-
Notifications
You must be signed in to change notification settings - Fork 138
Expand file tree
/
Copy pathDockerfile
More file actions
105 lines (78 loc) · 3.17 KB
/
Dockerfile
File metadata and controls
105 lines (78 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
ARG RUBY_VERSION=4.0.1
ARG NODE_VERSION=22.7.0
# Use Node image so we can pull the binaries from here.
FROM node:$NODE_VERSION AS node
# Ruby build image.
FROM ruby:${RUBY_VERSION}-slim AS base
# Setup environment variables.
ENV WORK_ROOT=/src
ENV APP_HOME=$WORK_ROOT/app
ENV LANG=C.UTF-8
ENV BUNDLE_PATH=$APP_HOME/vendor/bundle
# Set prod environment to avoid installing dev dependencies
ENV BUNDLE_WITHOUT=development:test
ENV BUNDLE_DEPLOYMENT=1
ENV RAILS_ENV=production
ENV NODE_ENV=production
# Throw-away build stage to reduce size of final image
FROM base AS builder
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y build-essential libssl-dev libpq-dev git libsasl2-dev libyaml-dev curl && \
rm -rf /var/lib/apt/lists/*
# Copy node binaries from node image.
COPY --from=node /usr/local /usr/local
COPY --from=node /opt /opt
# Create app directory.
RUN mkdir -p "${APP_HOME}"
# Setup work directory.
WORKDIR $APP_HOME
# Copy dependencies files and install libraries.
COPY --link Gemfile Gemfile.lock package.json yarn.lock .yarnrc.yml .ruby-version ./
RUN corepack enable
RUN gem install bundler && bundle install -j 4 && yarn install --immutable && \
bundle exec bootsnap precompile --gemfile && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
# Copy application code
COPY --link . .
# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile
# Build runtime image.
FROM base
# Install packages needed for deployment
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y curl libpq-dev libvips libjemalloc2 libyaml-dev && \
apt-get clean && rm -rf /var/lib/apt/lists/*
ENV USERNAME=rails_api_base
ENV USER_UID=1000
ENV USER_GID=1000
# Create a rootless user.
RUN groupadd --gid "$USER_GID" "$USERNAME" && \
useradd --uid "$USER_UID" --gid "$USER_GID" -m "$USERNAME"
# Create app directory.
RUN mkdir -p "${APP_HOME}" && chown -R "$USERNAME:$USERNAME" "$APP_HOME" && chmod -R 700 "$APP_HOME"
# Change to the rootless user.
USER "$USERNAME"
# Setup work directory.
WORKDIR "$APP_HOME"
# Copy everything from the builder image
COPY --chown="$USERNAME:$USERNAME" . .
COPY --from=builder --chown="$USERNAME:$USERNAME" "$APP_HOME/public/" "$APP_HOME/public/"
COPY --from=builder --chown="$USERNAME:$USERNAME" "$APP_HOME/tmp/" "$APP_HOME/tmp/"
COPY --from=builder --chown="$USERNAME:$USERNAME" "$APP_HOME/vendor/" "$APP_HOME/vendor/"
# Set permissions (700 for security) and create symlink
# Note: Permissions set via RUN instead of COPY --chmod for Heroku compatibility
USER root
RUN chmod -R 700 "$APP_HOME"
RUN ln -s /usr/lib/*-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so.2
USER "$USERNAME"
# Deployment options
ENV RAILS_LOG_TO_STDOUT=true
ENV RAILS_SERVE_STATIC_FILES=true
ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2
# Entrypoint prepares the database.
ENTRYPOINT ["./bin/docker-entrypoint"]
# Start the server by default, this can be overwritten at runtime
EXPOSE 3000
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]