diff --git a/Dockerfile b/Dockerfile index 9fe5014..860a717 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,21 +1,30 @@ +# -------------- Build-time variables -------------- +ARG MASTODON_VERSION=baed52c2a7d8f91bae3c69150005fc528387785c +ARG MASTODON_REPOSITORY=tootsuite/mastodon + ARG RUBY_VERSION=2.7.3 ARG NODE_VERSION=14.16.1 ARG ALPINE_VERSION=3.13 +ARG HARDENED_MALLOC_VERSION=7 +ARG LIBICONV_VERSION=1.16 -# Build Mastodon stack base (Ruby + Node) +ARG UID=991 +ARG GID=991 +# --------------------------------------------------- + + +### Build Mastodon stack base (Ruby + Node) +FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as node FROM ruby:${RUBY_VERSION}-alpine${ALPINE_VERSION} as node-ruby -ARG NODE_VERSION - -RUN wget -q https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64-musl.tar.xz \ - && mkdir /opt/node && tar -Jxf node-v$NODE_VERSION-linux-x64-musl.tar.xz -C /opt/node --strip-components 1 \ - && rm node-v$NODE_VERSION-linux-x64-musl.tar.xz +COPY --from=node /usr/local /usr/local +COPY --from=node /opt /opt -# Build Hardened Malloc +### Build Hardened Malloc ARG ALPINE_VERSION FROM alpine:${ALPINE_VERSION} as build-malloc -ARG HARDENED_MALLOC_VERSION=7 +ARG HARDENED_MALLOC_VERSION RUN apk --no-cache add build-base && cd /tmp \ && wget -q https://github.com/GrapheneOS/hardened_malloc/archive/refs/tags/${HARDENED_MALLOC_VERSION}.tar.gz \ @@ -23,11 +32,11 @@ RUN apk --no-cache add build-base && cd /tmp \ && cd hardened_malloc && make -# Build GNU Libiconv (needed for nokogiri) +### Build GNU Libiconv (needed for nokogiri) ARG ALPINE_VERSION FROM alpine:${ALPINE_VERSION} as build-gnulibiconv -ARG LIBICONV_VERSION=1.16 +ARG LIBICONV_VERSION RUN apk --no-cache add build-base \ && wget -q https://ftp.gnu.org/pub/gnu/libiconv/libiconv-${LIBICONV_VERSION}.tar.gz \ @@ -36,25 +45,27 @@ RUN apk --no-cache add build-base \ && make -j$(getconf _NPROCESSORS_ONLN) && make install -# Build Mastodon +### Build Mastodon (production environment) FROM node-ruby as mastodon COPY --from=build-gnulibiconv /tmp/libiconv/output /usr/local COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/ -ENV UID=991 GID=991 \ - RUN_DB_MIGRATIONS=true \ +ARG MASTODON_VERSION +ARG MASTODON_REPOSITORY + +ARG UID +ARG GID + +ENV RUN_DB_MIGRATIONS=true \ SIDEKIQ_WORKERS=5 \ BIND=0.0.0.0 \ RAILS_SERVE_STATIC_FILES=true \ RAILS_ENV=production \ NODE_ENV=production \ - PATH="${PATH}:/opt/node/bin:/mastodon/bin" \ + PATH="${PATH}:/mastodon/bin" \ LD_PRELOAD="/usr/local/lib/libhardened_malloc.so" -ARG MASTODON_VERSION=baed52c2a7d8f91bae3c69150005fc528387785c -ARG MASTODON_REPOSITORY=tootsuite/mastodon - WORKDIR /mastodon # Install runtime dependencies @@ -94,7 +105,6 @@ RUN apk --no-cache add \ && bundle config set --local clean 'true' && bundle config set --local deployment 'true' \ && bundle config set --local without 'test development' && bundle config set no-cache 'true' \ && bundle install -j$(getconf _NPROCESSORS_ONLN) \ - && npm install -g yarn \ && yarn install --pure-lockfile --ignore-engines \ && OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \ # Clean @@ -118,4 +128,5 @@ LABEL maintainer="Wonderfall " \ description="Your self-hosted, globally interconnected microblogging community" ENTRYPOINT ["/usr/local/bin/run"] + CMD ["/bin/s6-svscan", "/etc/s6.d"]