Compare commits
No commits in common. "alpine-image" and "main" have entirely different histories.
alpine-ima
...
main
34
Dockerfile
34
Dockerfile
@ -2,8 +2,7 @@
|
|||||||
|
|
||||||
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
|
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
|
||||||
ARG RUBY_VERSION=3.4.3
|
ARG RUBY_VERSION=3.4.3
|
||||||
FROM ghcr.io/surnet/alpine-wkhtmltopdf:3.22.0-024b2b2-full as wkhtmltopdf
|
FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim AS base
|
||||||
FROM ruby:${RUBY_VERSION}-alpine3.21 AS base
|
|
||||||
|
|
||||||
# Rails app lives here
|
# Rails app lives here
|
||||||
WORKDIR /rails
|
WORKDIR /rails
|
||||||
@ -14,24 +13,14 @@ ENV RAILS_ENV="production" \
|
|||||||
BUNDLE_PATH="/usr/local/bundle" \
|
BUNDLE_PATH="/usr/local/bundle" \
|
||||||
BUNDLE_WITHOUT="development"
|
BUNDLE_WITHOUT="development"
|
||||||
|
|
||||||
# Install runtime dependencies
|
RUN apt-get update && apt-get install -y nodejs wkhtmltopdf
|
||||||
RUN apk update && \
|
|
||||||
apk add --no-cache nodejs
|
|
||||||
|
|
||||||
COPY --from=wkhtmltopdf /bin/wkhtmltopdf /bin/
|
|
||||||
|
|
||||||
# Throw-away build stage to reduce size of final image
|
# Throw-away build stage to reduce size of final image
|
||||||
FROM base AS build
|
FROM base AS build
|
||||||
|
|
||||||
# Install packages needed to build gems
|
# Install packages needed to build gems
|
||||||
RUN apk update && \
|
RUN apt-get update -qq && \
|
||||||
apk add --no-cache \
|
apt-get install --no-install-recommends -y build-essential git libpq-dev libvips pkg-config libyaml-dev
|
||||||
build-base \
|
|
||||||
git \
|
|
||||||
postgresql-dev \
|
|
||||||
vips-dev \
|
|
||||||
pkgconfig \
|
|
||||||
yaml-dev
|
|
||||||
|
|
||||||
# Install application gems
|
# Install application gems
|
||||||
COPY Gemfile Gemfile.lock ./
|
COPY Gemfile Gemfile.lock ./
|
||||||
@ -48,24 +37,23 @@ RUN bundle exec bootsnap precompile app/ lib/
|
|||||||
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
|
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
|
||||||
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
|
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
|
||||||
|
|
||||||
|
|
||||||
# Final stage for app image
|
# Final stage for app image
|
||||||
FROM base
|
FROM base
|
||||||
|
|
||||||
# Install packages needed for deployment
|
# Install packages needed for deployment
|
||||||
RUN apk update && \
|
RUN apt-get update -qq && \
|
||||||
apk add --no-cache \
|
apt-get install --no-install-recommends -y curl libvips postgresql-client && \
|
||||||
curl \
|
rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||||
vips \
|
|
||||||
postgresql-client
|
|
||||||
|
|
||||||
# Copy built artifacts: gems, application
|
# Copy built artifacts: gems, application
|
||||||
COPY --from=build /usr/local/bundle /usr/local/bundle
|
COPY --from=build /usr/local/bundle /usr/local/bundle
|
||||||
COPY --from=build /rails /rails
|
COPY --from=build /rails /rails
|
||||||
|
|
||||||
# Run and own only the runtime files as a non-root user for security
|
# Run and own only the runtime files as a non-root user for security
|
||||||
RUN adduser -D -h /home/rails rails && \
|
RUN useradd rails --create-home --shell /bin/bash && \
|
||||||
chown -R rails:rails db log storage tmp || true
|
chown -R rails:rails db log storage tmp
|
||||||
USER rails
|
USER rails:rails
|
||||||
|
|
||||||
# Entrypoint prepares the database.
|
# Entrypoint prepares the database.
|
||||||
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
|
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user