-
Notifications
You must be signed in to change notification settings - Fork 17
Expand file tree
/
Copy pathDockerfile.test
More file actions
139 lines (118 loc) · 4.53 KB
/
Dockerfile.test
File metadata and controls
139 lines (118 loc) · 4.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
ARG RUBY_VERSION=3.0.3
FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim AS base
# Rails app lives here
WORKDIR /opt/webapps/app
# Set staging environment
ENV RAILS_ENV="staging" \
RAILS_LOG_TO_STDOUT=true \
BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle"
# Throw-away build stage to reduce size of final image
FROM base AS build
# Install packages needed to build gems and node modules
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y \
build-essential \
imagemagick=* \
shared-mime-info \
zip \
unzip \
curl \
git \
gnupg2 \
libpq-dev \
libxslt1-dev \
libxml2-dev \
libzip-dev \
ca-certificates \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Install JavaScript dependencies (Using precompiled binaries with dynamic architecture!)
ARG NODE_VERSION=14.21.3
ENV PATH=/usr/local/node/bin:$PATH
RUN ARCH=$(dpkg --print-architecture) && \
if [ "$ARCH" = "amd64" ]; then NODE_ARCH="x64"; else NODE_ARCH="arm64"; fi && \
mkdir -p /usr/local/node && \
curl -fsSL "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.gz" | tar xz -C /usr/local/node --strip-components=1
# Set up locale
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y locales
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
RUN sed -i -e 's/# et_EE.UTF-8 UTF-8/et_EE.UTF-8 UTF-8/' /etc/locale.gen && \
dpkg-reconfigure --frontend=noninteractive locales && \
update-locale LANG=et_EE.UTF-8
ENV LANG=et_EE.UTF-8
# Install application gems
COPY Gemfile Gemfile.lock ./
RUN gem install bundler && \
bundle config set --local without 'development test' && \
bundle install && \
bundle clean --force && \
# Remove gem cache to save space in final image (~50-100MB saved)
rm -rf ${BUNDLE_PATH}/cache/*.gem
# Copy application code
COPY . .
# Copy sample config for asset precompilation (real values come from env at runtime)
RUN cp config/application.yml.sample config/application.yml && \
cp config/database.yml.sample config/database.yml
# Precompile assets
RUN RAILS_ENV=staging SECRET_KEY_BASE=dummy_for_assets \
ACTION_MAILER_DEFAULT_HOST=dummy.host \
ACTION_MAILER_DEFAULT_FROM=dummy@example.com \
bundle exec rails assets:precompile && \
echo "Assets precompiled successfully for staging" && \
ls -la public/assets/ | head -20 && \
# Remove temporary cache generated by assets:precompile (~100MB+ saved)
rm -rf tmp/cache/assets
# Final stage for app image
FROM base
# Install packages needed for deployment (incl. wkhtmltopdf runtime deps)
# Note: Removed dev dependencies like libpq-dev and libzip-dev -> using runtime equivalents if needed
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y \
curl \
git \
postgresql-client \
imagemagick=* \
shared-mime-info \
locales \
zip \
unzip \
nodejs \
libxrender1 \
libxext6 \
libx11-6 \
libfontconfig1 \
libfreetype6 \
libjpeg62-turbo \
xfonts-base \
xfonts-75dpi \
dnsutils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# Set up locale
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
RUN sed -i -e 's/# et_EE.UTF-8 UTF-8/et_EE.UTF-8 UTF-8/' /etc/locale.gen && \
dpkg-reconfigure --frontend=noninteractive locales && \
update-locale LANG=et_EE.UTF-8
ENV LANG=et_EE.UTF-8
# Copy built artifacts: gems, application
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /opt/webapps/app /opt/webapps/app
# Run and own only the runtime files as a non-root user for security
RUN groupadd --system --gid 1000 rails && \
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
mkdir -p db log tmp && \
chown -R rails:rails /opt/webapps/app
# Fix permissions for wkhtmltopdf-binary gem (run as root before switching user)
RUN chmod +x /usr/local/bundle/ruby/*/gems/wkhtmltopdf-binary-*/bin/wkhtmltopdf* 2>/dev/null || true && \
chown -R 1000:1000 /usr/local/bundle/ruby/*/gems/wkhtmltopdf-binary-*/bin/ 2>/dev/null || true
# Direct copy with chown to avoid root permissions on the file
COPY --chown=1000:1000 config/application.yml.sample config/application.yml
USER 1000:1000
# Entrypoint prepares the database.
# ENTRYPOINT ["/opt/webapps/app/bin/docker-entrypoint"]
# Expose port
EXPOSE 3000
# Start the application
CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"]