Rebuild dockerfile and fly config from scratch

.dockerignore

@@ -1,19 +1,37 @@
-.git
-tmp
-!tmp/pids
-log
-public/assets
-public/packs
-.bundle
+# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files.
 
-db/*.sqlite3
-db/*.sqlite3-*
+# Ignore git directory.
+/.git/
 
-storage
-config/master.key
-config/credentials/*.key
+# Ignore bundler config.
+/.bundle
 
-node_modules
+# Ignore all default key files.
+/config/master.key
+/config/credentials/*.key
 
-# DB
-*.dump
+# Ignore all environment files.
+/.env*
+!/.env.example
+
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+
+# Ignore pidfiles, but keep the directory.
+/tmp/pids/*
+!/tmp/pids/.keep
+
+# Ignore storage (uploaded files in development and any SQLite databases).
+/storage/*
+!/storage/.keep
+/tmp/storage/*
+!/tmp/storage/.keep
+
+# Ignore assets.
+/node_modules/
+/app/assets/builds/*
+!/app/assets/builds/.keep
+/public/assets

Dockerfile

@@ -1,117 +1,79 @@
-# syntax = docker/dockerfile:experimental
-
-# Dockerfile used to build a deployable image for a Rails application.
-# Adjust as required.
-#
-# Common adjustments you may need to make over time:
-#  * Modify version numbers for Ruby, Bundler, and other products.
-#  * Add library packages needed at build time for your gems, node modules.
-#  * Add deployment packages needed by your application
-#  * Add (often fake) secrets needed to compile your assets
-
-#######################################################################
-
-# Learn more about the chosen Ruby stack, Fullstaq Ruby, here:
-#   https://github.com/evilmartians/fullstaq-ruby-docker.
-#
-# We recommend using the highest patch level for better security and
-# performance.
+# syntax = docker/dockerfile:1
 
+# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
 ARG RUBY_VERSION=3.2.2
-ARG VARIANT=jemalloc-slim
-FROM quay.io/evl.ms/fullstaq-ruby:${RUBY_VERSION}-${VARIANT} as base
-ENV RUBY_YJIT_ENABLE=1
+FROM ruby:$RUBY_VERSION-slim as base
 
 LABEL fly_launch_runtime="rails"
 
-ARG BUNDLER_VERSION=2.3.24
+# Rails app lives here
+WORKDIR /rails
 
-ARG RAILS_ENV=production
-ENV RAILS_ENV=${RAILS_ENV}
+# Set production environment
+ENV RAILS_ENV="production" \
+  BUNDLE_WITHOUT="development:test" \
+  BUNDLE_DEPLOYMENT="1"
 
-ENV RAILS_SERVE_STATIC_FILES true
-ENV RAILS_LOG_TO_STDOUT true
+# Update gems and bundler
+RUN gem update --system --no-document && \
+  gem install -N bundler
 
-ARG BUNDLE_WITHOUT=development:test
-ARG BUNDLE_PATH=vendor/bundle
-ENV BUNDLE_PATH ${BUNDLE_PATH}
-ENV BUNDLE_WITHOUT ${BUNDLE_WITHOUT}
+# Throw-away build stage to reduce size of final image
+FROM base as build
 
-RUN mkdir /app
-WORKDIR /app
-RUN mkdir -p tmp/pids
+# Install packages needed to build gems
+RUN --mount=type=cache,id=dev-apt-cache,sharing=locked,target=/var/cache/apt \
+  --mount=type=cache,id=dev-apt-lib,sharing=locked,target=/var/lib/apt \
+  apt-get update -qq && \
+  apt-get install --no-install-recommends -y build-essential git libpq-dev libvips
 
-RUN gem update --system --no-document && \
-  gem install -N bundler -v ${BUNDLER_VERSION}
+# Install application gems
+COPY --link Gemfile Gemfile.lock ./
+RUN --mount=type=cache,id=bld-gem-cache,sharing=locked,target=/srv/vendor \
+  bundle config set app_config .bundle && \
+  bundle config set path /srv/vendor && \
+  bundle install && \
+  bundle exec bootsnap precompile --gemfile && \
+  bundle clean && \
+  mkdir -p vendor && \
+  bundle config set path vendor && \
+  cp -ar /srv/vendor .
 
