-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
95 lines (75 loc) · 3.19 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
FROM ruby:3.0 AS builder
RUN apt-get update && apt-get upgrade -y && apt-get install gnupg2 && \
curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
apt-get update && apt-get install -y nodejs yarn \
build-essential \
postgresql-client \
libpq-dev && \
apt-get clean
# throw errors if Gemfile has been modified since Gemfile.lock
RUN bundle config --global frozen 1
WORKDIR /app
# Copy package dependencies files only to ensure maximum cache hit
COPY ./package-lock.json /app/package-lock.json
COPY ./package.json /app/package.json
COPY ./Gemfile /app/Gemfile
COPY ./Gemfile.lock /app/Gemfile.lock
RUN bundle config --local without 'development test' && \
bundle install -j4 --retry 3 && \
# Remove unneeded gems
bundle clean --force && \
# Remove unneeded files from installed gems (cache, *.o, *.c)
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/ -name "*.c" -delete && \
find /usr/local/bundle/ -name "*.o" -delete && \
find /usr/local/bundle/ -name ".git" -exec rm -rf {} + && \
find /usr/local/bundle/ -name ".github" -exec rm -rf {} + && \
# whkhtmltopdf has binaries for all platforms, we don't need them once uncompressed
rm -rf /usr/local/bundle/gems/wkhtmltopdf-binary-*/bin/*.gz && \
# Remove additional unneded decidim files
find /usr/local/bundle/ -name "decidim_app-design" -exec rm -rf {} + && \
find /usr/local/bundle/ -name "spec" -exec rm -rf {} +
RUN npm ci
# copy the rest of files
COPY . /app
# Compile assets with Webpacker or Sprockets
#
# Notes:
# 1. Executing "assets:precompile" runs "webpacker:compile", too
# 2. For an app using encrypted credentials, Rails raises a `MissingKeyError`
# if the master key is missing. Because on CI there is no master key,
# we hide the credentials while compiling assets (by renaming them before and after)
#
RUN mv config/credentials.yml.enc config/credentials.yml.enc.bak 2>/dev/null || true
RUN mv config/credentials config/credentials.bak 2>/dev/null || true
RUN RAILS_ENV=production \
SECRET_KEY_BASE=dummy \
RAILS_MASTER_KEY=dummy \
bundle exec rails assets:precompile
RUN mv config/credentials.yml.enc.bak config/credentials.yml.enc 2>/dev/null || true
RUN mv config/credentials.bak config/credentials 2>/dev/null || true
RUN rm -rf node_modules tmp/cache vendor/bundle test spec app/packs .git
# This image is for production env only
FROM ruby:3.0-slim AS final
RUN apt-get update && \
apt-get install -y postgresql-client imagemagick && \
apt-get clean
EXPOSE 3000
ENV RAILS_LOG_TO_STDOUT true
ENV RAILS_SERVE_STATIC_FILES true
ENV RAILS_ENV production
ARG COMMIT_SHA
ARG COMMIT_TIME
ARG COMMIT_VERSION
ENV COMMIT_SHA ${COMMIT_SHA}
ENV COMMIT_TIME ${COMMIT_TIME}
ENV COMMIT_VERSION ${COMMIT_VERSION}
# Add user
RUN addgroup --system --gid 1000 app && \
adduser --system --uid 1000 --home /app --group app
COPY --from=builder --chown=app:app /usr/local/bundle/ /usr/local/bundle/
COPY --from=builder --chown=app:app /app /app
USER app
CMD ["/app/entrypoint.sh"]