New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add default Dockerfiles #46762
Add default Dockerfiles #46762
Changes from 7 commits
1da5dc5
8be1ff9
37b0e0f
9e35cf9
839d4ce
1de322d
a3a388e
5c61c33
6b9a262
3571b09
7eb227a
de9668d
d77da7b
55becf7
4539d29
513e50e
b2727c4
42fddba
621243c
8b64c61
65e3e68
b6297d6
09ff397
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Make sure it matches the Ruby version in .ruby-version and Gemfile | ||
FROM ruby:<%= Gem.ruby_version %> | ||
|
||
<% if using_node? -%> | ||
# Install JavaScript dependencies and libvips for Active Storage | ||
RUN curl -sL https://deb.nodesource.com/setup_19.x | bash - | ||
RUN apt-get update -qq && apt-get install -y build-essential libvips nodejs && npm install -g yarn | ||
dhh marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
<% elsif !skip_active_storage? -%> | ||
# Install libvips for Active Storage preview support | ||
RUN apt-get update -qq && apt-get install -y build-essential libvips | ||
dhh marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
<% end -%> | ||
WORKDIR /rails | ||
|
||
ENV RAILS_LOG_TO_STDOUT="1" \ | ||
RAILS_SERVE_STATIC_FILES="true" \ | ||
RAILS_ENV="production" \ | ||
BUNDLE_WITHOUT="development:test" | ||
|
||
# Install application gems | ||
COPY Gemfile Gemfile.lock ./ | ||
RUN bundle install | ||
|
||
# Copy application code | ||
COPY . . | ||
|
||
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY | ||
RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rails assets:precompile | ||
dhh marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
# Entrypoint prepares database and starts app on 0.0.0.0:3000 | ||
ENTRYPOINT ["/rails/bin/docker-entrypoint"] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. is it using the root user ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes. Mapping cleanly for non-root use-cases is an exercise in frustration especially for Linux where it needs to map to a host UID / GID in /etc/hosts. If not running as root is important, run it via Podman. If this is intended for deployment, most hosting providers aren't giving you root level to the full server. Just within the container you're given so I don't think it's a huge deal. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There are plenty of risks with rails running as root within a container, even is a syscap constrained environment (like the cloud). If a container is compromised, the attacker now has the ability to install packages, read and write arbitrary files within the container. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @ianks thanks. This makes sense. I generally run all my docker containers as non-root users just because it's generally good practice, didn't realize there was real security concerns with it on hosting providers considering I never see dockerfiles from them as non-root users. Apologies for brushing this off and thank you for taking the time. |
||
EXPOSE 3000 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
#!/bin/sh | ||
|
||
# Used by the Dockerfile to start the application with a prepared database | ||
|
||
# Create new or migrate existing database | ||
./bin/rails db:prepare | ||
|
||
# Start the server | ||
exec ./bin/rails server "$@" | ||
dhh marked this conversation as resolved.
Show resolved
Hide resolved
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# See https://docs.docker.com/engine/reference/builder/#dockerignore-file for more about ignoring files. | ||
|
||
# Ignore bundler config. | ||
/.bundle | ||
|
||
# Ignore all logfiles and tempfiles. | ||
/log/* | ||
/tmp/* | ||
<% if keeps? -%> | ||
!/log/.keep | ||
!/tmp/.keep | ||
|
||
# Ignore pidfiles, but keep the directory. | ||
/tmp/pids/* | ||
!/tmp/pids/ | ||
!/tmp/pids/.keep | ||
<% end -%> | ||
|
||
# Ignore storage (uploaded files in development and any SQLite databases). | ||
/storage/* | ||
<% if keeps? -%> | ||
!/storage/.keep | ||
/tmp/storage/* | ||
!/tmp/storage/ | ||
!/tmp/storage/.keep | ||
<% end -%> | ||
<% unless options.api? -%> | ||
|
||
/public/assets | ||
<% end -%> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It could be useful to mention
--build-arg
to help with debugging out-of-sync Ruby versions.