-#######################################################################
+# Copy application code
+COPY --link . .
 
-# install packages only needed at build time
+# Precompile bootsnap code for faster boot times
+RUN bundle exec bootsnap precompile app/ lib/
 
-FROM base as build_deps
+# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
+RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
 
-ARG BUILD_PACKAGES="git build-essential libpq-dev wget vim curl gzip xz-utils libsqlite3-dev libyaml-dev"
-ENV BUILD_PACKAGES ${BUILD_PACKAGES}
 
+# Final stage for app image
+FROM base
+
+# Install packages needed for deployment
 RUN --mount=type=cache,id=dev-apt-cache,sharing=locked,target=/var/cache/apt \
   --mount=type=cache,id=dev-apt-lib,sharing=locked,target=/var/lib/apt \
   apt-get update -qq && \
-  apt-get install --no-install-recommends -y ${BUILD_PACKAGES} \
-  && rm -rf /var/lib/apt/lists /var/cache/apt/archives
-
-#######################################################################
-
-# install gems
+  apt-get install --no-install-recommends -y curl imagemagick libjemalloc2 libvips postgresql-client ruby-foreman
 
-FROM build_deps as gems
+# Copy built artifacts: gems, application
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build /rails /rails
 
-COPY Gemfile* ./
-RUN bundle install &&  rm -rf vendor/bundle/ruby/*/cache
+# Run and own only the runtime files as a non-root user for security
+RUN useradd rails --create-home --shell /bin/bash && \
+  chown -R rails:rails db log storage tmp
+USER rails:rails
 
-#######################################################################
+# Deployment options
+ENV LD_PRELOAD="libjemalloc.so.2" \
+  MALLOC_CONF="dirty_decay_ms:1000,narenas:2,background_thread:true" \
+  RUBY_YJIT_ENABLE="1"
 
-# install deployment packages
+# Entrypoint prepares the database.
+ENTRYPOINT ["/rails/bin/docker-entrypoint"]
 
-FROM base
-
-ARG DEPLOY_PACKAGES="postgresql-client libvips42 file vim curl gzip libsqlite3-0 ruby-foreman"
-ENV DEPLOY_PACKAGES=${DEPLOY_PACKAGES}
-
-RUN --mount=type=cache,id=prod-apt-cache,sharing=locked,target=/var/cache/apt \
-  --mount=type=cache,id=prod-apt-lib,sharing=locked,target=/var/lib/apt \
-  apt-get update -qq && \
-  apt-get install --no-install-recommends -y \
-  ${DEPLOY_PACKAGES} \
-  && rm -rf /var/lib/apt/lists /var/cache/apt/archives
-
-# copy installed gems
-COPY --from=gems /app /app
-COPY --from=gems /usr/lib/fullstaq-ruby/versions /usr/lib/fullstaq-ruby/versions
-COPY --from=gems /usr/local/bundle /usr/local/bundle
-
-#######################################################################
-
-# Deploy your application
-COPY . .
-
-# Adjust binstubs to run on Linux and set current working directory
-RUN chmod +x /app/bin/* && \
-  sed -i 's/ruby.exe/ruby/' /app/bin/* && \
-  sed -i '/^#!/aDir.chdir File.expand_path("..", __dir__)' /app/bin/*
-
-# The following enable assets to precompile on the build server.  Adjust
-# as necessary.  If no combination works for you, see:
-# https://fly.io/docs/rails/getting-started/existing/#access-to-environment-variables-at-build-time
-ENV SECRET_KEY_BASE 1
-ENV AWS_ACCESS_KEY_ID=1
-ENV AWS_SECRET_ACCESS_KEY=1
-
-# Run build task defined in lib/tasks/fly.rake
-ARG BUILD_COMMAND="bin/rails fly:build"
-RUN ${BUILD_COMMAND}
-
-# Default server start instructions.  Generally Overridden by fly.toml.
-ENV PORT 8080
-ARG SERVER_COMMAND="bin/rails fly:server"
-ENV SERVER_COMMAND ${SERVER_COMMAND}
-CMD ${SERVER_COMMAND}
+# Start the server by default, this can be overwritten at runtime
+EXPOSE 3000

