From 59e80b7a4d793270816d3ebe217af1e067053f0d Mon Sep 17 00:00:00 2001 From: Earlopain Date: Tue, 16 Nov 2021 21:32:40 +0100 Subject: [PATCH] [Docker] Implement recommendations from review * Use alpine as the base image * Parallelize bundle install Using alpine as base make is feasable to use the provides vips library. The version is actually newer than what was installed previously. Other stuff I did: * Set SECRET_TOKEN/SESSION_SECRET_KEY from docker-compose * Mute elasticsearch startup logspam * Execute image as root. This means mounted volume do'nt need to be chowned --- Dockerfile | 64 ++++---------------------------------- bin/setup | 2 +- docker-compose.yml | 8 +++-- docker/postgres/Dockerfile | 9 +++--- 4 files changed, 16 insertions(+), 67 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0dfa32895..5e8999497 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,68 +1,16 @@ -FROM ruby:2.7.3 -ARG DEBIAN_FRONTEND=noninteractive +FROM ruby:2.7.3-alpine -RUN apt-get update \ - && apt-get install -y gnupg2 wget \ - && rm -rf /var/lib/apt/lists/* +# Dependencies for setup and runtime +RUN apk --no-cache add nodejs yarn postgresql-client ffmpeg vips tzdata \ + git build-base postgresql-dev glib-dev -# Add custom sources -RUN wget -qO - https://deb.nodesource.com/setup_14.x | bash - >/dev/null 2>&1 \ - && wget -qO - https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \ - && echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list \ - && wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \ - && echo "deb https://apt.postgresql.org/pub/repos/apt/ buster-pgdg main" > /etc/apt/sources.list.d/pgdg.list -RUN apt-get update \ - && apt-get install -y ffmpeg postgresql-client-12 nodejs yarn nginx build-essential pkg-config sudo nano \ - && rm -rf /var/lib/apt/lists/* - -# User setup -RUN useradd -m -s /bin/bash -U danbooru \ - && usermod -aG www-data danbooru \ - && echo "%danbooru ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/danbooru - -# libvips -ARG VIPS_DEPS="libglib2.0-dev libexpat1-dev liblcms2-dev optipng libjpeg62-turbo-dev libjpeg-progs libgif-dev libpng-dev libexif-dev" -ARG VIPS_VERSION=8.10.5 -RUN apt-get update \ - && apt-get install -y $VIPS_DEPS \ - && rm -rf /var/lib/apt/lists/* \ - && cd /tmp \ - && wget -q https://github.com/libvips/libvips/releases/download/v$VIPS_VERSION/vips-$VIPS_VERSION.tar.gz \ - && tar xf vips-$VIPS_VERSION.tar.gz \ - && cd vips-$VIPS_VERSION \ - && ./configure --prefix=/usr \ - && make install \ - && rm /tmp/vips-$VIPS_VERSION.tar.gz \ - && rm -rf /tmp/vips-$VIPS_VERSION +# Nice to have packages +RUN apk --no-cache add nano sudo bash # shoreman RUN wget -O /usr/bin/shoreman https://github.com/chrismytton/shoreman/raw/master/shoreman.sh \ && chmod +x /usr/bin/shoreman -# prevent permission issues with volume mounts -RUN mkdir /app \ - && chown danbooru:danbooru /app \ - && mkdir /app/public \ - && chown danbooru:danbooru /app/public \ - && mkdir /app/node_modules \ - && mkdir /app/public/packs \ - && mkdir /app/public/packs-test \ - && mkdir /app/public/data \ - && chown danbooru:danbooru /app/node_modules \ - && chown danbooru:danbooru /app/public/packs \ - && chown danbooru:danbooru /app/public/packs-test \ - && chown danbooru:danbooru /app/public/data \ - && mkdir /home/danbooru/gems \ - && chown danbooru:danbooru /home/danbooru/gems - -USER danbooru - -# Setup secrets -RUN mkdir -p ~/.danbooru/ \ - && openssl rand -hex 32 > ~/.danbooru/secret_token \ - && openssl rand -hex 32 > ~/.danbooru/session_secret_key \ - && chmod 600 ~/.danbooru/* - WORKDIR /app CMD [ "shoreman" ] diff --git a/bin/setup b/bin/setup index 2327a137f..fa9eb6533 100755 --- a/bin/setup +++ b/bin/setup @@ -16,7 +16,7 @@ FileUtils.chdir APP_ROOT do puts '== Installing dependencies ==' system! 'gem install bundler:2.0.1' system! 'bundler config github.https true' - system('bundle check') || system!('bundle install') + system('bundle check') || system!('bundle install -j$(nproc)') # Install JavaScript dependencies system('bin/yarn') diff --git a/docker-compose.yml b/docker-compose.yml index 85b04a85a..09833e218 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,15 +9,16 @@ services: - public_packs:/app/public/packs - public_packs_test:/app/public/packs-test - post_data:/app/public/data - - gems:/home/danbooru/gems + - gems:/usr/local/bundle environment: - DATABASE_URL: postgresql://postgres + DATABASE_URL: postgresql://danbooru:@postgres RAILS_ENV: development - GEM_HOME: /home/danbooru/gems DANBOORU_HOSTNAME: http://localhost:3000 DANBOORU_REDIS_URL: redis://redis DANBOORU_ELASTICSEARCH_HOST: elastic DANBOORU_MEMCACHED_SERVERS: memcached + SECRET_TOKEN: 1c58518a891eff4520cadc59afa9e378a9325f1247544ff258096e497f095f45 + SESSION_SECRET_KEY: 44b4f44e9f253c406cbe727d403d500c1cecff943e4d2aea8f5447f28846fffe depends_on: - postgres - redis @@ -64,6 +65,7 @@ services: environment: - discovery.type=single-node - xpack.security.enabled=false + - logger.level=WARN - ES_JAVA_OPTS=-Xms1g -Xmx1g volumes: - elastic_data:/usr/share/elasticsearch/data diff --git a/docker/postgres/Dockerfile b/docker/postgres/Dockerfile index dafc32471..6a34f134c 100644 --- a/docker/postgres/Dockerfile +++ b/docker/postgres/Dockerfile @@ -1,10 +1,9 @@ -FROM postgres:12 -ARG BUILD_DEPS="git build-essential make postgresql-server-dev-12 ca-certificates" +FROM postgres:12-alpine +ARG BUILD_DEPS="git make gcc libc-dev clang llvm" -RUN apt-get update && apt-get install -y $BUILD_DEPS --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ +RUN apk --no-cache add $BUILD_DEPS \ && git clone https://github.com/r888888888/test_parser.git /tmp/test_parser \ && cd /tmp/test_parser \ && make install \ && rm -rf /tmp/test_parser \ - && apt-get purge -y --auto-remove $BUILD_DEPS + && apk del $BUILD_DEPS