile in my apps small and simple.
I compared building times using a typical Rails application. This is the result on my local machine:
- Based on official Ruby image: 4:50 min
- Based on DockerRailsBase: 1:57 min
As you can see, using DockerRailsBase is more than 2 times faster compared to the official Ruby image. It saves nearly 3min on every build.
Note: Before I started timing, the base image was not available on my machine, so it was downloaded first, which took some time. If the base image is already available, the building time is only 1:18min (3 times faster).
This repo is based on the following assumptions:
- Your app is compatible with Ruby 3.0.1 for Alpine Linux
- Your app uses Ruby on Rails 6.0 or 6.1
- Your app uses PostgreSQL
- Your app installs Node modules with Yarn
- Your app compiles JS with Webpacker and/or Asset pipeline (Sprockets)
It uses multi-stage building to build a very small production image. There are two Dockerfiles in this repo, one for the first stage (called Builder
) and one for the resulting stage (called Final
).
The Builder
stage installs Ruby gems and Node modules. It also includes Git, Node.js and some build tools - all we need to compile assets.
- Based on ruby:3.0.1-alpine
- Adds packages needed for installing gems and compiling assets: Git, Node.js, Yarn, PostgreSQL client and build tools
- Adds some standard Ruby gems (Rails 6.1 etc., see Gemfile)
- Adds Node modules from the Rails community (Turbo, Stimulus etc., see package.json)
- Via ONBUILD triggers it installs missing gems and Node modules, then compiles the assets
The Final
stage builds the production image, which includes just the bare minimum.
- Based on ruby:3.0.1-alpine
- Adds packages needed for production: postgresql-client, tzdata, file
- Via ONBUILD triggers it mainly copies the app and gems from the
Builder
stage
See Final/Dockerfile
Using Dependabot, every updated Ruby gem or Node module results in an updated image.
Add this Dockerfile
to your application:
FROM vrizzt/rails_base_builder:3.0.1 AS Builder
FROM vrizzt/rails_base_final:3.0.1
USER app
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]
Yes, this is the complete Dockerfile
of your Rails app. It's so simple because the work is done by ONBUILD triggers.
Now build the image:
$ docker build .
BuildKit requires a little workaround to trigger the ONBUILD statements. Add a COPY
statement to the Dockerfile
:
FROM vrizzt/rails-base-builder:3.0.1 AS Builder
FROM vrizzt/rails-base-final:3.0.1
# Workaround to trigger Builder's ONBUILDs to finish:
COPY --from=Builder /etc/alpine-release /tmp/dummy
USER app
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]
Now you can build the image with BuildKit:
docker buildx build .
You can use private npm/Yarn packages by mounting the config file:
docker buildx build --secret id=npmrc,src=$HOME/.npmrc .
or
docker buildx build --secret id=yarnrc,src=$HOME/.yarnrc.yml .
Example to build the application's image with GitHub Actions and push it to the GitHub Container Registry:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Login to GitHub Container Registry
run: echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin
- name: Build the image
run: |
export COMMIT_TIME=$(git show -s --format=%ci ${GITHUB_SHA})
export COMMIT_SHA=${GITHUB_SHA}
docker build --build-arg COMMIT_TIME --build-arg COMMIT_SHA -t ghcr.io/user/repo:latest .
- name: Push the image
run: docker push ghcr.io/user/repo:latest
Both Docker images (Builder
and Final
) are regularly published at DockerHub and tagged with the current Ruby version:
- https://hub.docker.com/repository/docker/vrizzt/ruby_base_builder
- https://hub.docker.com/repository/docker/vrizzt/ruby_base_final
Beware: The published images are not immutable. When a dependency (e.g. Ruby gem) is updated, the images will be republished using the same tag.
When a new Ruby version comes out, a new tag is introduced and the images will be published using this tag and the former images will not be updated anymore. Here is a list of the tags that have been used in this repo so far:
Ruby version | Tag | First published |
---|---|---|
3.0.1 | 3.0.1 | 2021-06-04 |
2.7.2 | 2.7.2 | 2020-06-04 |
The latest Docker images are also tagged as latest
. However, it is not recommended to use this tag in your Rails application, because updating an app to a new Ruby version usually requires some extra work.
Docker supports layer caching, so for building images it performs just the needed steps: If there is a layer from a former build and nothing has changed, it will be used. But for dependencies, this means: If a single Ruby gem in the application was updated or added, the step with bundle install
is run again, so all gems will be installed again.
Using a prebuilt image improves installing dependencies a lot, because only the different/updated dependencies will be installed - all existing ones will be reused.
This doesn't matter:
- A missing Alpine package can be installed with
apk add
inside your app's Dockerfile. - A missing Node module (or version) will be installed with
rails assets:precompile
via the ONBUILD trigger. - A missing Ruby gem (or version) will be installed with
bundle install
via the ONBUILD trigger.
No. In the build stage there is a bundle clean --force
, which uninstalls all gems not referenced in the app's Gemfile.