forked from sharetribe/sharetribe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
127 lines (100 loc) · 3.77 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
FROM ruby:2.7.5-bullseye
MAINTAINER Sharetribe Team <[email protected]>
ENV REFRESHED_AT 2023-02-01
RUN apt-get update && apt-get dist-upgrade -y
# Prevent GPG from trying to bind on IPv6 address even if there are none
RUN mkdir ~/.gnupg \
&& chmod 600 ~/.gnupg \
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf
#
# Node (based on official docker node image)
#
# gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
FD3A5288F042B6850C66B31F09FE44734EB7990E \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
; do \
gpg --batch --keyserver hkp://keys.openpgp.org --recv-keys "$key" || \
gpg --batch --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" ; \
done
ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 10.15.3
RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
&& curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
&& rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs
# Add helper for decrypting secure environment variables
RUN curl -sfSL \
-o /usr/sbin/secure-environment \
"https://github.com/convox/secure-environment/releases/download/v0.0.1/secure-environment" \
&& echo "4e4c1ed98f1ff4518c8448814c74d6d05ba873879e16817cd6a02ee5013334ea */usr/sbin/secure-environment" \
| sha256sum -c - \
&& chmod 755 /usr/sbin/secure-environment
#
# Sharetribe
#
# Install:
# - nginx - used to serve maintenance mode page
# - MySQL 5.7 repo and client libs
COPY script/setup-mysql-apt-repo.sh /root/
RUN apt-get install -y nginx \
&& /root/setup-mysql-apt-repo.sh \
&& apt-get install -y libmysqlclient-dev
# Install latest bundler
ENV BUNDLE_BIN=
# Get new ruby gems and bundler, resolves issue with installation of mini_racer and libv8-node
RUN gem update --system 3.4.6
# Run as non-privileged user
RUN useradd -m -s /bin/bash app \
&& mkdir /opt/app /opt/app/client /opt/app/log /opt/app/tmp && chown -R app:app /opt/app
WORKDIR /opt/app
COPY Gemfile Gemfile.lock /opt/app/
ENV RAILS_ENV production
USER app
RUN bundle config set --local deployment true && \
bundle config set --local without test,development && \
bundle install
COPY package.json package-lock.json /opt/app/
COPY client/package.json client/package-lock.json /opt/app/client/
ENV NODE_ENV production
ENV NPM_CONFIG_LOGLEVEL error
ENV NPM_CONFIG_PRODUCTION true
RUN npm ci && cd client && npm ci
COPY . /opt/app
EXPOSE 3000
CMD ["script/startup.sh"]
ENTRYPOINT ["script/entrypoint.sh"]
#
# Assets
#
# Fix ownership of directories that need to be writable
USER root
RUN mkdir -p \
app/assets/webpack \
public/assets \
public/webpack \
&& chown -R app:app \
app/assets/javascripts \
app/assets/webpack \
client/app/ \
public/assets \
public/webpack
USER app
# If assets.tar.gz file exists in project root
# assets will be extracted from there.
# Otherwise, assets will be compiled with `rake assets:precompile`.
# Useful for caching assets between builds.
RUN script/prepare-assets.sh