-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
144 lines (131 loc) · 4.77 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
FROM buildpack-deps:bullseye
# i stole everything below from
# https://github.com/docker-library/ruby/blob/924602dc917e27f8af6b35f838d11e7f3f39b2dc/2.4/stretch/Dockerfile
ENV RUBY_MAJOR 2.4
ENV RUBY_VERSION 2.4.9
ENV RUBY_DOWNLOAD_SHA256 0c4e000253ef7187feeb940a01a1c7594f28d63aa16f978e892a0e2864f58614
ENV RUBYGEMS_VERSION 3.0.3
# some of ruby's build scripts are written in ruby
# we purge system ruby later to make sure our final image uses what we just built
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
apt-get update; \
apt-get install -y --no-install-recommends \
bison \
dpkg-dev \
libgdbm-dev \
ruby \
; \
rm -rf /var/lib/apt/lists/*; \
\
wget -O ruby.tar.xz "https://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR%-rc}/ruby-$RUBY_VERSION.tar.xz"; \
echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict; \
\
mkdir -p /usr/src/ruby; \
tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1; \
rm ruby.tar.xz; \
\
cd /usr/src/ruby; \
\
# hack in "ENABLE_PATH_CHECK" disabling to suppress:
# warning: Insecure world writable dir
{ \
echo '#define ENABLE_PATH_CHECK 0'; \
echo; \
cat file.c; \
} > file.c.new; \
mv file.c.new file.c; \
\
autoconf; \
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
./configure \
--build="$gnuArch" \
--disable-install-doc \
--enable-shared \
; \
make -j "$(nproc)"; \
make install; \
\
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark > /dev/null; \
find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
\
cd /; \
rm -r /usr/src/ruby; \
# make sure bundled "rubygems" is older than RUBYGEMS_VERSION (https://github.com/docker-library/ruby/issues/246)
ruby -e 'exit(Gem::Version.create(ENV["RUBYGEMS_VERSION"]) > Gem::Version.create(Gem::VERSION))'; \
gem update --system "$RUBYGEMS_VERSION" && rm -r /root/.gem/; \
# verify we have no "ruby" packages installed
! dpkg -l | grep -i ruby; \
[ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \
# rough smoke test
ruby --version; \
gem --version; \
bundle --version
# install things globally, for great justice
# and don't create ".bundle" in all our apps
ENV GEM_HOME /usr/local/bundle
ENV BUNDLE_PATH="$GEM_HOME" \
BUNDLE_SILENCE_ROOT_WARNING=1 \
BUNDLE_APP_CONFIG="$GEM_HOME"
# path recommendation: https://github.com/bundler/bundler/pull/6469#issuecomment-383235438
ENV PATH $GEM_HOME/bin:$BUNDLE_PATH/gems/bin:$PATH
# adjust permissions of a few directories for running "gem install" as an arbitrary user
RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
# (BUNDLE_PATH = GEM_HOME, no need to mkdir/chown both)
# app related envs
ARG S6_OVERLAY_VERSION=3.1.5.0
ARG USERNAME=tf2livestats
ARG UID=1000
ARG GID=1000
ENV S6_KEEP_ENV=1
ENV RAILS_ENV=production
ENV BUNDLE_DEPLOYMENT=true
ENV BUNDLE_PATH=/var/www/tf2_live_stats/vendor/bundle
ENV LOG_LISTENER_ADDRESS=0.0.0.0
ENV LOG_LISTENER_PORT=20001
ENV WEBSOCKET_PORT=9001
ENV HTTP_USERNAME=vtvonly
ENV HTTP_PASSWORD=hahasupersecretfunnypassword
ENV PUBLIC_PORT=3020
ENV DB_NAME=live_log_development
ENV DB_ADDRESS=db
ENV DB_USERNAME=tf2livestats
ENV DB_PASSWORD=anothersuperfunnypassword
ENV SECRET_TOKEN=hahaanothersuperlongandsuperfunnypasswordwhichisverylongtrustme
ENV COOKIE_STORE=_tf2_live_stats_session
ENV REDIS_ADDRESS=redis
ENV REDIS_PORT=6379
ENV MEMCACHED_ADDRESS=memcached
ENV MEMCACHED_PORT=11211
WORKDIR /var/www/tf2_live_stats
COPY . .
RUN cp -r docker/* / && \
mkdir /var/www/tf2_live_stats/log && \
ln -s /dev/stdout /var/www/tf2_live_stats/log/production.log && \
ln -s /dev/stdout /var/www/tf2_live_stats/log/development.log && \
ln -s /dev/stdout /var/www/tf2_live_stats/log/test.log && \
ln -s /dev/stdout /var/www/tf2_live_stats/log/thin.${PUBLIC_PORT}.log && \
ln -s /dev/stdout /var/www/tf2_live_stats/log/websocket_rails.log && \
groupadd -g $GID -o $USERNAME && \
useradd -m -d /var/www/tf2_live_stats -u $UID -g $GID -o -s /bin/bash $USERNAME && \
chown -R $UID:$GID /var/www/tf2_live_stats
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz
ADD https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-x86_64.tar.xz /tmp
RUN tar -C / -Jxpf /tmp/s6-overlay-x86_64.tar.xz
USER $USERNAME
RUN DEBUG_RESOLVER=1 bundle install --verbose && \
bundle exec rake assets:precompile
ENTRYPOINT ["/init"]
HEALTHCHECK --interval=15s --timeout=5s --retries=3 CMD \
curl -u $HTTP_USERNAME:$HTTP_PASSWORD --fail localhost:$PUBLIC_PORT || exit 1