-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Dockerfile and Github Build/Push (#627)
* Update Dockerfile and gems * Add build workflow * Update Dockerfile path * Minimize push action * Point github build workflow to main branch locations
- Loading branch information
Showing
4 changed files
with
177 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: Build | ||
on: | ||
push: | ||
branches: | ||
- main | ||
|
||
jobs: | ||
docker: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ secrets.PUZZLE_REGISTRY }} | ||
username: ${{ secrets.PUZZLE_REGISTRY_USERNAME }} | ||
password: ${{ secrets.PUZZLE_REGISTRY_PASSWORD }} | ||
|
||
- uses: docker/build-push-action@v4 | ||
with: | ||
tags: | | ||
${{ secrets.PUZZLE_REGISTRY }}/skills:latest | ||
push: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,98 +1,207 @@ | ||
################################# | ||
# Variables # | ||
################################# | ||
|
||
# Versioning | ||
ARG RUBY_VERSION="3.2.1" | ||
ARG BUNDLER_VERSION="2.5.6" | ||
ARG NODEJS_VERSION="18" | ||
ARG YARN_VERSION="1.22.10" | ||
|
||
# Packages | ||
ARG BUILD_PACKAGES="nodejs build-essential shared-mime-info" | ||
ARG RUN_PACKAGES="shared-mime-info postgresql" | ||
|
||
# Scripts | ||
ARG PRE_INSTALL_SCRIPT="curl -sL https://deb.nodesource.com/setup_${NODEJS_VERSION}.x -o /tmp/nodesource_setup.sh && bash /tmp/nodesource_setup.sh" | ||
ARG INSTALL_SCRIPT="node -v && npm -v && npm install -g yarn && yarn set version ${YARN_VERSION}" | ||
ARG PRE_BUILD_SCRIPT | ||
ARG BUILD_SCRIPT="yarn install && bundle exec rake assets:precompile" | ||
ARG POST_BUILD_SCRIPT="echo \"(built at: $(date '+%Y-%m-%d %H:%M:%S'))\" > /app-src/BUILD_INFO" | ||
|
||
# Bundler specific | ||
ARG BUNDLE_WITHOUT="development:metrics:test" | ||
|
||
# App specific | ||
ARG RAILS_ENV="production" | ||
ARG RACK_ENV="production" | ||
ARG NODE_ENV="production" | ||
ARG RAILS_HOST_NAME="unused.example.net" | ||
ARG SECRET_KEY_BASE="needs-to-be-set" | ||
|
||
# Github specific | ||
ARG GITHUB_SHA | ||
ARG GITHUB_REPOSITORY | ||
ARG GITHUB_REF_NAME | ||
ARG BUILD_COMMIT="$GITHUB_SHA" | ||
ARG BUILD_REPO="$GITHUB_REPOSITORY" | ||
ARG BUILD_REF="$GITHUB_REF_NAME" | ||
|
||
# # Gitlab specific | ||
# ARG CI_COMMIT_SHA | ||
# ARG CI_REPOSITORY_URL | ||
# ARG CI_COMMIT_REF_NAME | ||
# ARG BUILD_COMMIT="$CI_COMMIT_SHA" | ||
# ARG BUILD_REPO="$CI_REPOSITORY_URL" | ||
# ARG BUILD_REF="$CI_COMMIT_REF_NAME" | ||
|
||
# # Openshift specific | ||
# ARG OPENSHIFT_BUILD_COMMIT | ||
# ARG OPENSHIFT_BUILD_SOURCE | ||
# ARG OPENSHIFT_BUILD_REFERENCE | ||
# ARG BUILD_COMMIT="$OPENSHIFT_BUILD_COMMIT" | ||
# ARG BUILD_REPO="$OPENSHIFT_BUILD_SOURCE" | ||
# ARG BUILD_REF="$OPENSHIFT_BUILD_REFERENCE" | ||
|
||
# Runtime ENV vars | ||
ARG SENTRY_CURRENT_ENV | ||
