85 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
			
		
		
	
	
			85 lines
		
	
	
		
			2.8 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
| FROM alpine:3.7
 | |
| MAINTAINER Disassembler <disassembler@dasm.cz>
 | |
| 
 | |
| RUN \
 | |
|  # Install NodeJS runtime
 | |
|  apk --no-cache add nodejs paxctl \
 | |
|  # Fix grsec attributes to loosen memory protection restrictions
 | |
|  && paxctl -cm /usr/bin/node \
 | |
|  # Cleanup
 | |
|  && apk del paxctl
 | |
| 
 | |
| RUN \
 | |
|  # Install Ruby runtime dependencies
 | |
|  apk --no-cache add gdbm libressl readline zlib
 | |
| 
 | |
| RUN \
 | |
|  # Install Ruby build dependencies
 | |
|  apk --no-cache add --virtual .deps build-base autoconf gdbm-dev libressl-dev linux-headers readline-dev zlib-dev \
 | |
|  # Download and unpack Ruby
 | |
|  && wget http://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.6.tar.xz -O ruby.tar.xz \
 | |
|  && mkdir -p /usr/src/ruby \
 | |
|  && tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1 \
 | |
|  && rm ruby.tar.xz \
 | |
|  && cd /usr/src/ruby \
 | |
|  # Hackfix to suppress "Insecure world writable dir" warning
 | |
|  && sed -ni 'p;13a #define ENABLE_PATH_CHECK 0' file.c \
 | |
|  # Configure compilation + hackfix to detect isnan/isinf macros
 | |
|  && autoconf \
 | |
|  && ac_cv_func_isnan=yes ac_cv_func_isinf=yes ./configure --build=x86_64-linux-musl --disable-install-doc --enable-shared \
 | |
|  # Compile and install Ruby
 | |
|  && make -j $(nproc) \
 | |
|  && make install \
 | |
|  # Install RubyGems and Bundler
 | |
|  && mkdir -p /usr/local/etc \
 | |
|  && echo -e 'install: --no-document\nupdate: --no-document' >/usr/local/etc/gemrc \
 | |
|  && gem update --system \
 | |
|  # Cleanup
 | |
|  && cd /tmp \
 | |
|  && rm -r /usr/src/ruby \
 | |
|  && apk del .deps \
 | |
|  && rm -rf /root \
 | |
|  && mkdir /root
 | |
| 
 | |
| ENV RAILS_ENV production
 | |
| 
 | |
| RUN \
 | |
|  # Install runtime dependencies
 | |
|  apk --no-cache add libpq libxml2 libxslt tzdata
 | |
| 
 | |
| RUN \
 | |
|  # Install build dependencies
 | |
|  apk --no-cache add --virtual .deps build-base git libxml2-dev libxslt-dev linux-headers postgresql-dev yarn zlib-dev \
 | |
|  # Clone CrisisCleanup
 | |
|  && git clone --depth 1 https://github.com/CrisisCleanup/crisiscleanup /srv/crisiscleanup \
 | |
|  # Hackfix ruby dependency versions
 | |
|  && sed -i 's/2\.2\.5/2.3.6/' /srv/crisiscleanup/Gemfile \
 | |
|  && sed -i 's/rdoc (4\.2\.0)/rdoc (4.3.0)/' /srv/crisiscleanup/Gemfile.lock \
 | |
|  # Install Ruby and NodeJS dependencies
 | |
|  && cd /srv/crisiscleanup \
 | |
|  && bundle config build.nokogiri --use-system-libraries \
 | |
|  && bundle install \
 | |
|  && npm install \
 | |
|  && yarn \
 | |
|  # Create CrisisCleanup secret
 | |
|  && echo -e "production:\n  secret_key_base: $(rake secret)" >/srv/crisiscleanup/config/secrets.yml \
 | |
|  # Generate static resources
 | |
|  && rake assets:precompile \
 | |
|  # Create OS user
 | |
|  && addgroup -S -g 8005 crisiscleanup \
 | |
|  && adduser -S -u 8005 -h /srv/crisiscleanup -s /bin/false -g crisiscleanup -G crisiscleanup crisiscleanup \
 | |
|  && chown -R crisiscleanup:crisiscleanup /srv/crisiscleanup \
 | |
|  # Cleanup
 | |
|  && apk del .deps \
 | |
|  && rm -rf /srv/crisiscleanup/.git* \
 | |
|  && rm -rf /usr/local/share/.cache \
 | |
|  && rm -rf /root \
 | |
|  && mkdir /root
 | |
| 
 | |
| VOLUME ["/srv/crisiscleanup/config"]
 | |
| EXPOSE 8005
 | |
| 
 | |
| USER crisiscleanup
 | |
| WORKDIR /srv/crisiscleanup
 | |
| CMD ["rails", "server"]
 |