Skip to content
Snippets Groups Projects

Migrate to Alpine, use Alpine's ImageMagick packages, add ImageMagick security policy, update Ruby version and a few gems

Closed Migrate to Alpine, use Alpine's ImageMagick packages, add ImageMagick security policy, update Ruby version and a few gems
develop-pascal into develop
Closed Pascal Ernster requested to merge develop-pascal into develop
Viewing commit bddaf30f
Show latest version
3 files
+ 34
56
Compare changes
  • Side-by-side
  • Inline
Files
3
hyrax/Dockerfile
+ 12
38
FROM ruby:2.7.5-buster
FROM ruby:2.7.5-alpine
# Setup build variables
ARG RAILS_ENV
@@ -6,56 +6,29 @@ ARG DERIVATIVES_PATH
ARG UPLOADS_PATH
ARG CACHE_PATH
ARG FITS_VERSION=1.5.5
ARG IM_VERSION=7.0.7-39
ENV APP_PRODUCTION=/data/ \
APP_WORKDIR=/data
# Add backports to apt-get sources
# Install libraries, dependencies, java and fits
# Install libraries, dependencies and java. FIXME: bash is only required for the shell scripts that ship with FITS, create pull request to remove bash dependency. Also check if gcompat is really necessary.
RUN apk update && \
apk upgrade && \
apk add bash build-base curl curl-dev gcompat imagemagick imagemagick-libs imagemagick-dev libarchive-tools libpq-dev libxml2-dev libxslt-dev nodejs openjdk11-jre-headless sqlite-dev tzdata yarn
RUN apt-get update -qq && \
apt-get -y install apt-transport-https && \
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
curl -sL https://deb.nodesource.com/setup_14.x | bash - && \
apt-get update -qq && apt-get install -y --no-install-recommends \
libpq-dev \
libxml2-dev libxslt1-dev \
nodejs \
libreoffice \
libass-dev libfreetype6-dev libmp3lame-dev libopus-dev libsdl2-dev libtheora-dev libtool libva-dev libvdpau-dev \
libvpx-dev libvorbis-dev libx264-dev libx265-dev libxcb1-dev libxcb-shm0-dev libxcb-xfixes0-dev nasm pkg-config \
texinfo wget yasm zlib1g-dev \
libjpeg-dev libtiff-dev libpng-dev libraw-dev libwebp-dev libjxr-dev \
libcairo2-dev libgs-dev librsvg2-dev \
libmp3lame-dev libvorbis-dev libtheora-dev libspeex-dev libx264-dev \
ghostscript ffmpeg \
ufraw \
bzip2 libarchive-tools xz-utils \
vim \
git \
openjdk-11-jre-headless \
yarn && \
yarn config set no-progress && \
yarn config set silent
RUN git clone https://github.com/ImageMagick/ImageMagick.git && \
cd ImageMagick && git checkout ${IM_VERSION} && \
./configure --prefix=/usr --without-magick-plus-plus --disable-docs --disable-static --with-tiff && \
make && make install
# copy policy.xml to /etc/ImageMagick-7/policy.xml
COPY policy.xml /etc/ImageMagick-7/policy.xml
RUN mkdir -p /fits/fits-$FITS_VERSION \
&& curl --fail --location "https://github.com/harvard-lts/fits/releases/download/$FITS_VERSION/fits-$FITS_VERSION.zip" | bsdtar --extract --directory /fits/fits-$FITS_VERSION \
&& chmod +x "/fits/fits-$FITS_VERSION/fits.sh" "/fits/fits-$FITS_VERSION/fits-env.sh" "/fits/fits-$FITS_VERSION/fits-ngserver.sh"
# copy gemfiles to production folder
COPY Gemfile Gemfile.lock $APP_PRODUCTION
# install gems to system - use flags dependent on RAILS_ENV
RUN cd $APP_PRODUCTION && \
bundle config build.nokogiri --use-system-libraries \
RUN cd $APP_PRODUCTION \
&& bundle lock --update \
&& bundle config build.nokogiri --use-system-libraries \
&& if [ "$RAILS_ENV" = "production" ]; then \
bundle install --without test:development; \
else \
@@ -73,7 +46,6 @@ RUN mkdir -p $CACHE_PATH
# copy the application
COPY . $APP_PRODUCTION
COPY docker-entrypoint.sh /bin/
# use the just built Gemfile.lock, not the one copied into the container and verify the gems are correctly installed
RUN cd $APP_PRODUCTION \
@@ -87,6 +59,8 @@ RUN if [ "$RAILS_ENV" = "production" ]; then \
&& SECRET_KEY_BASE_PRODUCTION=0 bundle exec rake assets:clean assets:precompile; \
fi
COPY docker-entrypoint.sh /bin/
WORKDIR $APP_WORKDIR
RUN chmod +x /bin/docker-entrypoint.sh