|
1 | 1 | FROM ruby:3.3-slim AS base |
2 | | -USER root |
3 | 2 |
|
4 | 3 | # Configure users and groups |
5 | 4 | RUN groupadd -g 40054 alma && \ |
6 | | - useradd -r -s /sbin/nologin -M -u 40054 -g alma alma && \ |
7 | | - useradd -u 40061 bfs && \ |
| 5 | + useradd -s /sbin/nologin -M -u 40054 -g alma alma && \ |
8 | 6 | groupadd -g 40061 bfs && \ |
9 | | - usermod -u 40061 -g bfs -G alma -l bfs default && \ |
10 | | - find / -user 1001 -exec chown -h bfs {} \; || true && \ |
11 | | - mkdir -p /opt/app && \ |
12 | | - chown -R bfs:bfs /opt/app |
13 | | - |
14 | | -# Get list of available packages |
15 | | -RUN apt-get -y update -qq |
16 | | - |
17 | | -COPY --chown=bfs . /opt/app |
| 7 | + useradd -u 40061 -g bfs -G alma -m bfs && \ |
| 8 | + install -d -o bfs -g bfs -m 0700 /opt/app /home/bfs/.ssh |
| 9 | + |
| 10 | +# Install packages common to dev/prod |
| 11 | +RUN apt-get -y update -qq && \ |
| 12 | + gem install bundler --version 2.5.22 |
| 13 | + |
| 14 | +# Ignore the system's platform and only install native Ruby versions |
| 15 | +ENV BUNDLE_FORCE_RUBY_PLATFORM=true |
| 16 | +# Prevent automatic updates to the Gemfile.lock |
| 17 | +ENV BUNDLE_FROZEN=true |
| 18 | +# Install Gems to the container's system-wide location |
| 19 | +ENV BUNDLE_SYSTEM=true |
| 20 | +# Prepend BFS script to PATH so you don't have to prefix with /opt/app/bin. |
| 21 | +ENV PATH=/opt/app/bin:$PATH |
18 | 22 |
|
| 23 | +WORKDIR /opt/app |
19 | 24 | ENTRYPOINT ["/opt/app/bin/bfs"] |
20 | 25 | CMD ["help"] |
21 | 26 |
|
22 | 27 | # =============================================== |
23 | 28 | # Target: development |
24 | 29 | # =============================================== |
25 | | - |
26 | 30 | FROM base AS development |
27 | 31 |
|
28 | | -USER root |
29 | | - |
30 | 32 | RUN apt-get -y --no-install-recommends install \ |
31 | | - build-essential \ |
32 | | - make |
33 | | - |
34 | | -USER bfs |
| 33 | + build-essential \ |
| 34 | + make |
35 | 35 |
|
36 | | -# Base image ships with an older version of bundler |
37 | | -RUN gem install bundler --version 2.5.22 |
38 | | - |
39 | | -WORKDIR /opt/app |
| 36 | +# Install rubygems. This step is separated from copying the |
| 37 | +# rest of the codebase to maximize cache hits. |
40 | 38 | COPY --chown=bfs Gemfile* .ruby-version ./ |
41 | | -RUN bundle config set force_ruby_platform true |
42 | | -RUN bundle config set system 'true' |
43 | 39 | RUN bundle install |
44 | 40 |
|
45 | | -# COPY --chown=bfs:bfs . . |
| 41 | +# Install the rest of the codebase. |
| 42 | +COPY --chown=bfs:bfs . . |
46 | 43 |
|
47 | 44 | # ================================= |
48 | 45 | # Target: production |
49 | 46 | # ================================= |
50 | 47 | FROM base AS production |
51 | 48 |
|
52 | | -# Copy the built codebase from the dev stage |
53 | | -# COPY --from=development --chown=bfs /opt/app /opt/app |
54 | | -COPY --from=development --chown=bfs /usr/local/bundle /usr/local/bundle |
| 49 | +# Copy the built codebase/dependencies from the dev stage |
| 50 | +COPY --from=development --chown=bfs:bfs /opt/app /opt/app |
| 51 | +COPY --from=development --chown=bfs:bfs /usr/local/bundle /usr/local/bundle |
55 | 52 |
|
56 | | -WORKDIR /opt/app |
57 | | -RUN bundle config set frozen 'true' |
58 | | -RUN bundle install --local |
| 53 | +# Drop privileges |
| 54 | +USER bfs |
| 55 | + |
| 56 | +# Verify the installation |
| 57 | +RUN bundle check && \ |
| 58 | + bfs help |
0 commit comments