Gemfile

@@ -51,6 +51,7 @@ group :development do
   gem "annotate"
   gem "benchmark-ips"
   gem "brakeman"
+  gem "dockerfile-rails"
   gem "letter_opener"
   gem "rubocop", require: false
   gem "standard", require: false

Gemfile.lock

@@ -145,6 +145,8 @@ GEM
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
+    dockerfile-rails (1.5.12)
+      rails (>= 3.0.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
     doorkeeper (5.6.6)
@@ -285,7 +287,7 @@ GEM
       actionpack (>= 4.2)
       omniauth (~> 2.0)
     orm_adapter (0.5.0)
-    pagy (6.1.0)
+    pagy (6.2.0)
     parallel (1.23.0)
     parser (3.2.2.4)
       ast (~> 2.4.1)
@@ -495,6 +497,7 @@ DEPENDENCIES
   cloudinary
   debug
   devise
+  dockerfile-rails
   doorkeeper
   guard
   guard-minitest

Procfile.fly

@@ -1,2 +1,2 @@
-web: bin/rails server -p 8080
+web: bin/rails server -p 3000
 sidekiq: bundle exec sidekiq -C config/sidekiq.yml

bin/docker-entrypoint

@@ -0,0 +1,7 @@
+#!/bin/bash -e
+
+if [ "${*}" == "foreman start --procfile=Procfile.fly" ]; then
+  ./bin/rails db:prepare
+fi
+
+exec "${@}"

config/dockerfile.yml

@@ -0,0 +1,11 @@
+# generated by dockerfile-rails
+
+---
+options:
+  cache: true
+  jemalloc: true
+  label:
+    fly_launch_runtime: rails
+  parallel: true
+  procfile: Procfile.fly
+  yjit: true

fly.toml

@@ -1,54 +1,17 @@
-# fly.toml app configuration file generated for visualizer on 2023-07-17T10:05:33+02:00
+# fly.toml app configuration file generated for visualizer on 2023-11-11T20:39:43+01:00
 #
 # See https://fly.io/docs/reference/configuration/ for information about how to use this file.
 #
 
 app = "visualizer"
 primary_region = "fra"
-kill_signal = "SIGINT"
-kill_timeout = "5s"
+console_command = "/rails/bin/rails console"
 
-[experimental]
-  auto_rollback = true
+[processes]
+  app = "foreman start --procfile=Procfile.fly"
 
-[build]
-  [build.args]
-    BUILD_COMMAND = "bin/rails fly:build"
-    SERVER_COMMAND = "bin/rails fly:server"
-
-[deploy]
-  release_command = "bin/rails fly:release"
-  strategy = "rolling"
-
-[env]
-  PORT = "8080"
-
-[[mounts]]
-  source = "redis_machines"
-  destination = "/redis"
-  processes = ["app"]
-
-[[services]]
-  protocol = "tcp"
-  internal_port = 8080
+[http_service]
+  internal_port = 3000
+  force_https = true
+  auto_stop_machines = false
   processes = ["app"]
-
-  [[services.ports]]
-    port = 80
-    handlers = ["http"]
-    force_https = true
-
-  [[services.ports]]
-    port = 443
-    handlers = ["tls", "http"]
-
-  [services.concurrency]
-    type = "connections"
-    hard_limit = 500
-    soft_limit = 400
-
-  [[services.tcp_checks]]
-    interval = "15s"
-    timeout = "2s"
-    grace_period = "1s"
-    restart_limit = 0