update dockerfile

openpoke · Jan 9, 2024 · 11fb893 · 11fb893
1 parent 6aa658f
commit 11fb893
Show file tree

Hide file tree

Showing 4 changed files with 235 additions and 50 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,26 +1,122 @@
-FROM ruby:3.0.6
-MAINTAINER [email protected]
+FROM ruby:3.0 AS builder
 
-ARG rails_env=production
-ARG secret_key_base=
+RUN NODE_MAJOR=16 && \
+    apt-get update && apt-get upgrade -y && apt-get install -y ca-certificates curl gnupg && \
+    mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
+    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \
+    curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt-get update && apt-get install -y nodejs yarn \
+    build-essential \
+    postgresql-client \
+    libpq-dev && \
+    apt-get clean
 
-ENV APP_HOME /code
-ENV RAILS_ENV $rails_env
-ENV SECRET_KEY_BASE $secret_key_base
+# throw errors if Gemfile has been modified since Gemfile.lock
+RUN bundle config --global frozen 1
 
-RUN apt-get update
+WORKDIR /app
 
-RUN curl -sL https://deb.nodesource.com/setup_8.x | bash && \
-    apt-get install -y nodejs
+# Copy package dependencies files only to ensure maximum cache hit
+COPY ./package-lock.json /app/package-lock.json
+COPY ./package.json /app/package.json
+COPY ./Gemfile /app/Gemfile
+COPY ./Gemfile.lock /app/Gemfile.lock
 
-ADD Gemfile /tmp/Gemfile
-ADD Gemfile.lock /tmp/Gemfile.lock
-RUN cd /tmp && bundle install
+RUN gem install bundler:$(grep -A 1 'BUNDLED WITH' Gemfile.lock | tail -n 1 | xargs) && \
+    bundle config --local without 'development test' && \
+    bundle install -j4 --retry 3 && \
+    # Remove unneeded gems
+    bundle clean --force && \
+    # Remove unneeded files from installed gems (cache, *.o, *.c)
+    rm -rf /usr/local/bundle/cache && \
+    find /usr/local/bundle/ -name "*.c" -delete && \
+    find /usr/local/bundle/ -name "*.o" -delete && \
+    find /usr/local/bundle/ -name ".git" -exec rm -rf {} + && \
+    find /usr/local/bundle/ -name ".github" -exec rm -rf {} + && \
+    # whkhtmltopdf has binaries for all platforms, we don't need them once uncompressed
+    rm -rf /usr/local/bundle/gems/wkhtmltopdf-binary-*/bin/*.gz && \
+    # Remove additional unneded decidim files
+    find /usr/local/bundle/ -name "decidim_app-design" -exec rm -rf {} + && \
+    find /usr/local/bundle/ -name "spec" -exec rm -rf {} +
 
-RUN mkdir -p $APP_HOME
-WORKDIR $APP_HOME
-ADD . $APP_HOME
+RUN npm ci
 
-RUN bundle exec rake DATABASE_URL=postgresql://user:[email protected]/dbname assets:precompile
+# copy the rest of files
+COPY ./app /app/app
+COPY ./bin /app/bin
+COPY ./config /app/config
+COPY ./db /app/db
+COPY ./lib /app/lib
+COPY ./packages /app/packages
+COPY ./public/*.* /app/public/
+COPY ./config.ru /app/config.ru
+COPY ./Rakefile /app/Rakefile
+COPY ./babel.config.json /app/babel.config.json
+COPY ./postcss.config.js /app/postcss.config.js
 
