-
Notifications
You must be signed in to change notification settings - Fork 5
/
Dockerfile
178 lines (162 loc) · 6.78 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# syntax=docker/dockerfile:1
ARG BASE_IMAGE_TAG=latest
FROM ruby:${BASE_IMAGE_TAG}
LABEL maintainer "Michael Baudino <[email protected]>"
# Explicitely define locale
# as advised in https://github.com/docker-library/docs/blob/master/ruby/content.md#encoding
ENV LANG="C.UTF-8"
ARG RUBYGEMS_VERSION_ARG="" \
BUNDLER_VERSION_ARG=""
# Define dependencies base versions
# Note: NodeJS is capped to 14.x on Jessie and 16.x on Stretch (due to `libc` requirements)
ENV NODE_VERSION="20" \
GOSU_VERSION="1.17"
# Define some default variables
ENV PORT="5000" \
BUNDLE_PATH="/bundle" \
BUNDLE_BIN="/bundle/bin" \
BUNDLE_APP_CONFIG="/bundle" \
GEM_HOME="/bundle/global" \
PATH="/bundle/bin:/bundle/global/bin:${PATH}" \
HISTFILE="/config/.bash_history" \
GIT_COMMITTER_NAME="Just some fake name to be able to git-clone" \
GIT_COMMITTER_EMAIL="[email protected]" \
DISABLE_SPRING="true"
# Install dependencies
RUN set -eux; \
osType="$(sed -n 's|^ID=||p' /etc/os-release)"; \
\
case "${osType}" in \
alpine) \
alpineMajorVersion=$(sed -nr 's/^VERSION_ID=(\d+\.\d+).*/\1/p' /etc/os-release); \
\
# Use `libpq-dev` (~20MB) rather than `postgresql-dev` (~200MB) if available
# (the former was extracted from the latter in Alpine 3.15)
case ${alpineMajorVersion} in \
3.3|3.4|3.5|3.6|3.7|3.8|3.9|3.10|3.11|3.12|3.13|3.14) libpqPackage="postgresql-dev" ;; \
3.15|*) libpqPackage="libpq-dev" ;; \
esac; \
\
apk add --no-cache \
alpine-sdk \
openssh \
jq \
nano \
nodejs \
postgresql \
vim \
yarn \
${libpqPackage} \
; \
;; \
\
debian|ubuntu) \
# Fix Jessie & Stretch APT sources (they have been moved to http://archive.debian.org)
if [ -f /etc/apt/sources.list ]; then \
sed -i -r \
-e '/(jessie|stretch)[-\/]updates/d' \
-e 's|http://(deb\|httpredir).debian.org/debian (jessie\|stretch)|http://archive.debian.org/debian \2|' \
/etc/apt/sources.list; \
fi; \
\
# Detect Debian version
apt-get update; \
apt-get install --assume-yes --no-install-recommends --no-install-suggests --force-yes \
apt-transport-https \
lsb-release \
; \
debianReleaseCodename=$(lsb_release -cs); \
\
# Fix LetsEncrypt expired CA on older Debian releases
case ${debianReleaseCodename} in \
jessie|buster|stretch) \
apt-get install --assume-yes --no-install-recommends --no-install-suggests --force-yes \
ca-certificates \
curl \
$([ "${debianReleaseCodename}" = "jessie" ] && echo "libssl1.0.0") \
; \
sed -i 's|mozilla/DST_Root_CA_X3.crt|!mozilla/DST_Root_CA_X3.crt|g' /etc/ca-certificates.conf; \
update-ca-certificates; \
;; \
esac; \
\
# Add PostgreSQL APT repository
curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg; \
case ${debianReleaseCodename} in \
jessie|stretch) echo "deb https://apt-archive.postgresql.org/pub/repos/apt ${debianReleaseCodename}-pgdg-archive main" ;; \
*) echo "deb https://apt.postgresql.org/pub/repos/apt/ ${debianReleaseCodename}-pgdg main" ;; \
esac > /etc/apt/sources.list.d/pgdg.list; \
\
# Add NodeJS APT repository
case ${debianReleaseCodename} in \
jessie) curl -fsSL https://deb.nodesource.com/setup_14.x ;; \
stretch) curl -fsSL https://deb.nodesource.com/setup_16.x ;; \
*) curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x ;; \
esac | bash; \
\
# Install everything
apt-get update; \
apt-get install --assume-yes --no-install-recommends --no-install-suggests --force-yes \
jq \
nano \
nodejs \
$([ "${debianReleaseCodename}" = "bookworm" ] && echo "npm") \
postgresql-client \
vim \
; \
\
# Cleanup
rm -rf /var/lib/apt/lists/*; \
\
# Install Yarn (via NPM)
npm install --global yarn; \
\
# Install Heroku CLI (standalone tarball)
curl -sSL curl https://cli-assets.heroku.com/install.sh | sh; \
;; \
esac;
# Install `gosu`
ARG TARGETARCH # provided by Docker multi-platform support: https://docs.docker.com/build/guide/multi-platform
RUN set -eux; \
osType="$(sed -n 's|^ID=||p' /etc/os-release)"; \
export GNUPGHOME="$(mktemp -d)"; \
\
# Install GPG on Alpine (for signature verification)
[ "${osType}" = "alpine" ] && apk add --no-cache --virtual .gosu-deps gnupg || :; \
\
# Fetch author public key
for keyserver in $(shuf -e keyserver.ubuntu.com keys.openpgp.org keys.mailvelope.com); do \
gpg --batch --no-tty --keyserver "${keyserver}" --recv-keys "B42F6819007F00F88E364FD4036A9C25BF357DD4" && break || :; \
done; \
\
# Download binary
curl -sSL -o /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}"; \
chmod +x /usr/local/bin/gosu; \
\
# Verify binary signature
curl -sSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" \
| gpg --batch --verify - /usr/local/bin/gosu; \
\
# Cleanup
command -v gpgconf && gpgconf --kill all || :; \
rm -rf "${GNUPGHOME}"; \
unset -v GNUPGHOME; \
[ "${osType}" = "alpine" ] && apk del --no-network .gosu-deps || :;
# Install GEM dependencies
# Note: we still need Bundler 1.x because Bundler auto-switches to it when it encounters a Gemfile.lock with BUNDLED WITH 1.x
RUN gem update --system ${RUBYGEMS_VERSION_ARG} \
&& gem install bundler${BUNDLER_VERSION_ARG:+:${BUNDLER_VERSION_ARG}} \
&& gem install bundler:1.17.3
# Add dot files to the home directory skeleton (they persist IRB/Pry/Rails console history, configure Yarn, etc…)
COPY dotfiles/* /etc/skel/
# Create expected mount points
RUN mkdir -p /app /bundle /config
# Configure the main working directory.
WORKDIR /app
# Expose listening port to the Docker host, so we can access it from the outside.
EXPOSE ${PORT}
# Use entrypoints that switch to unprivileged user, install foreman, install dependencies (bundler & yarn), and fix a Rails server issue
COPY entrypoints/* /usr/local/bin/
ENTRYPOINT ["gosu-entrypoint", "foreman-entrypoint", "bundler-entrypoint", "yarn-entrypoint", "rails-entrypoint"]
# The main command to run when the container starts is to start whatever the Procfile defines
CMD ["foreman", "start", "-m", "all=1,release=0"]