Skip to content
Snippets Groups Projects
Verified Commit 3de949c4 authored by David Gunnarsson's avatar David Gunnarsson
Browse files

Set up docker files for production

parent 8d71de1a
No related branches found
No related tags found
No related merge requests found
Pipeline #25793 failed
# syntax=docker/dockerfile:1
# check=error=true
FROM ruby:3.3.6
# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
# docker build -t railsdiff .
# docker run -d -p 80:80 -e RAILS_MASTER_KEY=<value from config/master.key> --name railsdiff railsdiff
# For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
ARG RUBY_VERSION=3.3.6
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
# Rails app lives here
WORKDIR /rails
# Install base packages
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 \
fontconfig \
libfreetype6 \
libjpeg62-turbo \
libpng16-16 \
libx11-6 \
libxcb1 \
libxext6 \
libxrender1 \
xfonts-75dpi \
xfonts-base \
&& rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Set production environment
ENV RAILS_ENV="production" \
BUNDLE_DEPLOYMENT="1" \
BUNDLE_PATH="/usr/local/bundle" \
BUNDLE_WITHOUT="development test"
# Throw-away build stage to reduce size of final image
FROM base AS build
# Install packages needed to build gems
RUN apt-get update -qq && \
apt-get install --no-install-recommends -y \
# Install apt based dependencies required to run Rails as
# well as RubyGems. As the Ruby image itself is based on a
# Debian image, we use apt-get to install those.
RUN apt-get update && apt-get install -y \
build-essential \
autoconf \
libtool-bin \
git \
pkg-config \
libz-dev \
gcc \
make \
ruby-dev \
libssl-dev \
libyaml-dev \
&& rm -rf /var/lib/apt/lists /var/cache/apt/archives
# Before bundle install, verify the env var is set
RUN echo "BUNDLE_PACKAGER__DEV is: ${BUNDLE_PACKAGER__DEV}"
# Install application gems
COPY Gemfile Gemfile.lock ./
nano \
curl \
default-mysql-client \
default-libmysqlclient-dev \
netcat-traditional
# Configure the main working directory. This is the base
# directory used in any further RUN, COPY, and ENTRYPOINT
# commands.
RUN mkdir -p /facem
WORKDIR /facem
# Set Rails to run in production
ENV RAILS_ENV=production
ENV RACK_ENV=production
# First copy the vendor directory and gemfiles
COPY vendor ./vendor
COPY Gemfile ./
# needed for avo pro
ARG BUNDLE_PACKAGER__DEV
ENV BUNDLE_PACKAGER__DEV=$BUNDLE_PACKAGER__DEV
# Configure bundler to use system libraries and retry on network issues
ENV BUNDLE_BUILD__PSYCH="--with-libyaml-dir=/usr/lib/x86_64-linux-gnu" \
BUNDLE_RETRY="3" \
BUNDLE_JOBS="1"
RUN bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
bundle exec bootsnap precompile --gemfile
# Copy application code
COPY . .
# Precompile bootsnap code for faster boot times
RUN bundle exec bootsnap precompile app/ lib/
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
# Final stage for app image
FROM base
# Copy built artifacts: gems, application
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /rails /rails
# Doc: https://bundler.io/v2.3/man/bundle-install.1.html
RUN gem install bundler && \
bundle config set without 'development test' && \
bundle install
# Run and own only the runtime files as a non-root user for security
RUN groupadd --system --gid 1000 rails && \
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
chown -R rails:rails db log storage tmp && \
chmod 755 /usr/local/bundle/ruby/3.3.0/gems/wkhtmltopdf-binary-0.12.6.8/bin/wkhtmltopdf* && \
chown -R rails:rails /usr/local/bundle/ruby/3.3.0/gems/wkhtmltopdf-binary-0.12.6.8/bin/
USER 1000:1000
# Copy the rest of the application
COPY . ./
# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
ENV EDITOR=nano
# Start server via Thruster by default, this can be overwritten at runtime
EXPOSE 80
CMD ["./bin/thrust", "./bin/rails", "server"]
\ No newline at end of file
# Configure an entry point, so we don't need to specify
# "bundle exec" for each of our commands.
ENTRYPOINT ["bundle", "exec"]
services:
web:
image: prod/facem-backoffice:latest
# used for building gems / generating Gemfile.lock
# command: ["sh", "-c", "tail -f /dev/null"]
command: bash -c "rm -f tmp/pids/server.pid && bin/rails assets:precompile && bin/rails s -p 3000 -b '0.0.0.0'"
hostname: app10.cc.univie.ac.at
volumes:
- .:/facem
ports:
- "3000:3000"
env_file:
- .env.production
tty: true
depends_on:
- db
db:
image: mariadb:10.4
ports:
- "3306:3306"
volumes:
- mariadb_data:/var/lib/mysql
env_file:
- .env
volumes:
mariadb_data:
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment