Refactor how the Dockerfile is configured

This will allow things to run on kubernetes with strict pod security policies in place. - Install all gems and binaries within /home/bandiera as the root user - Run as an unprivileged user (id: 2000, name: bandiera) - Remove some warnings when starting up puma
dazoakley · Nov 16, 2021 · b265e7b · b265e7b
1 parent 944c9cb
commit b265e7b
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 14 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -8,18 +8,19 @@ RUN apk update && \
   update-ca-certificates && \
   rm -rf /var/cache/apk/*
 
-RUN addgroup bandiera && \
-  adduser -D -G bandiera -h /home/bandiera bandiera
+RUN gem install bundler
 
-WORKDIR /home/bandiera
+RUN addgroup -S -g 2000 bandiera && \
+  adduser -S -u 2000 -D -G bandiera -h /home/bandiera bandiera
 
-RUN gem install bundler
+WORKDIR /home/bandiera
 
 COPY Gemfile Gemfile
 COPY Gemfile.lock Gemfile.lock
 
 RUN bundle config set --local without 'test' && \
   bundle config set --local deployment 'true' && \
+  bundle config set --local bin /home/bandiera/bin && \
   bundle config set --local frozen 'true' && \
   bundle install --jobs 4
 

diff --git a/config/puma.rb b/config/puma.rb
@@ -7,24 +7,18 @@
 require 'bandiera'
 
 port              = Integer(ENV['PORT'] || 5000)
-unix_socket       = ENV['SOCKET'] || '/tmp/bandiera.sock'
-
-no_of_processes   = Integer(ENV['PROCESSES'] || 1)
+no_of_processes   = Integer(ENV['PROCESSES'] || 0)
 min_no_of_threads = Integer(ENV['MIN_THREADS'] || 8)
 max_no_of_threads = Integer(ENV['MAX_THREADS'] || 32)
 
 tag               'bandiera'
 environment       ENV['RACK_ENV'] || 'production'
 worker_timeout    15
 
-pidfile           ENV['PID_FILE'] if ENV['PID_FILE']
-state_path        ENV['STATE_FILE'] if ENV['STATE_FILE']
-
 threads           min_no_of_threads, max_no_of_threads
 workers           no_of_processes
 
 bind              "tcp://0.0.0.0:#{port}"
-bind              "unix://#{unix_socket}"
 
 preload_app!
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,4 +1,8 @@
 #!/bin/sh
 
-bundle exec rake db:migrate
-bundle exec puma
+echo "Running database migrations..."
+bin/rake db:migrate
+echo "Database migrations complete."
+
+echo "Starting up application..."
+bin/puma -C config/puma.rb
diff --git a/lib/bandiera/version.rb b/lib/bandiera/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bandiera
-  VERSION = '4.0.0'
+  VERSION = '4.0.2'
 end