-CMD ["bundle", "exec", "rails", "s", "-b0.0.0.0"]
+# Compile assets with Webpacker or Sprockets
+#
+# Notes:
+#   1. Executing "assets:precompile" runs "webpacker:compile", too
+#   2. For an app using encrypted credentials, Rails raises a `MissingKeyError`
+#      if the master key is missing. Because on CI there is no master key,
+#      we hide the credentials while compiling assets (by renaming them before and after)
+#
+RUN mv config/credentials.yml.enc config/credentials.yml.enc.bak 2>/dev/null || true
+RUN mv config/credentials config/credentials.bak 2>/dev/null || true
+
+RUN RAILS_ENV=production \
+    SECRET_KEY_BASE=dummy \
+    RAILS_MASTER_KEY=dummy \
+    DB_ADAPTER=nulldb \
+    bundle exec rails assets:precompile
+
+RUN mv config/credentials.yml.enc.bak config/credentials.yml.enc 2>/dev/null || true
+RUN mv config/credentials.bak config/credentials 2>/dev/null || true
+
+RUN rm -rf node_modules tmp/cache vendor/bundle test spec app/packs .git
+
+# This image is for production env only
+FROM ruby:3.0-slim AS final
+
+RUN apt-get update && \
+    apt-get install -y postgresql-client \
+    imagemagick \
+    curl \
+    supervisor && \
+    apt-get clean
+
+EXPOSE 3000
+
+ENV RAILS_LOG_TO_STDOUT true
+ENV RAILS_SERVE_STATIC_FILES true
+ENV RAILS_ENV production
+
+ARG RUN_RAILS
+ARG RUN_SIDEKIQ
+ARG COMMIT_SHA
+ARG COMMIT_TIME
+ARG COMMIT_VERSION
+
+ENV COMMIT_SHA ${COMMIT_SHA}
+ENV COMMIT_TIME ${COMMIT_TIME}
+ENV COMMIT_VERSION ${COMMIT_VERSION}
+
+# Add user
+RUN addgroup --system --gid 1000 app && \
+    adduser --system --uid 1000 --home /app --group app
+
+WORKDIR /app
+COPY ./entrypoint.sh /app/entrypoint.sh
+COPY ./supervisord.conf /etc/supervisord.conf 
+COPY --from=builder --chown=app:app /usr/local/bundle/ /usr/local/bundle/
+COPY --from=builder --chown=app:app /app /app
+
+USER app
+HEALTHCHECK --interval=1m --timeout=5s --start-period=30s \
+    CMD (curl -sSH "Content-Type: application/json" -d '{"query": "{ decidim { version } }"}' http://localhost:3000/api) || exit 1
+
+ENTRYPOINT ["/app/entrypoint.sh"]
+CMD ["/usr/bin/supervisord"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,47 +1,55 @@
-version: '2'
+version: '3'
 services:
   app:
-    image: decidim/decidim:0.7.2-dev
+    build: .
     volumes:
-      - .:/app
-      - bundle:/usr/local/bundle
-      - node_modules:/app/node_modules
+      - ./tmp/pids:/app/tmp/pids
+    # - ./entrypoint.sh:/app/entrypoint.sh
+    # - ./db/seeds.rb:/app/db/seeds.rb
+    #   - .:/app
+    #   - bundle:/usr/local/bundle
+    #   - node_modules:/app/node_modules
     environment:
-      - PORT=3000
-      - DATABASE_HOST=pg
-      - DATABASE_USERNAME=postgres
-      - RAILS_ENV=development
-      - REDIS_URL=redis://redis:6379
+      - DATABASE_URL=postgres://postgres:decidim@db/decidim
+      - SECRET_KEY_BASE=my-key-secret
+      - DECIDIM_FORCE_SSL=false
+      - QUEUE_ADAPTER=sidekiq
+      - REDIS_URL=redis://redis:6379/1
     ports:
       - 3000:3000
-    links:
-      - pg
+    depends_on:
+      - db
       - redis
