-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
128 lines (100 loc) · 3.83 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
FROM ruby:2.6.2
MAINTAINER Sharetribe Team <[email protected]>
ENV REFRESHED_AT 2019-04-12
# NOTE: we will migrate soon to newer ruby version and away from Debian
# Jessie-based image. For now, enable only package repositories that are still
# maintained for jessie for LTS.
RUN echo 'deb http://deb.debian.org/debian jessie main' > /etc/apt/sources.list \
&& echo 'deb http://security.debian.org jessie/updates main' >> /etc/apt/sources.list \
&& apt-get update \
&& apt-get dist-upgrade -y
# Prevent GPG from trying to bind on IPv6 address even if there are none
RUN mkdir ~/.gnupg \
&& chmod 600 ~/.gnupg \
&& echo "disable-ipv6" >> ~/.gnupg/dirmngr.conf
#
# Node (based on official docker node image)
#
# gpg keys listed at https://github.com/nodejs/node#release-team
RUN set -ex \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
B9E2F5981AA6E0CD28160D9FF13993A75599653C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
77984A986EBC2AA786BC0F66B01FBB92821C587A \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
FD3A5288F042B6850C66B31F09FE44734EB7990E \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
; do \
gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \
gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \
gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \
done
ENV NPM_CONFIG_LOGLEVEL info
ENV NODE_VERSION 12.11.0
RUN curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" \
&& curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
&& gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
&& grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
&& tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 \
&& rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
&& ln -s /usr/local/bin/node /usr/local/bin/nodejs
# Add helper for decrypting secure environment variables
RUN curl -sfSL \
-o /usr/sbin/secure-environment \
"https://github.com/convox/secure-environment/releases/download/v0.0.1/secure-environment" \
&& echo "4e4c1ed98f1ff4518c8448814c74d6d05ba873879e16817cd6a02ee5013334ea */usr/sbin/secure-environment" \
| sha256sum -c - \
&& chmod 755 /usr/sbin/secure-environment
#
# Sharetribe
#
# Install nginx - used to serve maintenance mode page
RUN apt-get install -y nginx
# Install latest bundler
ENV BUNDLE_BIN=
RUN gem install bundler
# Run as non-privileged user
RUN useradd -m -s /bin/bash app \
&& mkdir /opt/app /opt/app/client /opt/app/log /opt/app/tmp && chown -R app:app /opt/app
WORKDIR /opt/app
COPY Gemfile /opt/app
COPY Gemfile.lock /opt/app
ENV RAILS_ENV production
USER app
RUN bundle install --deployment --without test,development
COPY package.json /opt/app/
COPY client/package.json /opt/app/client/
ENV NODE_ENV production
ENV NPM_CONFIG_LOGLEVEL error
ENV NPM_CONFIG_PRODUCTION true
RUN npm install
COPY . /opt/app
EXPOSE 3000
CMD ["script/startup.sh"]
ENTRYPOINT ["script/entrypoint.sh"]
#
# Assets
#
# Fix ownership of directories that need to be writable
USER root
RUN mkdir -p \
app/assets/webpack \
public/assets \
public/webpack \
&& chown -R app:app \
app/assets/javascripts \
app/assets/webpack \
client/app/ \
public/assets \
public/webpack
USER app
# If assets.tar.gz file exists in project root
# assets will be extracted from there.
# Otherwise, assets will be compiled with `rake assets:precompile`.
# Useful for caching assets between builds.
RUN script/prepare-assets.sh