ARG PS1="$SENTRY_CURRENT_ENV > " | ||
ARG TZ="Europe/Zurich" | ||
|
||
|
||
################################# | ||
# Build Stage # | ||
################################# | ||
|
||
FROM ruby:3.2 AS build | ||
FROM ruby:${RUBY_VERSION} AS build | ||
|
||
# arguments for steps | ||
ARG PRE_INSTALL_SCRIPT | ||
ARG BUILD_PACKAGES | ||
ARG INSTALL_SCRIPT | ||
ARG BUNDLER_VERSION | ||
ARG PRE_BUILD_SCRIPT | ||
ARG BUNDLE_WITHOUT | ||
ARG BUILD_SCRIPT | ||
ARG POST_BUILD_SCRIPT | ||
|
||
# arguments potentially used by steps | ||
ARG NODE_ENV | ||
ARG RACK_ENV | ||
ARG RAILS_ENV | ||
ARG RAILS_HOST_NAME | ||
ARG SECRET_KEY_BASE | ||
ARG TZ | ||
|
||
# Set build shell | ||
SHELL ["/bin/bash", "-c"] | ||
|
||
# Use root user | ||
USER root | ||
|
||
ARG BUILD_PACKAGES | ||
ARG BUILD_SCRIPT | ||
ARG BUNDLE_WITHOUT='development:metrics:test' | ||
ARG BUNDLER_VERSION=2.4.6 | ||
ARG POST_BUILD_SCRIPT | ||
|
||
# Get proper node version via nodesource | ||
RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - | ||
RUN bash -vxc "${PRE_INSTALL_SCRIPT:-"echo 'no PRE_INSTALL_SCRIPT provided'"}" | ||
|
||
# Install dependencies | ||
RUN apt-get update \ | ||
&& apt-get upgrade -y \ | ||
&& apt-get install -y ${BUILD_PACKAGES} | ||
RUN export DEBIAN_FRONTEND=noninteractive \ | ||
&& apt-get update \ | ||
&& apt-get upgrade -y \ | ||
&& apt-get install -y --no-install-recommends ${BUILD_PACKAGES} | ||
|
||
RUN apt-get install -y npm | ||
|
||
RUN bash -vxc "${BUILD_SCRIPT:-"echo 'no BUILD_SCRIPT provided'"}" | ||
RUN bash -vxc "${INSTALL_SCRIPT:-"echo 'no INSTALL_SCRIPT provided'"}" | ||
|
||
# Install specific versions of dependencies | ||
RUN gem install bundler:${BUNDLER_VERSION} --no-document | ||
|
||
# TODO: Load artifacts | ||
|
||
# set up app-src directory | ||
COPY . /app-src | ||
WORKDIR /app-src | ||
COPY Gemfile Gemfile.lock ./ | ||
|
||
# Run deployment | ||
RUN bash -vxc "${PRE_BUILD_SCRIPT:-"echo 'no PRE_BUILD_SCRIPT provided'"}" | ||
|
||
# install gems and build the app | ||
RUN bundle config set --local deployment 'true' \ | ||
&& bundle config set --local without ${BUNDLE_WITHOUT} \ | ||
&& bundle config set --local path vendor/bundle \ | ||
&& bundle package \ | ||
&& bundle install \ | ||
&& bundle clean | ||
&& bundle config set --local without ${BUNDLE_WITHOUT} \ | ||
&& bundle package \ | ||
&& bundle install \ | ||
&& bundle clean | ||
|
||
COPY . . | ||
|
||
RUN bash -vxc "${BUILD_SCRIPT:-"echo 'no BUILD_SCRIPT provided'"}" | ||
|
||
RUN bash -vxc "${POST_BUILD_SCRIPT:-"echo 'no POST_BUILD_SCRIPT provided'"}" | ||
|
||
# TODO: Save artifacts | ||
|
||
RUN rm -rf vendor/cache/ .git | ||
RUN rm -rf vendor/cache/ .git spec/ node_modules/ | ||
|
||
|
||
################################# | ||
