diff --git a/Dockerfile b/Dockerfile index 8491869..8099246 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Make sure RUBY_VERSION matches the Ruby version in .ruby-version ARG RUBY_VERSION=4.0.1 -FROM ruby:$RUBY_VERSION-slim AS base +FROM ruby:$RUBY_VERSION-alpine AS base LABEL fly_launch_runtime="rails" @@ -15,9 +15,7 @@ RUN gem update --system --no-document && \ gem install -N bundler # Install base packages -RUN apt-get update -qq && \ - apt-get install --no-install-recommends -y curl libjemalloc2 postgresql-client && \ - rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN apk add --no-cache curl jemalloc postgresql-client tzdata # Set production environment ENV BUNDLE_DEPLOYMENT="1" \ @@ -30,9 +28,7 @@ ENV BUNDLE_DEPLOYMENT="1" \ FROM base AS prebuild # Install packages needed to build gems and node modules -RUN apt-get update -qq && \ - apt-get install --no-install-recommends -y build-essential git libpq-dev libyaml-dev node-gyp pkg-config python-is-python3 && \ - rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN apk add --no-cache build-base git gyp libpq-dev pkgconfig python3 yaml-dev FROM prebuild AS node @@ -40,9 +36,10 @@ FROM prebuild AS node # Install Node.js ARG NODE_VERSION=24.14.0 ENV PATH=/usr/local/node/bin:$PATH -RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \ - /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \ - rm -rf /tmp/node-build-master +RUN curl -sL https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64-musl.tar.gz | tar xz -C /tmp/ && \ + mkdir /usr/local/node && \ + cp -rp /tmp/node-v${NODE_VERSION}-linux-x64-musl/* /usr/local/node/ && \ + rm -rf /tmp/node-v${NODE_VERSION}-linux-x64-musl # Install node modules COPY package.json ./ @@ -79,17 +76,15 @@ RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile FROM base # Install packages needed for deployment -RUN apt-get update -qq && \ - apt-get install --no-install-recommends -y gzip && \ - rm -rf /var/lib/apt/lists /var/cache/apt/archives +RUN apk add --no-cache gzip libpq # Copy built artifacts: gems, application COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}" COPY --from=build /rails /rails # Run and own only the runtime files as a non-root user for security -RUN groupadd --system --gid 1000 rails && \ - useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \ +RUN addgroup --system --gid 1000 rails && \ + adduser --system rails --uid 1000 --ingroup rails --home /home/rails --shell /bin/sh rails && \ chown -R 1000:1000 db log tmp USER 1000:1000 diff --git a/Gemfile.lock b/Gemfile.lock index 2f58fb1..7452c7a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -164,6 +164,8 @@ GEM nio4r (2.7.5) nokogiri (1.19.1-aarch64-linux-gnu) racc (~> 1.4) + nokogiri (1.19.1-aarch64-linux-musl) + racc (~> 1.4) nokogiri (1.19.1-arm64-darwin) racc (~> 1.4) nokogiri (1.19.1-x86_64-linux-gnu) @@ -177,6 +179,7 @@ GEM racc pg (1.6.3) pg (1.6.3-aarch64-linux) + pg (1.6.3-aarch64-linux-musl) pg (1.6.3-arm64-darwin) pg (1.6.3-x86_64-linux) pg (1.6.3-x86_64-linux-musl) @@ -334,6 +337,7 @@ GEM PLATFORMS aarch64-linux + aarch64-linux-musl arm64-darwin x86_64-linux x86_64-linux-musl @@ -420,6 +424,7 @@ CHECKSUMS net-smtp (0.5.1) sha256=ed96a0af63c524fceb4b29b0d352195c30d82dd916a42f03c62a3a70e5b70736 nio4r (2.7.5) sha256=6c90168e48fb5f8e768419c93abb94ba2b892a1d0602cb06eef16d8b7df1dca1 nokogiri (1.19.1-aarch64-linux-gnu) sha256=cfdb0eafd9a554a88f12ebcc688d2b9005f9fce42b00b970e3dc199587b27f32 + nokogiri (1.19.1-aarch64-linux-musl) sha256=1e2150ab43c3b373aba76cd1190af7b9e92103564063e48c474f7600923620b5 nokogiri (1.19.1-arm64-darwin) sha256=dfe2d337e6700eac47290407c289d56bcf85805d128c1b5a6434ddb79731cb9e nokogiri (1.19.1-x86_64-linux-gnu) sha256=1a4902842a186b4f901078e692d12257678e6133858d0566152fe29cdb98456a nokogiri (1.19.1-x86_64-linux-musl) sha256=4267f38ad4fc7e52a2e7ee28ed494e8f9d8eb4f4b3320901d55981c7b995fc23 @@ -428,6 +433,7 @@ CHECKSUMS parser (3.3.10.2) sha256=6f60c84aa4bdcedb6d1a2434b738fe8a8136807b6adc8f7f53b97da9bc4e9357 pg (1.6.3) sha256=1388d0563e13d2758c1089e35e973a3249e955c659592d10e5b77c468f628a99 pg (1.6.3-aarch64-linux) sha256=0698ad563e02383c27510b76bf7d4cd2de19cd1d16a5013f375dd473e4be72ea + pg (1.6.3-aarch64-linux-musl) sha256=06a75f4ea04b05140146f2a10550b8e0d9f006a79cdaf8b5b130cde40e3ecc2c pg (1.6.3-arm64-darwin) sha256=7240330b572e6355d7c75a7de535edb5dfcbd6295d9c7777df4d9dddfb8c0e5f pg (1.6.3-x86_64-linux) sha256=5d9e188c8f7a0295d162b7b88a768d8452a899977d44f3274d1946d67920ae8d pg (1.6.3-x86_64-linux-musl) sha256=9c9c90d98c72f78eb04c0f55e9618fe55d1512128e411035fe229ff427864009 @@ -489,4 +495,4 @@ RUBY VERSION ruby 4.0.1p0 BUNDLED WITH - 4.0.7 + 4.0.8 diff --git a/bin/docker-entrypoint b/bin/docker-entrypoint index 9268499..c12e7ae 100755 --- a/bin/docker-entrypoint +++ b/bin/docker-entrypoint @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # Enable jemalloc for reduced memory usage and latency. if [ -z "${LD_PRELOAD+x}" ]; then diff --git a/config/dockerfile.yml b/config/dockerfile.yml index 438472a..59fdd56 100644 --- a/config/dockerfile.yml +++ b/config/dockerfile.yml @@ -2,6 +2,7 @@ --- options: + alpine: true bin-cd: true gemfile-updates: false label: