-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
206 lines (168 loc) · 6.6 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# ------------------------------------------------------------------------------
# Base stage
# ------------------------------------------------------------------------------
FROM ruby:3.3.5-bookworm AS base
ENV USER=rails
ENV UID=1000
ENV GID=1000
# setup env
ENV APP_ROOT=/srv/
ENV APP_HOME=${APP_ROOT}app
ENV DEPS_HOME=/deps
# RAILS_ENV defaults to production
ARG RAILS_ENV
ENV RAILS_ENV=${RAILS_ENV:-production}
ENV NODE_ENV=${RAILS_ENV:-production}
# Set up non-root user for running the service
RUN groupadd --system --gid ${UID} ${USER} && \
useradd rails --uid ${UID} --gid ${UID} --create-home --shell /bin/bash
# Install basics
#
RUN apt-get update && apt-get install --no-install-recommends -y build-essential ca-certificates curl gnupg libpq-dev
# Setup Node installation
# https://github.com/nodesource/distributions#installation-instructions
#
# depends on ca-certificates, curl and gnupg
#
ENV NODE_MAJOR=18
RUN mkdir -p /etc/apt/keyrings/ && curl --tlsv1.2 -sSf "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" \
| gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" \
| tee /etc/apt/sources.list.d/nodesource.list
# Setup Yarn installation
# https://classic.yarnpkg.com/lang/en/docs/install/#debian-stable
#
RUN curl --proto "=https" --tlsv1.2 -sSf "https://dl.yarnpkg.com/debian/pubkey.gpg" | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
RUN apt-get update && apt-get install --no-install-recommends -y nodejs yarn
# Install 'test' dependencies
RUN \
if [ "${RAILS_ENV}" = "test" ]; then \
apt-get install --no-install-recommends -y firefox-esr shellcheck; \
fi
RUN apt-get clean && rm -rf /var/cache/apt/archives && rm -rf /var/cache/apt/lists
# Install FreeTDS
# https://github.com/rails-sqlserver/tiny_tds#install
# default FreeTDS version
ARG FREETDS_VERSION=1.4.10
ARG TDS_VERSION=7.3
RUN \
curl --proto "=https" --tlsv1.2 -sSf \
"https://www.freetds.org/files/stable/freetds-${FREETDS_VERSION}.tar.gz" \
--output "freetds-${FREETDS_VERSION}.tar.gz" && \
tar -xvzf "freetds-${FREETDS_VERSION}.tar.gz" && \
rm "freetds-${FREETDS_VERSION}.tar.gz" && \
cd "freetds-${FREETDS_VERSION}" && \
./configure --prefix=/usr/local --with-tdsver=${TDS_VERSION} && \
make && make install
# Install Geckodriver
# https://github.com/mozilla/geckodriver/releases
# default Geckodriver version
ARG geckodriver_version=0.34.0
RUN \
if [ "${RAILS_ENV}" = "test" ]; then \
curl --proto "=https" --tlsv1.2 -sSf -L \
"https://github.com/mozilla/geckodriver/releases/download/v${geckodriver_version}/geckodriver-v${geckodriver_version}-linux64.tar.gz" \
--output "geckodriver-v${geckodriver_version}-linux64.tar.gz" && \
tar -xvzf "geckodriver-v${geckodriver_version}-linux64.tar.gz" && \
rm "geckodriver-v${geckodriver_version}-linux64.tar.gz" && \
chmod +x geckodriver && \
mv geckodriver* /usr/local/bin; \
fi
# ------------------------------------------------------------------------------
# Dependencies stage
# ------------------------------------------------------------------------------
FROM base AS dependencies
WORKDIR ${DEPS_HOME}
RUN chown -R ${UID}:${GID} ${DEPS_HOME}
USER ${UID}:${GID}
