From 9e5097f0cded20700e8911f7588d0ae546f2d34a Mon Sep 17 00:00:00 2001 From: Chirag Bhatti <64105694+cschiragb@users.noreply.github.com> Date: Mon, 14 Aug 2023 11:43:11 +0100 Subject: [PATCH] CLDC-2531: Update application dockerfiles (#1804) * feat: update docker files * CLDC-2531: update docker compose to enforce amd64 and use new port for db * feat: add bundle config in Dockerfile for bundle installs * feat: update bundle install steps in Dockerfile * feat: add nonroot user, update permissions and remove unrequired files in Dockerfile * feat: update remove folder path in Dockerfile * CLDC-2531: update Dockerfile to no longer remove files as it's redundant * Run npx update-browserslist-db@latest * feat: define package versions, add test stage to dockerfile and refactor nonroot user permissions * feat: update docker command for test stage * feat: remove unrequired directories and permissions * feat: remove unrequired staging Dockerfile stage --------- Co-authored-by: Chirag Bhatti Co-authored-by: Sam Seed --- Dockerfile | 87 +++++++++++++++++++++++----------------------- Dockerfile_dev | 41 ---------------------- docker-compose.yml | 6 ++-- yarn.lock | 6 ++-- 4 files changed, 51 insertions(+), 89 deletions(-) delete mode 100644 Dockerfile_dev diff --git a/Dockerfile b/Dockerfile index 43479ee9c..e4c3617c1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,71 +1,72 @@ -# Build compilation image -FROM ruby:3.1.4-alpine as builder +FROM ruby:3.1.4-alpine3.18 as base -# The application runs from /app WORKDIR /app # Add the timezone as it's not configured by default in Alpine RUN apk add --update --no-cache tzdata && \ - cp /usr/share/zoneinfo/Europe/London /etc/localtime && \ - echo "Europe/London" > /etc/timezone + cp /usr/share/zoneinfo/Europe/London /etc/localtime && \ + echo "Europe/London" > /etc/timezone -# build-base: complication tools for bundle +# build-base: compilation tools for bundle # yarn: node package manager # postgresql-dev: postgres driver and libraries -RUN apk add --no-cache build-base yarn postgresql-dev git +RUN apk add --no-cache build-base=0.5-r3 yarn=1.22.19-r0 postgresql13-dev=13.11-r0 git=2.40.1-r0 bash=5.2.15-r5 -# Install bundler to run bundle exec -# This should be the same version as the Gemfile.lock +# Bundler version should be the same version as what the Gemfile.lock was bundled with RUN gem install bundler:2.3.14 --no-document -# Install gems defined in Gemfile COPY .ruby-version Gemfile Gemfile.lock /app/ - RUN bundle config set without "development test" -ARG BUNDLE_FLAGS="--jobs=4 --no-binstubs --no-cache" -RUN bundle install ${BUNDLE_FLAGS} +RUN bundle install --jobs=4 --no-binstubs --no-cache -# Install node packages defined in package.json, including webpack COPY package.json yarn.lock /app/ RUN yarn install --frozen-lockfile -# Copy all files to /app (except what is defined in .dockerignore) COPY . /app/ -# Compile assets and run webpack. We set a dummy secret key. -RUN RAILS_ENV=production bundle exec rails SECRET_KEY_BASE=pickasecuretoken assets:precompile +RUN bundle exec rake assets:precompile -# Cleanup to save space in the production image -RUN rm -rf node_modules log tmp && \ - rm -rf /usr/local/bundle/cache && \ - rm -rf .env && \ - find /usr/local/bundle/gems -name "*.c" -delete && \ - find /usr/local/bundle/gems -name "*.h" -delete && \ - find /usr/local/bundle/gems -name "*.o" -delete && \ - find /usr/local/bundle/gems -name "*.html" -delete +ENV PORT=8080 +EXPOSE ${PORT} -# Build runtime image -FROM ruby:3.1.4-alpine as production +RUN adduser --system --no-create-home nonroot -# The application runs from /app -WORKDIR /app +FROM base as test -# Add postgres driver library -# Add the timezone as it's not configured by default in Alpine -RUN apk add --update --no-cache libpq tzdata && \ - cp /usr/share/zoneinfo/Europe/London /etc/localtime && \ - echo "Europe/London" > /etc/timezone +RUN bundle config set without "" +RUN bundle install --jobs=4 --no-binstubs --no-cache -# Copy files generated in the builder image -COPY --from=builder /app /app -COPY --from=builder /usr/local/bundle/ /usr/local/bundle/ +# Install gecko driver for Capybara tests +RUN apk add firefox +RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.31.0/geckodriver-v0.31.0-linux64.tar.gz \ + && tar -xvzf geckodriver-v0.31.0-linux64.tar.gz \ + && rm geckodriver-v0.31.0-linux64.tar.gz \ + && chmod +x geckodriver \ + && mv geckodriver /usr/local/bin/ -ARG GIT_COMMIT_SHA="UNKNOWN" -ENV GIT_COMMIT_SHA=${GIT_COMMIT_SHA} -RUN echo ${GIT_COMMIT_SHA} > ./GIT_COMMIT_SHA +CMD bundle exec rake parallel:setup && bundle exec rake parallel:spec -ENV PORT=8080 +FROM base as development -EXPOSE ${PORT} +# We expect the rake assets:precompile command to create these directories, but mkdir -p will create them if they don't already exist +RUN mkdir -p tmp log +RUN chown -R nonroot tmp log +RUN chown nonroot db/schema.rb + +RUN bundle config set without "test" +RUN bundle install --jobs=4 --no-binstubs --no-cache + +USER nonroot + +CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 + +FROM base as production + +# We expect the rake assets:precompile command to create these directories, but mkdir -p will create them if they don't already exist +RUN mkdir -p tmp log +RUN chown -R nonroot tmp log +RUN chown nonroot db/schema.rb + +USER nonroot -CMD RAILS_ENV=${RAILS_ENV} bundle exec rake db:migrate && bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 +CMD bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 diff --git a/Dockerfile_dev b/Dockerfile_dev deleted file mode 100644 index e80f1d816..000000000 --- a/Dockerfile_dev +++ /dev/null @@ -1,41 +0,0 @@ -# Build compilation image -FROM ruby:3.1.4-alpine - -# The application runs from /app -WORKDIR /app - -# Add the timezone as it's not configured by default in Alpine -RUN apk add --update --no-cache tzdata && cp /usr/share/zoneinfo/Europe/London /etc/localtime && echo "Europe/London" > /etc/timezone - -RUN apk add --no-cache build-base yarn postgresql-dev git bash - -# Install bundler to run bundle exec -# This should be the same version as the Gemfile.lock -RUN gem install bundler:2.3.14 --no-document - -# Install gems defined in Gemfile -COPY .ruby-version Gemfile Gemfile.lock /app/ - -ARG BUNDLE_FLAGS="--jobs=4 --no-binstubs --no-cache" -RUN bundle install ${BUNDLE_FLAGS} - -# Install node packages defined in package.json, including webpack -COPY package.json yarn.lock /app/ -RUN yarn install --frozen-lockfile - -# Install gecko driver for Capybara tests -RUN apk add firefox -RUN wget https://github.com/mozilla/geckodriver/releases/download/v0.31.0/geckodriver-v0.31.0-linux64.tar.gz \ - && tar -xvzf geckodriver-v0.31.0-linux64.tar.gz \ - && rm geckodriver-v0.31.0-linux64.tar.gz \ - && chmod +x geckodriver \ - && mv geckodriver /usr/local/bin/ - -# Copy all files to /app (except what is defined in .dockerignore) -COPY . /app/ - -ENV PORT=8080 - -EXPOSE ${PORT} - -CMD RAILS_ENV=${RAILS_ENV} bundle exec rake db:migrate && bundle exec rails s -e ${RAILS_ENV} -p ${PORT} --binding=0.0.0.0 diff --git a/docker-compose.yml b/docker-compose.yml index fc50f354e..69c4c9377 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,7 @@ services: volumes: - dbdata:/var/lib/postgresql/data ports: - - 5433:5432 # Mapped to 5433 in case Postgres is already running locally on 5432 + - 8081:5432 # Mapped to 8081 in case Postgres is already running locally on 5432 environment: - POSTGRES_PASSWORD=password - POSTGRES_USER=postgres @@ -20,7 +20,9 @@ services: app: build: context: . - dockerfile: ./Dockerfile_dev + dockerfile: ./Dockerfile + target: development + platform: linux/amd64 ports: - 8080:8080 depends_on: diff --git a/yarn.lock b/yarn.lock index 8e34a628c..decc34e47 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1843,9 +1843,9 @@ camelcase@^6.3.0: integrity sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA== caniuse-lite@^1.0.30001400: - version "1.0.30001410" - resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001410.tgz#b5a86366fbbf439d75dd3db1d21137a73e829f44" - integrity sha512-QoblBnuE+rG0lc3Ur9ltP5q47lbguipa/ncNMyyGuqPk44FxbScWAeEO+k5fSQ8WekdAK4mWqNs1rADDAiN5xQ== + version "1.0.30001519" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001519.tgz" + integrity sha512-0QHgqR+Jv4bxHMp8kZ1Kn8CH55OikjKJ6JmKkZYP1F3D7w+lnFXF70nG5eNfsZS89jadi5Ywy5UCSKLAglIRkg== caseless@^0.12.0, caseless@~0.12.0: version "0.12.0"