diff --git a/Dockerfile b/Dockerfile index 8e12251..af98393 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,63 @@ -# Make sure it matches the Ruby version in .ruby-version and Gemfile -ARG RUBY_VERSION=3.2.0 -FROM ruby:$RUBY_VERSION +# syntax = docker/dockerfile:1 + +# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile +ARG RUBY_VERSION=3.2.2 +FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim as base # Rails app lives here WORKDIR /rails # Set production environment -ENV RAILS_LOG_TO_STDOUT="1" \ - RAILS_SERVE_STATIC_FILES="true" \ - RAILS_ENV="production" \ - BUNDLE_WITHOUT="development:test" +ENV RAILS_ENV="production" \ + BUNDLE_DEPLOYMENT="1" \ + BUNDLE_PATH="/usr/local/bundle" \ + BUNDLE_WITHOUT="development" + + +# Throw-away build stage to reduce size of final image +FROM base as build + +# Install packages needed to build gems +RUN apt-get update -qq && \ + apt-get install --no-install-recommends -y build-essential git libvips pkg-config # Install application gems COPY Gemfile Gemfile.lock ./ -RUN bundle install +RUN bundle install && \ + rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \ + bundle exec bootsnap precompile --gemfile + # Copy application code COPY . . # Precompile bootsnap code for faster boot times -RUN bundle exec bootsnap precompile --gemfile app/ lib/ +RUN bundle exec bootsnap precompile app/ lib/ # Precompiling assets for production without requiring secret RAILS_MASTER_KEY -RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile +RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile -# Entrypoint prepares database and starts app on 0.0.0.0:3000 by default, -# but can also take a rails command, like "console" or "runner" to start instead. + +# Final stage for app image +FROM base + +# Install packages needed for deployment +RUN apt-get update -qq && \ + apt-get install --no-install-recommends -y curl libsqlite3-0 libvips && \ + rm -rf /var/lib/apt/lists /var/cache/apt/archives + +# Copy built artifacts: gems, application +COPY --from=build /usr/local/bundle /usr/local/bundle +COPY --from=build /rails /rails + +# Run and own only the runtime files as a non-root user for security +RUN useradd rails --create-home --shell /bin/bash && \ + chown -R rails:rails db log storage tmp +USER rails:rails + +# Entrypoint prepares the database. ENTRYPOINT ["/rails/bin/docker-entrypoint"] + +# Start the server by default, this can be overwritten at runtime EXPOSE 3000 +CMD ["./bin/rails", "server"]