Bring vanilla versions for Dockerfile and deploy config, we are moving those to the private saas gem
This commit is contained in:
+40
-41
@@ -1,77 +1,76 @@
|
||||
# syntax=docker/dockerfile:1
|
||||
# check=error=true
|
||||
|
||||
# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
|
||||
# docker build -t fizzy .
|
||||
# docker run -d -p 80:80 -e RAILS_MASTER_KEY=<value from config/master.key> --name fizzy fizzy
|
||||
|
||||
# For a containerized dev environment, see Dev Containers: https://guides.rubyonrails.org/getting_started_with_devcontainer.html
|
||||
|
||||
# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
|
||||
ARG RUBY_VERSION=3.4.7
|
||||
FROM registry.docker.com/library/ruby:$RUBY_VERSION-slim AS base
|
||||
FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
|
||||
|
||||
# Rails app lives here
|
||||
WORKDIR /rails
|
||||
|
||||
# Set production environment
|
||||
# Install base packages
|
||||
RUN apt-get update -qq && \
|
||||
apt-get install --no-install-recommends -y curl libjemalloc2 libvips sqlite3 && \
|
||||
ln -s /usr/lib/$(uname -m)-linux-gnu/libjemalloc.so.2 /usr/local/lib/libjemalloc.so && \
|
||||
rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||
|
||||
# Set production environment variables and enable jemalloc for reduced memory usage and latency.
|
||||
ENV RAILS_ENV="production" \
|
||||
BUNDLE_DEPLOYMENT="1" \
|
||||
BUNDLE_PATH="/usr/local/bundle" \
|
||||
BUNDLE_WITHOUT="development"
|
||||
|
||||
BUNDLE_WITHOUT="development" \
|
||||
LD_PRELOAD="/usr/local/lib/libjemalloc.so"
|
||||
|
||||
# Throw-away build stage to reduce size of final image
|
||||
FROM base AS build
|
||||
|
||||
# Install packages needed to build gems
|
||||
RUN apt-get update -qq && \
|
||||
apt-get install -y --no-install-recommends -y build-essential pkg-config git libvips libyaml-dev libssl-dev && \
|
||||
apt-get install --no-install-recommends -y build-essential git libyaml-dev pkg-config && \
|
||||
rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||
|
||||
# Install application gems
|
||||
COPY Gemfile Gemfile.lock .ruby-version ./
|
||||
COPY lib/fizzy.rb ./lib/fizzy.rb
|
||||
COPY gems ./gems/
|
||||
RUN --mount=type=secret,id=GITHUB_TOKEN --mount=type=cache,id=fizzy-permabundle-${RUBY_VERSION},sharing=locked,target=/permabundle \
|
||||
gem install bundler && \
|
||||
BUNDLE_PATH=/permabundle BUNDLE_GITHUB__COM="$(cat /run/secrets/GITHUB_TOKEN):x-oauth-basic" bundle install && \
|
||||
cp -a /permabundle/. "$BUNDLE_PATH"/ && \
|
||||
bundle clean --force && \
|
||||
rm -rf "$BUNDLE_PATH"/ruby/*/bundler/gems/*/.git && \
|
||||
find "$BUNDLE_PATH" -type f \( -name '*.gem' -o -iname '*.a' -o -iname '*.o' -o -iname '*.h' -o -iname '*.c' -o -iname '*.hpp' -o -iname '*.cpp' \) -delete && \
|
||||
bundle exec bootsnap precompile --gemfile
|
||||
COPY Gemfile Gemfile.lock vendor ./
|
||||
|
||||
RUN bundle install && \
|
||||
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
|
||||
# -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495
|
||||
bundle exec bootsnap precompile -j 1 --gemfile
|
||||
|
||||
# Copy application code
|
||||
COPY . .
