-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
131 lines (109 loc) · 4.44 KB
/
Dockerfile
File metadata and controls
131 lines (109 loc) · 4.44 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
FROM ruby:3.3.10 AS builder
RUN apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates curl gnupg && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && \
apt-get update && apt-get install -y nodejs \
build-essential \
postgresql-client \
p7zip \
libpq-dev && \
apt-get clean
# throw errors if Gemfile has been modified since Gemfile.lock
RUN bundle config --global frozen 1
WORKDIR /app
# Copy package dependencies files only to ensure maximum cache hit
COPY ./package-lock.json /app/package-lock.json
COPY ./package.json /app/package.json
COPY ./packages /app/packages
COPY ./Gemfile /app/Gemfile
COPY ./Gemfile.lock /app/Gemfile.lock
RUN gem install bundler:$(grep -A 1 'BUNDLED WITH' Gemfile.lock | tail -n 1 | xargs) && \
bundle config set --deployment 'true' && \
bundle config set --local without 'development test' && \
bundle install -j4 --retry 3 && \
npm install yarn -g && \
# Remove unneeded gems
bundle clean --force && \
# Remove unneeded files from installed gems (cache, *.o, *.c)
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/ -name "*.c" -delete && \
find /usr/local/bundle/ -name "*.o" -delete && \
find /usr/local/bundle/ -name ".git" -exec rm -rf {} + && \
find /usr/local/bundle/ -name ".github" -exec rm -rf {} + && \
# Remove additional unneeded decidim files
find /usr/local/bundle/ -name "spec" -exec rm -rf {} + && \
find /usr/local/bundle/ -wholename "*/decidim-dev/lib/decidim/dev/assets/*" -exec rm -rf {} +
RUN npm ci
# copy the rest of files
COPY ./app /app/app
COPY ./bin /app/bin
COPY ./config /app/config
COPY ./db /app/db
COPY ./lib /app/lib
COPY ./public/*.* /app/public/
COPY ./config.ru /app/config.ru
COPY ./Rakefile /app/Rakefile
COPY ./postcss.config.js /app/postcss.config.js
# Compile assets with Webpacker or Sprockets
#
# Notes:
# 1. Executing "assets:precompile" runs "webpacker:compile", too
# 2. For an app using encrypted credentials, Rails raises a `MissingKeyError`
# if the master key is missing. Because on CI there is no master key,
# we hide the credentials while compiling assets (by renaming them before and after)
#
RUN mv config/credentials.yml.enc config/credentials.yml.enc.bak 2>/dev/null || true
RUN mv config/credentials config/credentials.bak 2>/dev/null || true
RUN RAILS_ENV=production \
SECRET_KEY_BASE=dummy \
RAILS_MASTER_KEY=0b809804a9de874fb0627b6cf5b6cada \
DB_ADAPTER=nulldb \
bin/rails assets:precompile
RUN SECRET_KEY_BASE=dummy \
DB_ADAPTER=nulldb \
RAILS_ENV=production \
bin/rails decidim_api:generate_docs
RUN mv config/credentials.yml.enc.bak config/credentials.yml.enc 2>/dev/null || true
RUN mv config/credentials.bak config/credentials 2>/dev/null || true
RUN rm -rf node_modules packages/*/node_modules tmp/cache vendor/bundle test spec app/packs .git
ARG GIT_BRANCH=main
ENV GIT_BRANCH=${GIT_BRANCH}
ARG GIT_REPO=https://github.com/openpoke/decidim-canodrom
ENV GIT_REPO=${GIT_REPO}
RUN git init . && \
git remote add origin $GIT_REPO && \
git fetch origin $GIT_BRANCH --depth 1 && \
echo "REVISION=$(git describe --tags --always origin/$GIT_BRANCH)" > /app/.env && \
echo "AUTHOR=$(git log -1 --pretty=%an origin/$GIT_BRANCH)" >> /app/.env && \
echo "EMAIL=$(git log -1 --pretty=%ae origin/$GIT_BRANCH)" >> /app/.env && \
echo "DESCRIPTION=$(git log -1 --pretty=%s origin/$GIT_BRANCH)" >> /app/.env && \
echo "DATE=$(git log -1 --pretty=%cd origin/$GIT_BRANCH)" >> /app/.env && \
rm -rf /app/.git
# This image is for production env only
FROM ruby:3.3.10-slim AS final
RUN apt-get update && \
apt-get install -y postgresql-client \
imagemagick \
curl \
p7zip \
supervisor && \
apt-get clean
EXPOSE 3000
ARG CAPROVER_GIT_COMMIT_SHA=${CAPROVER_GIT_COMMIT_SHA}
ENV APP_REVISION=${CAPROVER_GIT_COMMIT_SHA}
ENV RAILS_LOG_TO_STDOUT true
ENV RAILS_SERVE_STATIC_FILES true
ENV RAILS_ENV production
# Add user
RUN addgroup --system --gid 1000 app && \
adduser --system --uid 1000 --home /app --group app
WORKDIR /app
COPY ./entrypoint.sh /app/entrypoint.sh
COPY ./supervisord.conf /etc/supervisord.conf
COPY --from=builder --chown=app:app /usr/local/bundle/ /usr/local/bundle/
COPY --from=builder --chown=app:app /app /app
USER app
HEALTHCHECK --interval=1m --timeout=5s --start-period=30s \
CMD (curl -sS http://localhost:3000/health_check | grep success) || exit 1
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["/usr/bin/supervisord"]