-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathDockerfile
More file actions
85 lines (60 loc) · 2.35 KB
/
Dockerfile
File metadata and controls
85 lines (60 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# Gallformers V2 - Phoenix Dockerfile
# Multi-stage build for Phoenix release
# Stage 1: Build Elixir release
FROM hexpm/elixir:1.17.3-erlang-27.1.2-alpine-3.20.3 AS builder
# Install build dependencies (including nodejs/npm for asset dependencies)
# vips-dev is needed to compile the vix NIF for image processing
RUN apk add --no-cache build-base git nodejs npm vips-dev
WORKDIR /app
# Install hex + rebar
RUN mix local.hex --force && \
mix local.rebar --force
# Set build ENV
ENV MIX_ENV=prod
# Install mix dependencies
COPY mix.exs mix.lock ./
RUN mix deps.get --only $MIX_ENV
RUN mkdir config
# Copy compile-time config files
COPY config/config.exs config/${MIX_ENV}.exs config/
RUN mix deps.compile
# Copy application code
COPY lib lib
COPY priv priv
COPY assets assets
COPY API_VERSION API_VERSION
# Copy release overlays (server, migrate scripts)
COPY rel rel
# Copy runtime config
COPY config/runtime.exs config/
# Compile first (needed for colocated hooks)
RUN mix compile
# Install npm dependencies for assets (d3, topojson, etc.)
RUN cd assets && npm install
# Build assets (esbuild + tailwind are installed via mix)
RUN mix assets.deploy
# Build the release
RUN mix release
# Stage 2: Runtime
FROM alpine:3.20 AS runtime
# Runtime dependencies
# vips is needed for image processing (resizing variants)
# curl is needed for downloading data files from S3 on first boot
RUN apk add --no-cache libstdc++ openssl ncurses-libs su-exec vips curl
# Install Typst for PDF generation of identification keys
ADD https://github.com/typst/typst/releases/download/v0.14.2/typst-x86_64-unknown-linux-musl.tar.xz /tmp/typst.tar.xz
RUN tar -C /usr/local/bin -xf /tmp/typst.tar.xz --strip-components=1 typst-x86_64-unknown-linux-musl/typst && rm /tmp/typst.tar.xz
WORKDIR /app
# Create non-root user
RUN addgroup -g 1000 gallformers && \
adduser -u 1000 -G gallformers -s /bin/sh -D gallformers
# Copy release from builder
COPY --from=builder --chown=gallformers:gallformers /app/_build/prod/rel/gallformers ./
# Create data directory
RUN mkdir -p /data && chown gallformers:gallformers /data
# Copy entrypoint script (runs as root to fix permissions, then drops to gallformers)
COPY --chmod=755 docker-entrypoint.sh /app/docker-entrypoint.sh
ENV HOME=/app
EXPOSE 4000
# Run entrypoint as root - it fixes permissions then drops to gallformers user
CMD ["/app/docker-entrypoint.sh"]