# Install Ruby dependencies
ENV BUNDLE_GEM_GROUPS=${RAILS_ENV}
COPY Gemfile ${DEPS_HOME}/Gemfile
COPY Gemfile.lock ${DEPS_HOME}/Gemfile.lock
# We pin versions because Docker will cache this layer anyway, the only way to update
# is to modify these versions
RUN gem update --system 3.3.26 && \
gem install bundler --version 2.3.23 && \
bundle config set frozen "true" && \
bundle config set no-cache "true" && \
bundle config set with "${BUNDLE_GEM_GROUPS}";
RUN \
if [ "${RAILS_ENV}" = "production" ]; then \
bundle config set without "linting"; \
fi
RUN bundle install --retry=10 --jobs=4
# End
# Install Javascript dependencies
COPY yarn.lock ${DEPS_HOME}/yarn.lock
COPY package.json ${DEPS_HOME}/package.json
RUN \
if [ "${RAILS_ENV}" = "production" ]; then \
yarn install --frozen-lockfile --production; \
else \
yarn install --frozen-lockfile; \
fi
# End
# ------------------------------------------------------------------------------
# Application stage
# ------------------------------------------------------------------------------
FROM base AS application
WORKDIR ${APP_HOME}
# Copy dependencies (relying on dependencies using the same base image as this)
COPY --from=dependencies ${DEPS_HOME}/Gemfile ${APP_HOME}/Gemfile
COPY --from=dependencies ${DEPS_HOME}/Gemfile.lock ${APP_HOME}/Gemfile.lock
COPY --from=dependencies ${GEM_HOME} ${GEM_HOME}
COPY --from=dependencies ${DEPS_HOME}/package.json ${APP_HOME}/package.json
COPY --from=dependencies ${DEPS_HOME}/yarn.lock ${APP_HOME}/yarn.lock
COPY --from=dependencies ${DEPS_HOME}/node_modules ${APP_HOME}/node_modules
# End
# Copy app code (sorted by vague frequency of change for caching)
RUN mkdir -p ${APP_HOME}/log ${APP_HOME}/tmp ${APP_HOME}/coverage
COPY .erb-lint* ${APP_HOME}/
COPY .irbrc ${APP_HOME}/.irbrc
COPY config.ru ${APP_HOME}/config.ru
COPY Rakefile ${APP_HOME}/Rakefile
COPY script ${APP_HOME}/script
COPY public ${APP_HOME}/public
COPY storage ${APP_HOME}/storage
COPY vendor ${APP_HOME}/vendor
COPY bin ${APP_HOME}/bin
COPY config ${APP_HOME}/config
COPY lib ${APP_HOME}/lib
COPY db ${APP_HOME}/db
COPY app ${APP_HOME}/app
COPY doc ${APP_HOME}/doc
# End
# Copy specs
COPY .prettierrc ${APP_HOME}/.prettierrc
COPY .rspec ${APP_HOME}/.rspec
COPY spec ${APP_HOME}/spec
# End
# Copy files you want to lint
COPY README.md ${APP_HOME}/README.md
COPY CHANGELOG.md ${APP_HOME}/CHANGELOG.md
#end
# Create tmp/pids
RUN mkdir -p tmp/pids
RUN \
if [ "$RAILS_ENV" = "production" ]; then \
SECRET_KEY_BASE="secret" \
bundle exec rake assets:precompile; \
fi
# In order to expose the current git sha & time of build in the /healthcheck
# endpoint, pass these values into your deployment script, for example:
# --build-arg CURRENT_GIT_SHA="$GITHUB_SHA" \
# --build-arg TIME_OF_BUILD="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \
ARG CURRENT_GIT_SHA
ARG TIME_OF_BUILD
ENV CURRENT_GIT_SHA=${CURRENT_GIT_SHA}
ENV TIME_OF_BUILD=${TIME_OF_BUILD}
COPY ./docker-entrypoint.sh /
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
# Run and own only the runtime files as a non-root user for security
RUN chown -R ${UID}:${GID} ${APP_ROOT}
USER ${UID}:${GID}
EXPOSE 3000
LABEL org.opencontainers.image.source=https://github.com/DFE-Digital/dfe-complete-conversions-transfers-and-changes
CMD ["bundle", "exec", "rails", "server"]