-    command: bundle exec puma
-  worker:
-    image: decidim/decidim:0.7.2-dev
+  sidekiq:
+    build: .
     volumes:
-      - .:/app
-      - bundle:/usr/local/bundle
+    # - ./entrypoint.sh:/app/entrypoint.sh
+    #   - .:/app
+    #   - bundle:/usr/local/bundle
+    #   - node_modules:/app/node_modules
     environment:
-      - DATABASE_HOST=pg
-      - DATABASE_USERNAME=postgres
-      - RAILS_ENV=development
-      - REDIS_URL=redis://redis:6379
-    links:
-      - pg
+      - DATABASE_URL=postgres://postgres:decidim@db/decidim
+      - SECRET_KEY_BASE=my-key-secret
+      - DECIDIM_FORCE_SSL=false
+      - QUEUE_ADAPTER=sidekiq
+      - REDIS_URL=redis://redis:6379/1
+      - RUN_SIDEKIQ=true
+    depends_on:
       - redis
-    command: bundle exec sidekiq
-  pg:
-    image: postgres
+  db:
+    image: postgres:13
+    ports:
+      - "54321:5432"
+    environment:
+      - POSTGRES_PASSWORD=decidim
     volumes:
-      - pg-data:/var/lib/postgresql/data
+      - pg_data:/var/lib/postgresql/data
   redis:
     image: redis
     volumes:
-      - redis-data:/data
+      - redis_data:/data
 volumes:
-  node_modules: {}
-  bundle: {}
-  pg-data: {}
-  redis-data: {}
+  pg_data:
+  redis_data:
+  # bundle:
+  # node_modules:
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# Run rails by default if sidekiq is specified
+if [ -z "$RUN_RAILS" ] && [ -z "$RUN_SIDEKIQ" ]; then
+	RUN_RAILS=true
+	echo "⚠️ RUN_RAILS and RUN_SIDEKIQ are not set, defaulting to RUN_RAILS=true"
+fi
+
+if [ "$QUEUE_ADAPTER" != "sidekiq" ]; then
+	RUN_SIDEKIQ=false
+	echo "⚠️ Sidekiq is disabled because QUEUE_ADAPTER is not set to sidekiq"
+fi
+
+# ensure booleans
+if [ "$RUN_RAILS" == "true" ] || [ "$RUN_RAILS" == "1" ]; then
+	RUN_RAILS=true
+else
+	RUN_RAILS=false
+fi
+if [ "$RUN_SIDEKIQ" == "true" ] || [ "$RUN_SIDEKIQ" == "1" ]; then
+	RUN_SIDEKIQ=true
+else
+	RUN_SIDEKIQ=false
+fi
+
+if [ "$RUN_RAILS" == "true" ]; then
+	echo "✅ Running Rails"
+fi
+
+if [ "$RUN_SIDEKIQ" == "true" ]; then
+	echo "✅ Running Sidekiq"
+fi
+
+export RUN_RAILS
+export RUN_SIDEKIQ
+
+# Check all the gems are installed or fails.
+bundle check
+if [ $? -ne 0 ]; then
+	echo "❌ Gems in Gemfile are not installed, aborting..."
+	exit 1
+else
+	echo "✅ Gems in Gemfile are installed"
+fi
+
+# Check no migrations are pending migrations
+if [ -z "$SKIP_MIGRATIONS" ]; then
+	bundle exec rails db:migrate
+else
+	echo "⚠️ Skipping migrations"
+fi
+
+echo "✅ Migrations are all up"
+
+echo "🚀 $@"
+exec "$@"
diff --git a/supervisord.conf b/supervisord.conf
@@ -0,0 +1,25 @@
+[supervisord]
+nodaemon=true
+logfile=/tmp/supervisord.log
+pidfile=/tmp/supervisord.pid
+
+[program:puma]
+command=bin/rails server -b 0.0.0.0
+directory=/app
+# If RUN_RAILS is not set, defaults to RUN_SIDEKIQ not being defined
+autostart=%(ENV_RUN_RAILS)s
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:sidekiq]
+command=bundle exec sidekiq -C config/sidekiq.yml
+directory=/app
+autostart=%(ENV_RUN_SIDEKIQ)s
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[supervisorctl]