# Run Stage # | ||
################################# | ||
|
||
# This image will be replaced by Openshift | ||
FROM ruby:3.2 AS app | ||
FROM ruby:${RUBY_VERSION}-slim AS app | ||
|
||
# Set runtime shell | ||
SHELL ["/bin/bash", "-c"] | ||
|
||
# Add user | ||
RUN adduser --disabled-password --uid 1001 --gid 0 --gecos "" app | ||
|
||
ARG BUNDLE_WITHOUT='development:metrics:test' | ||
# arguments for steps | ||
ARG RUN_PACKAGES | ||
ARG BUNDLER_VERSION=2.4.6 | ||
|
||
# Install specific versions of dependencies | ||
RUN gem install bundler:${BUNDLER_VERSION} --no-document | ||
ARG BUNDLER_VERSION | ||
ARG BUNDLE_WITHOUT | ||
|
||
# arguments potentially used by steps | ||
ARG NODE_ENV | ||
ARG RACK_ENV | ||
ARG RAILS_ENV | ||
|
||
# data persisted in the image | ||
ARG PS1 | ||
ARG TZ | ||
ARG BUILD_COMMIT | ||
ARG BUILD_REPO | ||
ARG BUILD_REF | ||
|
||
ENV PS1="${PS1}" \ | ||
TZ="${TZ}" \ | ||
BUILD_REPO="${BUILD_REPO}" \ | ||
BUILD_REF="${BUILD_REF}" \ | ||
BUILD_COMMIT="${BUILD_COMMIT}" \ | ||
NODE_ENV="${NODE_ENV}" \ | ||
RAILS_ENV="${RAILS_ENV}" \ | ||
RACK_ENV="${RACK_ENV}" | ||
|
||
# Install dependencies, remove apt! | ||
RUN apt-get update \ | ||
&& apt-get upgrade -y \ | ||
&& apt-get install -y ${RUN_PACKAGES} \ | ||
&& apt-get install ca-certificates | ||
RUN export DEBIAN_FRONTEND=noninteractive \ | ||
&& apt-get update \ | ||
&& apt-get upgrade -y \ | ||
&& apt-get install -y ${RUN_PACKAGES} vim curl less \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/* \ | ||
&& truncate -s 0 /var/log/*log | ||
|
||
# Copy deployment ready source code from build | ||
COPY --from=build /app-src /app-src | ||
WORKDIR /app-src | ||
|
||
# Set group permissions to app folder | ||
RUN chgrp -R 0 /app-src \ | ||
&& chmod -R u+w,g=u /app-src | ||
# Create pids folder for puma and | ||
# set group permissions to folders that need write permissions | ||
RUN mkdir -p tmp/pids \ | ||
&& chgrp 0 /app-src \ | ||
&& chgrp -R 0 /app-src/tmp \ | ||
&& chgrp -R 0 /app-src/log \ | ||
&& chmod u+w,g=u /app-src \ | ||
&& chmod -R u+w,g=u /app-src/tmp \ | ||
&& chmod -R u+w,g=u /app-src/log | ||
|
||
ENV HOME=/app-src | ||
# support bin-stubs | ||
ENV HOME=/app-src \ | ||
PATH=/app-src/bin:$PATH | ||
|
||
# Install specific versions of dependencies | ||
RUN gem install bundler:${BUNDLER_VERSION} --no-document | ||
|
||
# Use cached gems | ||
RUN bundle config set --local deployment 'true' \ | ||
&& bundle config set --local without ${BUNDLE_WITHOUT} \ | ||
&& bundle config set --local path vendor/bundle \ | ||
&& bundle | ||
&& bundle config set --local without ${BUNDLE_WITHOUT} \ | ||
&& bundle install | ||
|
||
USER 1001 | ||
|
||
CMD ["bundle", "exec", "puma", "-t", "8"] | ||
CMD ["bundle", "exec", "puma"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters