From bce80379fcd92c26bfc89f4843004235836eced6 Mon Sep 17 00:00:00 2001
From: Andy Hunt <andy.hunt@digital.cabinet-office.gov.uk>
Date: Fri, 23 May 2025 13:42:56 +0100
Subject: [PATCH] Add volume hints to the Dockerfile

We can use VOLUME instructions in our Dockerfile to instruct the runtime to
create a mount point for an external volume.

When AWS ECS sees the instruction (from the built container), it automatically
attaches ephemeral storage at that location [1]. This is useful for us because
we want to enable read only root filesystems, but the applications still need
to be able to write to a small portion of it. We can achieve that by mounting
ephemeral storage atop the paths it needs to write to.

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/bind-mounts.html#bind-mount-considerations
---
 Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index beb75455..fc5278e4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -37,6 +37,11 @@ COPY --chown=ruby:ruby . .
 
 FROM base AS app
 
+# Each directory that Rails or our application needs to
+# write to under /app/tmp/ must be added individually
+VOLUME "/tmp/"
+VOLUME "/app/tmp/sockets/"
+
 ENV RAILS_ENV="${RAILS_ENV:-production}" \
     PATH="${PATH}:/home/ruby/.local/bin" \
     USER="ruby"