-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
135 lines (114 loc) · 4.73 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
FROM ruby:3.0.6 AS builder
RUN apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates curl gnupg && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/setup_16.x | bash - && \
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
apt-get update && apt-get install -y nodejs yarn \
build-essential \
postgresql-client \
p7zip-full \
libpq-dev && \
apt-get clean
# throw errors if Gemfile has been modified since Gemfile.lock
RUN bundle config --global frozen 1
WORKDIR /app
# Copy package dependencies files only to ensure maximum cache hit
COPY ./package-lock.json /app/package-lock.json
COPY ./package.json /app/package.json
COPY ./Gemfile /app/Gemfile
COPY ./Gemfile.lock /app/Gemfile.lock
RUN gem install bundler:$(grep -A 1 'BUNDLED WITH' Gemfile.lock | tail -n 1 | xargs) && \
bundle config --local without 'development test' && \
bundle install -j4 --retry 3 && \
# Remove unneeded gems
bundle clean --force && \
# Remove unneeded files from installed gems (cache, *.o, *.c)
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/ -name "*.c" -delete && \
find /usr/local/bundle/ -name "*.o" -delete && \
find /usr/local/bundle/ -name ".git" -exec rm -rf {} + && \
find /usr/local/bundle/ -name ".github" -exec rm -rf {} + && \
# whkhtmltopdf has binaries for all platforms, we don't need them once uncompressed
gem install wkhtmltopdf-binary && \
wkhtmltopdf --version && \
rm -rf /usr/local/bundle/gems/wkhtmltopdf-binary-*/bin/*.gz && \
rm -f /usr/local/bundle/gems/seven_zip_ruby-1.3.0/lib/seven_zip_ruby/*.dll && \
# Remove additional unneded decidim files
find /usr/local/bundle/ -name "decidim_app-design" -exec rm -rf {} + && \
find /usr/local/bundle/ -name "spec" -exec rm -rf {} +
RUN npm ci
# copy the rest of files
COPY ./app /app/app
COPY ./bin /app/bin
COPY ./config /app/config
COPY ./db /app/db
COPY ./lib /app/lib
COPY ./packages /app/packages
COPY ./public/*.* /app/public/
COPY ./config.ru /app/config.ru
COPY ./Rakefile /app/Rakefile
COPY ./babel.config.json /app/babel.config.json
COPY ./postcss.config.js /app/postcss.config.js
# Compile assets with Webpacker or Sprockets
#
# Notes:
# 1. Executing "assets:precompile" runs "webpacker:compile", too
# 2. For an app using encrypted credentials, Rails raises a `MissingKeyError`
# if the master key is missing. Because on CI there is no master key,
# we hide the credentials while compiling assets (by renaming them before and after)
#
RUN mv config/credentials.yml.enc config/credentials.yml.enc.bak 2>/dev/null || true
RUN mv config/credentials config/credentials.bak 2>/dev/null || true
RUN RAILS_ENV=production \
SECRET_KEY_BASE=dummy \
RAILS_MASTER_KEY=dummy \
DB_ADAPTER=nulldb \
bundle exec rails assets:precompile
RUN mv config/credentials.yml.enc.bak config/credentials.yml.enc 2>/dev/null || true
RUN mv config/credentials.bak config/credentials 2>/dev/null || true
RUN rm -rf node_modules tmp/cache vendor/bundle test spec app/packs .git
# This image is for production env only
FROM ruby:3.0.6-slim AS final
RUN apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates curl gnupg && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL https://deb.nodesource.com/setup_16.x | bash - && \
apt-get update && apt-get install -y nodejs \
postgresql-client \
imagemagick \
curl \
p7zip-full \
supervisor && \
apt-get clean
EXPOSE 3000
ENV RAILS_LOG_TO_STDOUT true
ENV RAILS_SERVE_STATIC_FILES true
ENV RAILS_ENV production
ARG RUN_RAILS
ARG RUN_SIDEKIQ
ARG COMMIT_SHA
ARG COMMIT_TIME
ARG COMMIT_VERSION
ENV COMMIT_SHA ${COMMIT_SHA}
ENV COMMIT_TIME ${COMMIT_TIME}
ENV COMMIT_VERSION ${COMMIT_VERSION}
# Add user
RUN addgroup --system --gid 1000 app && \
adduser --system --uid 1000 --home /app --group app
WORKDIR /app
COPY ./entrypoint.sh /app/entrypoint.sh
COPY ./supervisord.conf /etc/supervisord.conf
COPY --from=builder --chown=app:app /usr/local/bundle/ /usr/local/bundle/
COPY --from=builder --chown=app:app /app /app
# add custom pdfjs from public folder
COPY ./public/pdfjs /app/public/pdfjs
# Install only the vocdoni sdk for the node backend
RUN mv package.json package-assets.json && \
mv package-lock.json package-assets-lock.json
COPY ./package-vocdoni.json /app/package.json
RUN npm install --omit=dev
USER app
HEALTHCHECK --interval=1m --timeout=5s --start-period=30s \
CMD (curl -sSH "Content-Type: application/json" -d '{"query": "{ decidim { version } }"}' http://localhost:3000/api) || exit 1
ENTRYPOINT ["/app/entrypoint.sh"]
CMD ["/usr/bin/supervisord"]