-
Notifications
You must be signed in to change notification settings - Fork 16
/
Dockerfile
129 lines (97 loc) · 3.66 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# ------------------------------------------------------------------------------
# base
# ------------------------------------------------------------------------------
FROM ruby:3.3.5-alpine AS base
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
ENV APP_HOME /app
ENV DEPS_HOME /deps
ENV RAILS_ENV production
RUN apk update
RUN apk add postgresql16=~16.5-r0
RUN apk add bash postgresql-dev tzdata nodejs curl libc6-compat shared-mime-info
# ------------------------------------------------------------------------------
# dependencies
# ------------------------------------------------------------------------------
FROM base AS dependencies
RUN apk update
RUN apk add build-base git yarn
# Set up install environment
RUN mkdir -p ${DEPS_HOME}
WORKDIR ${DEPS_HOME}
# Install Ruby dependencies
COPY Gemfile ${DEPS_HOME}/Gemfile
COPY Gemfile.lock ${DEPS_HOME}/Gemfile.lock
RUN gem install bundler
ENV BUNDLE_BUILD__SASSC=--disable-march-tune-native
RUN bundle config set frozen 'true'
RUN bundle config set without 'development';
# End
RUN bundle config
RUN bundle install --retry 3
# Install JavaScript dependencies
COPY package.json ${DEPS_HOME}/package.json
COPY yarn.lock ${DEPS_HOME}/yarn.lock
RUN yarn install --frozen-lockfile
# ------------------------------------------------------------------------------
# web
# ------------------------------------------------------------------------------
FROM base AS web
# Set up install environment
RUN mkdir -p ${APP_HOME}
WORKDIR ${APP_HOME}
EXPOSE 3000
CMD bundle exec rails server
# Copy dependencies (relying on dependencies using the same base image as this)
COPY --from=dependencies ${DEPS_HOME}/Gemfile ${APP_HOME}/Gemfile
COPY --from=dependencies ${DEPS_HOME}/Gemfile.lock ${APP_HOME}/Gemfile.lock
COPY --from=dependencies ${GEM_HOME} ${GEM_HOME}
COPY --from=dependencies ${DEPS_HOME}/node_modules ${APP_HOME}/node_modules
# Copy app code (sorted by vague frequency of change for caching)
COPY config.ru ${APP_HOME}/config.ru
COPY Rakefile ${APP_HOME}/Rakefile
COPY public ${APP_HOME}/public
COPY vendor ${APP_HOME}/vendor
COPY bin ${APP_HOME}/bin
COPY lib ${APP_HOME}/lib
COPY config ${APP_HOME}/config
COPY db ${APP_HOME}/db
COPY app ${APP_HOME}/app
COPY spec ${APP_HOME}/spec
RUN DFE_SIGN_IN_API_CLIENT_ID= \
DFE_SIGN_IN_API_SECRET= \
DFE_SIGN_IN_API_ENDPOINT= \
ADMIN_ALLOWED_IPS= \
ENVIRONMENT_NAME= \
SUPPRESS_DFE_ANALYTICS_INIT= \
bundle exec rake assets:precompile
RUN chown -hR appuser:appgroup ${APP_HOME}
USER appuser
ARG GIT_COMMIT_HASH
ENV GIT_COMMIT_HASH ${GIT_COMMIT_HASH}
# ------------------------------------------------------------------------------
# shellcheck
# ------------------------------------------------------------------------------
FROM koalaman/shellcheck:stable AS shellcheck
# ------------------------------------------------------------------------------
# test
# ------------------------------------------------------------------------------
FROM base AS test
USER root
WORKDIR ${APP_HOME}
ENV RAILS_ENV test
ENV NODE_ENV test
CMD [ "bundle", "exec", "rake" ]
RUN apk add chromium chromium-chromedriver
# Install ShellCheck
COPY --from=shellcheck / /opt/shellcheck/
ENV PATH /opt/shellcheck/bin:${PATH}
COPY --from=dependencies ${GEM_HOME} ${GEM_HOME}
# Copy from web to include generated assets
COPY --from=web ${APP_HOME} ${APP_HOME}
# Copy all files
# This is only for the test target and ensures that all the files that could be linted locally are also linted on CI.
# We need to be mindful of files that get added to the project, if they are secrets or superfluous we should add them
# to the .dockerignore file.
COPY . ${APP_HOME}/
RUN chown -hR appuser:appgroup ${APP_HOME}
USER appuser