Sign upLogin

QutBioacoustics/baw-server

View on GitHub
Star
Dockerfile

Summary

Maintainability
Test Coverage
# syntax=docker/dockerfile:1.3
# Debian releases:
#
FROM ruby:3.1.1-slim-bullseye
ARG app_name=baw-server
ARG app_user=baw_web
ARG version=
# This saves about 150MB by not installing some gems and documentation
ARG trimmed=false

# install audio tools and other binaries
# apt is cleaned automatically: https://github.com/GoogleContainerTools/base-images-docker/blob/master/debian/reproducible/overlay/etc/apt/apt.conf.d/docker-clean
RUN --mount=type=bind,source=./provision,target=/provision \
  apt-get update \
  && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
  # - git: we'd like to remove git dependency but we have multiple git based dependencies
  # in our gem files
  # - curl is needed for passenger
  # - iproute2 install ip and basic network debugging tools
  # - gnupg is for validating apt public keys
  ca-certificates git curl gnupg iproute2 \
  # sqlite
  sqlite3 libsqlite3-dev libgmp-dev \
  # the following are for nokogiri and the like
  build-essential patch ruby-dev zlib1g-dev liblzma-dev \
  # for the pg gem we need postgresql-client (also used by rails rake db commands)
  && /provision/install_postgresql_client.sh \
  # install audio tools and other binaries
  && /provision/install_audio_tools.sh

RUN --mount=type=bind,source=./provision,target=/provision \
  # create a user for the app
  addgroup --gid 1000 ${app_user} \
  && adduser --uid 1000 --gid 1000 --home /home/${app_user} --shell /bin/sh --disabled-password --gecos "" ${app_user} \
  && mkdir /home/${app_user}/${app_name} \
  && chown -R ${app_user}:${app_user} /home/${app_user} \
  # allow bundle install to work as app_user
  # modified from here: https://github.com/docker-library/ruby/blob/6a7df7a72b4a3d1b3e06ead303841b3fdaca560e/2.6/buster/slim/Dockerfile#L114
  && mkdir -p "$GEM_HOME/bin" \
  && chmod 777 "$GEM_HOME/bin" \
  # https://github.com/moby/moby/issues/20437
  && mkdir -p /home/${app_user}/${app_name}/tmp \
  && chown -R 1000:1000 /home/${app_user} \
  && mkdir /data \
  && chown -R 1000:1000 /data \
  && (if [ "x${trimmed}" != "xtrue" ]; then /provision/dev_setup.sh ; fi)


ENV RAILS_ENV=production \
  APP_USER=${app_user} \
  APP_NAME=${app_name} \
  BAW_SERVER_VERSION=${version} \
  # enable binstubs to take priority
  PATH=./bin:$PATH \
  BUNDLE_PATH__SYSTEM="true" \
  # migrate the database before booting the app. Recommended to run once per-deploy across cluster and then disable.
  # Also, must be false for worker instances.
  MIGRATE_DB=false \
  # generate assets for rails app
  # must be done in context (i.e. in production for production, not in dev for production)
  # should not be done for workers and in dev/test environments
  GENERATE_ASSETS=false


USER ${app_user}

# "Install" our metadata utility
COPY --from=qutecoacoustics/emu:7.0.3 --chown==${app_user} /emu /emu

# change the working directory to the user's home directory
WORKDIR /home/${app_user}/${app_name}

# add base dependency files for bundle install (so we don't invalidate docker cache)
COPY --chown=${app_user} Gemfile Gemfile.lock  /home/${app_user}/${app_name}/

# install deps
# skip installing gem documentation
RUN (([ "x${trimmed}" != "xtrue" ] && echo 'gem: --no-rdoc --no-ri' >> "$HOME/.gemrc") || true) \
  && (([ "x${trimmed}" = "xtrue" ] && bundle config set without development test) || true)
# ensure required bundler version is installed
# https://bundler.io/blog/2019/05/14/solutions-for-cant-find-gem-bundler-with-executable-bundle.html
RUN gem install bundler -v "$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1)" \
  # install baw-server
  && bundle install \
  # install docs for dev work
  && (([ "x${trimmed}" != "xtrue" ] && solargraph download-core && solargraph bundle) || true)

# Add the Rails app
COPY --chown=${app_user} ./ /home/${app_user}/${app_name}

# copy the passenger production config
# use a mount/volume to override this file for other environments
#
# For development we use entrypoint to copy a development version into place
# Thus there is no conflict here
COPY --chown=${app_user}:${app_user} ./provision/Passengerfile.production.json /home/${app_user}/${app_name}/Passengerfile.json

# asign permissions to special things
RUN  chmod a+x ./provision/*.sh \
  && chmod a+x ./bin/* \
  # https://github.com/moby/moby/issues/20437
  && chmod 1777 ./tmp


# precompile passenger standalone
RUN bundle exec passenger start --runtime-check-only

ENTRYPOINT [ "./provision/entrypoint.sh" ]
CMD [ "passenger", "start" ]
# used for prod
EXPOSE 8888
# used for dev
EXPOSE 3000
VOLUME [ "/data" ]