|
||||
|
||||
# Precompile bootsnap code for faster boot times
|
||||
RUN bundle exec bootsnap precompile app/ lib/
|
||||
# Precompile bootsnap code for faster boot times.
|
||||
# -j 1 disable parallel compilation to avoid a QEMU bug: https://github.com/rails/bootsnap/issues/495
|
||||
RUN bundle exec bootsnap precompile -j 1 app/ lib/
|
||||
|
||||
# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
|
||||
RUN SECRET_KEY_BASE_DUMMY=1 ./bin/rails assets:precompile
|
||||
|
||||
|
||||
|
||||
|
||||
# Final stage for app image
|
||||
FROM base
|
||||
|
||||
# Install packages needed for deployment
|
||||
RUN apt-get update -qq && \
|
||||
apt-get install --no-install-recommends -y curl libsqlite3-0 libvips build-essential ffmpeg groff libreoffice-writer libreoffice-impress libreoffice-calc mupdf-tools sqlite3 libjemalloc-dev && \
|
||||
rm -rf /var/lib/apt/lists /var/cache/apt/archives
|
||||
# Run and own only the runtime files as a non-root user for security
|
||||
RUN groupadd --system --gid 1000 rails && \
|
||||
useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash
|
||||
USER 1000:1000
|
||||
|
||||
# Copy built artifacts: gems, application
|
||||
COPY --from=build /usr/local/bundle /usr/local/bundle
|
||||
COPY --from=build /rails /rails
|
||||
|
||||
# Run and own only the runtime files as a non-root user for security
|
||||
RUN useradd rails --create-home --shell /bin/bash && \
|
||||
chown -R rails:rails db log storage tmp
|
||||
USER rails:rails
|
||||
COPY --chown=rails:rails --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
|
||||
COPY --chown=rails:rails --from=build /rails /rails
|
||||
|
||||
# Entrypoint prepares the database.
|
||||
ENTRYPOINT ["/rails/bin/docker-entrypoint"]
|
||||
|
||||
# Ruby GC tuning values pulled from Autotuner recommendations
|
||||
ENV RUBY_GC_HEAP_0_INIT_SLOTS=692636 \
|
||||
RUBY_GC_HEAP_1_INIT_SLOTS=175943 \
|
||||
RUBY_GC_HEAP_2_INIT_SLOTS=148807 \
|
||||
RUBY_GC_HEAP_3_INIT_SLOTS=9169 \
|
||||
RUBY_GC_HEAP_4_INIT_SLOTS=3054 \
|
||||
RUBY_GC_MALLOC_LIMIT=33554432 \
|
||||
RUBY_GC_MALLOC_LIMIT_MAX=67108864 \
|
||||
LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2
|
||||
|
||||
# Start the server by default, this can be overwritten at runtime
|
||||
EXPOSE 80 443 9394
|
||||
# Start server via Thruster by default, this can be overwritten at runtime
|
||||
EXPOSE 80
|
||||
CMD ["./bin/thrust", "./bin/rails", "server"]
|
||||
|
||||
@@ -0,0 +1,120 @@
|
||||
# Name of your application. Used to uniquely configure containers.
|
||||
service: fizzy
|
||||
|
||||
# Name of the container image (use your-user/app-name on external registries).
|
||||
image: fizzy
|
||||
|
||||
# Deploy to these servers.
|
||||
servers:
|
||||
web:
|
||||
- 192.168.0.1
|
||||
# job:
|
||||
# hosts:
|
||||
# - 192.168.0.1
|
||||
# cmd: bin/jobs
|
||||
|
||||
# Enable SSL auto certification via Let's Encrypt and allow for multiple apps on a single web server.
|
||||
# If used with Cloudflare, set encryption mode in SSL/TLS setting to "Full" to enable CF-to-app encryption.
|
||||
#
|
||||
# Using an SSL proxy like this requires turning on config.assume_ssl and config.force_ssl in production.rb!
|
||||
#
|
||||
# Don't use this when deploying to multiple web servers (then you have to terminate SSL at your load balancer).
|
||||
#
|
||||
# proxy:
|
||||
# ssl: true
|
||||
# host: app.example.com
|
||||
|
||||
# Where you keep your container images.
|
||||
registry:
|
||||
# Alternatives: hub.docker.com / registry.digitalocean.com / ghcr.io / ...
|
||||
server: localhost:5555
|
||||
|
||||
# Needed for authenticated registries.
|
||||
# username: your-user
|
||||
|
||||
# Always use an access token rather than real password when possible.
|
||||
# password:
|
||||
# - KAMAL_REGISTRY_PASSWORD
|
||||
|
||||
# Inject ENV variables into containers (secrets come from .kamal/secrets).
|
||||
env:
|
||||
secret:
|
||||
- RAILS_MASTER_KEY
|
||||
clear:
|
||||
# Run the Solid Queue Supervisor inside the web server's Puma process to do jobs.
|
||||
# When you start using multiple servers, you should split out job processing to a dedicated machine.
|
||||
SOLID_QUEUE_IN_PUMA: true
|
||||
|
||||
# Set number of processes dedicated to Solid Queue (default: 1)
|
||||
# JOB_CONCURRENCY: 3
|
||||
|
||||
# Set number of cores available to the application on each server (default: 1).
|
||||
# WEB_CONCURRENCY: 2
|
||||
|
||||
# Match this to any external database server to configure Active Record correctly
|
||||
# Use fizzy-db for a db accessory server on same machine via local kamal docker network.
|
||||
# DB_HOST: 192.168.0.2
|
||||
|
||||
# Log everything from Rails
|
||||
# RAILS_LOG_LEVEL: debug
|
||||
|
||||
# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
|
||||
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
|
||||
aliases:
|
||||
console: app exec --interactive --reuse "bin/rails console"
|
||||
shell: app exec --interactive --reuse "bash"
|
||||
logs: app logs -f
|
||||
dbc: app exec --interactive --reuse "bin/rails dbconsole --include-password"
|
||||
|
||||
# Use a persistent storage volume for sqlite database files and local Active Storage files.
|
||||
# Recommended to change this to a mounted volume path that is backed up off server.
|
||||
volumes:
|
||||
- "fizzy_storage:/rails/storage"
|
||||
|
||||
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
|
||||
# hitting 404 on in-flight requests. Combines all files from new and old
|
||||
# version inside the asset_path.
|
||||
asset_path: /rails/public/assets
|
||||
|
||||
|
||||
# Configure the image builder.
|
||||
builder:
|
||||
arch: amd64
|
||||
|
||||
# # Build image via remote server (useful for faster amd64 builds on arm64 computers)
|
||||
# remote: ssh://docker@docker-builder-server
|
||||
#
|
||||
# # Pass arguments and secrets to the Docker build process
|
||||
# args:
|
||||
# RUBY_VERSION: ruby-3.4.7
|
||||
# secrets:
|
||||
# - GITHUB_TOKEN
|
||||
# - RAILS_MASTER_KEY
|
||||
|
||||
# Use a different ssh user than root
|
||||
# ssh:
|
||||
# user: app
|
||||
|
||||
# Use accessory services (secrets come from .kamal/secrets).
|
||||
# accessories:
|
||||
# db:
|
||||
# image: mysql:8.0
|
||||
# host: 192.168.0.2
|
||||
# # Change to 3306 to expose port to the world instead of just local network.
|
||||
# port: "127.0.0.1:3306:3306"
|
||||
# env:
|
||||
# clear:
|
||||
# MYSQL_ROOT_HOST: '%'
|
||||
# secret:
|
||||
# - MYSQL_ROOT_PASSWORD
|
||||
# files:
|
||||
# - config/mysql/production.cnf:/etc/mysql/my.cnf
|
||||
# - db/production.sql:/docker-entrypoint-initdb.d/setup.sql
|
||||
# directories:
|
||||
# - data:/var/lib/mysql
|
||||
# redis:
|
||||
# image: valkey/valkey:8
|
||||
# host: 192.168.0.2
|
||||
# port: 6379
|
||||
# directories:
|
||||
# - data:/data
|
||||
Reference in New Issue
Block a user