baarkerlounger
/
submit-social-housing-lettings-and-sales-data
mirror of https://github.com/communitiesuk/submit-social-housing-lettings-and-sales-data.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

feat: add nonroot user, update permissions and remove unrequired files in Dockerfile

pull/1804/head
Chirag-Bhatti 3 years ago committed by Sam Seed
parent
02db8f6f27
commit
981043b957
1 changed files with 40 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 48
      Dockerfile

48
Dockerfile
Unescape View File

@ -2,10 +2,10 @@ FROM ruby:3.1.4-alpine3.18 as base
WORKDIR /app WORKDIR /app
# Add the timezone as its not configured by default in Alpine # Add the timezone as it's not configured by default in Alpine
RUN apk add --update --no-cache tzdata && \ RUN apk add --update --no-cache tzdata && \
cp /usr/share/zoneinfo/Europe/London /etc/localtime && \ cp /usr/share/zoneinfo/Europe/London /etc/localtime && \
echo "Europe/London" > /etc/timezone echo "Europe/London" > /etc/timezone
# build-base: compilation tools for bundle # build-base: compilation tools for bundle
# yarn: node package manager # yarn: node package manager
@ -27,9 +27,15 @@ COPY . /app/
RUN bundle exec rake assets:precompile RUN bundle exec rake assets:precompile
ENV PORT=8080 ENV PORT=8080
EXPOSE ${PORT} EXPOSE ${PORT}
RUN adduser --system --no-create-home nonroot
# We expect the rake assets:precompile command to create these directories, but mkdir -p will create them if they don't already exist
RUN mkdir -p tmp log
RUN chown -R nonroot tmp log
RUN chown nonroot db/schema.rb
FROM base as development FROM base as development
RUN bundle config set without "" RUN bundle config set without ""
@ -38,10 +44,12 @@ RUN bundle install --jobs=4 --no-binstubs --no-cache
# Install gecko driver for Capybara tests # Install gecko driver for Capybara tests
RUN apk add firefox RUN apk add firefox
RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.31.0/geckodriver-v0.31.0-linux64.tar.gz \ RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.31.0/geckodriver-v0.31.0-linux64.tar.gz \
&& tar -xvzf geckodriver-v0.31.0-linux64.tar.gz \ && tar -xvzf geckodriver-v0.31.0-linux64.tar.gz \
&& rm geckodriver-v0.31.0-linux64.tar.gz \ && rm geckodriver-v0.31.0-linux64.tar.gz \
&& chmod +x geckodriver \ && chmod +x geckodriver \
&& mv geckodriver /usr/local/bin/ && mv geckodriver /usr/local/bin/
USER nonroot
CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0
@ -50,8 +58,32 @@ FROM base as staging
RUN bundle config set without "development" RUN bundle config set without "development"
RUN bundle install --jobs=4 --no-binstubs --no-cache RUN bundle install --jobs=4 --no-binstubs --no-cache
# Cleanup to reduce image size
RUN rm -rf node_modules && \
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/gems -name "*.c" -delete && \
find /usr/local/bundle/gems -name "*.h" -delete && \
find /usr/local/bundle/gems -name "*.o" -delete && \
find /usr/local/bundle/gems -name "*.html" -delete && \
rm -rf .env && \
rm -rf frontend
USER nonroot
CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0
FROM base as production FROM base as production
# Cleanup to reduce image size
RUN rm -rf node_modules && \
rm -rf /usr/local/bundle/cache && \
find /usr/local/bundle/gems -name "*.c" -delete && \
find /usr/local/bundle/gems -name "*.h" -delete && \
find /usr/local/bundle/gems -name "*.o" -delete && \
find /usr/local/bundle/gems -name "*.html" -delete && \
rm -rf .env && \
rm -rf frontend
USER nonroot
CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0

Write Preview
Loading…
Cancel
Save