# syntax = docker/dockerfile:1 # Make sure it matches the Ruby version in .ruby-version and Gemfile ARG RUBY_VERSION=3.4.5 FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base # Rails app lives here WORKDIR /rails # Install base packages RUN apt-get update -qq && \ apt-get install --no-install-recommends -y curl libsqlite3-0 libvips libjemalloc2 ffmpeg redis && \ ln -s /usr/lib/$(uname -m)-linux-gnu/libjemalloc.so.2 /usr/local/lib/libjemalloc.so && \ rm -rf /var/lib/apt/lists /var/cache/apt/archive # Set production environment ENV RAILS_ENV="production" \ BUNDLE_DEPLOYMENT="1" \ BUNDLE_PATH="/usr/local/bundle" \ BUNDLE_WITHOUT="development" \ LD_PRELOAD="/usr/local/lib/libjemalloc.so" # Throw-away build stage to reduce size of final image FROM base AS build # Install packages need to build gems RUN apt-get update -qq && \ apt-get install -y build-essential git pkg-config libyaml-dev && \ rm -rf /var/lib/apt/lists /var/cache/apt/archives # Install application gems COPY Gemfile Gemfile.lock vendor ./ RUN bundle install && \ rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git # Copy application code COPY . . # Precompiling assets for production without requiring secret RAILS_MASTER_KEY RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile # Final stage for app image FROM base # Image metadata ARG OCI_DESCRIPTION LABEL org.opencontainers.image.description="${OCI_DESCRIPTION}" ARG OCI_SOURCE LABEL org.opencontainers.image.source="${OCI_SOURCE}" LABEL org.opencontainers.image.licenses="MIT" # Run and own only the runtime files as a non-root user for security RUN groupadd --system --gid 1000 rails && \ useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash USER 1000:1000 # Configure environment defaults ENV HTTP_IDLE_TIMEOUT=60 ENV HTTP_READ_TIMEOUT=300 ENV HTTP_WRITE_TIMEOUT=300 # Copy built artifacts: gems, application COPY --from=build --chown=rails:rails /usr/local/bundle /usr/local/bundle COPY --from=build --chown=rails:rails /rails /rails # Set version and revision ARG APP_VERSION ENV APP_VERSION=$APP_VERSION ARG GIT_REVISION ENV GIT_REVISION=$GIT_REVISION # Expose ports for HTTP and HTTPS EXPOSE 80 443 # Start the server by default, this can be overwritten at runtime CMD ["bin/boot"]