|
2 | 2 |
|
3 | 3 | # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile |
4 | 4 | ARG RUBY_VERSION=3.3.7 |
5 | | -FROM ruby:$RUBY_VERSION-slim as base |
6 | | - |
7 | | -LABEL fly_launch_runtime="rails" |
| 5 | +FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base |
8 | 6 |
|
9 | 7 | # Rails app lives here |
10 | 8 | WORKDIR /rails |
11 | 9 |
|
12 | 10 | # Set production environment |
13 | 11 | ENV RAILS_ENV="production" \ |
14 | | - BUNDLE_WITHOUT="development:test" \ |
15 | | - BUNDLE_DEPLOYMENT="1" |
16 | | - |
17 | | -# Update gems and bundler |
18 | | -RUN gem update --system --no-document && \ |
19 | | - gem install -N bundler |
| 12 | + BUNDLE_DEPLOYMENT="1" \ |
| 13 | + BUNDLE_PATH="/usr/local/bundle" \ |
| 14 | + BUNDLE_WITHOUT="development" |
20 | 15 |
|
21 | 16 |
|
22 | 17 | # Throw-away build stage to reduce size of final image |
23 | 18 | FROM base as build |
24 | 19 |
|
25 | 20 | # Install packages needed to build gems |
26 | 21 | RUN apt-get update -qq && \ |
27 | | - apt-get install --no-install-recommends -y build-essential libpq-dev libyaml pkg-config git |
| 22 | + apt-get install --no-install-recommends -y build-essential git libvips pkg-config |
28 | 23 |
|
29 | 24 | # Install application gems |
30 | | -COPY --link Gemfile Gemfile.lock ./ |
| 25 | +COPY Gemfile Gemfile.lock ./ |
31 | 26 | RUN bundle install && \ |
32 | | - bundle exec bootsnap precompile --gemfile && \ |
33 | | - rm -rf ~/.bundle/ $BUNDLE_PATH/ruby/*/cache $BUNDLE_PATH/ruby/*/bundler/gems/*/.git |
| 27 | + rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ |
| 28 | + bundle exec bootsnap precompile --gemfile |
34 | 29 |
|
35 | 30 | # Copy application code |
36 | | -COPY --link . . |
| 31 | +COPY . . |
37 | 32 |
|
38 | 33 | # Precompile bootsnap code for faster boot times |
39 | 34 | RUN bundle exec bootsnap precompile app/ lib/ |
40 | 35 |
|
41 | 36 | # Precompiling assets for production without requiring secret RAILS_MASTER_KEY |
42 | | -RUN SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile |
| 37 | +RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile |
43 | 38 |
|
44 | 39 |
|
45 | 40 | # Final stage for app image |
46 | 41 | FROM base |
47 | 42 |
|
48 | 43 | # Install packages needed for deployment |
49 | 44 | RUN apt-get update -qq && \ |
50 | | - apt-get install --no-install-recommends -y libsqlite3-0 postgresql-client && \ |
| 45 | + apt-get install --no-install-recommends -y curl libsqlite3-0 libvips && \ |
51 | 46 | rm -rf /var/lib/apt/lists /var/cache/apt/archives |
52 | 47 |
|
53 | | -# Run and own the application files as a non-root user for security |
54 | | -RUN useradd rails --home /rails --shell /bin/bash |
55 | | -USER rails:rails |
56 | | - |
57 | 48 | # Copy built artifacts: gems, application |
58 | 49 | COPY --from=build /usr/local/bundle /usr/local/bundle |
59 | | -COPY --from=build --chown=rails:rails /rails /rails |
| 50 | +COPY --from=build /rails /rails |
60 | 51 |
|
61 | | -# Deployment options |
62 | | -ENV RAILS_LOG_TO_STDOUT="1" \ |
63 | | - RAILS_SERVE_STATIC_FILES="true" |
| 52 | +# Run and own only the runtime files as a non-root user for security |
| 53 | +RUN useradd rails --create-home --shell /bin/bash && \ |
| 54 | + chown -R rails:rails db log storage tmp |
| 55 | +USER rails:rails |
64 | 56 |
|
65 | 57 | # Entrypoint prepares the database. |
66 | 58 | ENTRYPOINT ["/rails/bin/docker-entrypoint"] |
|
0 commit comments