-
Notifications
You must be signed in to change notification settings - Fork 113
/
production.Dockerfile
35 lines (26 loc) · 1.18 KB
/
production.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# Use build to install our required Gems
FROM logindotgov/build as build
# Everything happens here from now on
WORKDIR /idp
# Prod Gems
COPY Gemfile Gemfile.lock ./
RUN bundle install --deployment --clean --without development test
# Prod NPM packages
COPY package.json yarn.lock ./
RUN NODE_ENV=production yarn install --force \
&& yarn cache clean
# Switch to base image
FROM logindotgov/base
WORKDIR /idp
# Copy Gems, NPMs, and other relevant items from build layer
COPY --chown=appuser:appuser --from=build /idp .
# Copy in whole source (minus items matched in .dockerignore)
COPY --chown=appuser:appuser . .
COPY --chown=appuser:appuser --from=build /usr/local/bundle/config /usr/local/bundle
RUN mkdir -p /idp/log /usr/local/share/aws ; chown appuser /idp/log
# update CA certs so that we can trust RDS
RUN curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem > /usr/local/share/aws/rds-combined-ca-bundle.pem && grep 'END CERTIFICATE' /usr/local/share/aws/rds-combined-ca-bundle.pem >/dev/null
# Up to this point we've been root, change to a lower priv. user
USER appuser
EXPOSE 3000
CMD ["bundle", "exec", "rackup", "config.ru", "--host", "0.0.0.0", "--port", "3000"]