Revamp

- Upgrade Alpine to 3.15 - Use packaged Ruby (3), Node and libiconv - Build in a different stage than runtime - Build from main branch instead of latest release because of Ruby 3 patches
2021-12-09 00:41:31 -03:00 · 2021-12-09 00:41:31 -03:00 · c0d8a48691
commit c0d8a48691
parent 1d7360e561
1 changed files with 68 additions and 62 deletions
--- a/130
+++ b/130
@ -1,25 +1,15 @@
 # -------------- Build-time variables --------------
-ARG MASTODON_VERSION=3.4.4
+ARG MASTODON_VERSION=main
 ARG MASTODON_REPOSITORY=mastodon/mastodon

-ARG RUBY_VERSION=2.7
-ARG NODE_VERSION=14
-ARG ALPINE_VERSION=3.14
+ARG ALPINE_VERSION=3.15
 ARG HARDENED_MALLOC_VERSION=8
-ARG LIBICONV_VERSION=1.16

 ARG UID=991
 ARG GID=991
 # ---------------------------------------------------


-### Build Mastodon stack base (Ruby + Node)
-FROM node:${NODE_VERSION}-alpine${ALPINE_VERSION} as node
-FROM ruby:${RUBY_VERSION}-alpine${ALPINE_VERSION} as node-ruby
-COPY --from=node /usr/local /usr/local
-COPY --from=node /opt /opt
-
-
 ### Build Hardened Malloc
 ARG ALPINE_VERSION
 FROM alpine:${ALPINE_VERSION} as build-malloc
@ -35,28 +25,59 @@ RUN apk --no-cache add build-base git gnupg && cd /tmp \
 && make CONFIG_NATIVE=${CONFIG_NATIVE}


-### Build GNU Libiconv (needed for nokogiri)
+### Build Mastodon
 ARG ALPINE_VERSION
-FROM alpine:${ALPINE_VERSION} as build-gnulibiconv

-ARG LIBICONV_VERSION
-
-RUN apk --no-cache add build-base \
- && wget -q https://ftp.gnu.org/pub/gnu/libiconv/libiconv-${LIBICONV_VERSION}.tar.gz \
- && mkdir /tmp/libiconv && tar xf libiconv-${LIBICONV_VERSION}.tar.gz -C /tmp/libiconv --strip-components 1 \
- && cd /tmp/libiconv && mkdir output && ./configure --prefix=$PWD/output \
- && make -j$(getconf _NPROCESSORS_ONLN) && make install
-
-
-### Build Mastodon (production environment)
-FROM node-ruby as mastodon
-
-COPY --from=build-gnulibiconv /tmp/libiconv/output /usr/local
-COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/
+FROM alpine:${ALPINE_VERSION} as mastodon-build

 ARG MASTODON_VERSION
 ARG MASTODON_REPOSITORY

+# Install build dependencies
+RUN apk --no-cache add -t build-dependencies \
+    build-base \
+    gnu-libiconv-dev \
+    icu-dev \
+    libidn-dev \
+    libtool \
+    libxml2-dev \
+    libxslt-dev \
+    postgresql-dev \
+    protobuf-dev \
+    python3 \
+    ruby-dev \
+    imagemagick \
+    yarn \
+    ruby \
+    ruby-bundler
+
+RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
+ && mkdir /mastodon \
+ && chown mastodon:mastodon /mastodon
+USER mastodon
+WORKDIR /mastodon
+
+RUN wget -qO- https://github.com/${MASTODON_REPOSITORY}/archive/refs/heads/${MASTODON_VERSION}.tar.gz | tar xz --strip 1
+
+ENV RAILS_SERVE_STATIC_FILES=true \
+    RAILS_ENV=production \
+    NODE_ENV=production
+
+RUN bundle config build.nokogiri --use-system-libraries \
+ && bundle config set --local clean 'true' && bundle config set --local deployment 'true' \
+ && bundle config set --local without 'test development' && bundle config set no-cache 'true' \
+ && bundle install -j$(getconf _NPROCESSORS_ONLN)
+
+RUN yarn install --pure-lockfile --ignore-engines \
+ && OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \
+ && yarn cache clean
+
+
+### Mastodon runtime
+ARG ALPINE_VERSION
+
+FROM alpine:${ALPINE_VERSION} as mastodon
+
 ARG UID
 ARG GID

@ -66,10 +87,7 @@ ENV RUN_DB_MIGRATIONS=true \
    RAILS_SERVE_STATIC_FILES=true \
    RAILS_ENV=production \
    NODE_ENV=production \
-    PATH="${PATH}:/mastodon/bin" \
-    LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
-
-WORKDIR /mastodon
+    PATH="${PATH}:/mastodon/bin"

 # Install runtime dependencies
 RUN apk --no-cache add \
@ -90,38 +108,26 @@ RUN apk --no-cache add \
    yaml \
    readline \
    gcompat \
-# Install build dependencies
- && apk --no-cache add -t build-dependencies \
-    build-base \
-    icu-dev \
-    libidn-dev \
-    libtool \
-    libxml2-dev \
-    libxslt-dev \
-    postgresql-dev \
-    protobuf-dev \
-    python3 \
-    imagemagick \
-# Install Mastodon
- && wget -qO- https://github.com/${MASTODON_REPOSITORY}/archive/v${MASTODON_VERSION}.tar.gz | tar xz --strip 1 \
- && bundle config build.nokogiri --use-system-libraries --with-iconv-lib=/usr/local/lib --with-iconv-include=/usr/local/include \
- && bundle config set --local clean 'true' && bundle config set --local deployment 'true' \
- && bundle config set --local without 'test development' && bundle config set no-cache 'true' \
- && bundle install -j$(getconf _NPROCESSORS_ONLN) \
- && yarn install --pure-lockfile --ignore-engines \
- && OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \
-# Clean
- && npm -g --force cache clean && yarn cache clean \
- && apk del build-dependencies \
-# Prepare mastodon user
- && adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
- && chown -R mastodon:mastodon /mastodon
-
-COPY --chown=mastodon:mastodon rootfs /
-
-RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+    gnu-libiconv \
+    nodejs \
+    ruby \
+    ruby-bundler \
+# For hardened_malloc
+    libgcc \
+    libstdc++

+RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon
 USER mastodon
+WORKDIR /mastodon
+
+COPY --chown=mastodon:mastodon --from=mastodon-build /mastodon /mastodon
+
+ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
+COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/
+
+COPY --chown=mastodon:mastodon rootfs/usr/local/bin/run /usr/local/bin/run
+COPY --chown=mastodon:mastodon rootfs/etc/s6.d /etc/s6.d
+RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*

 VOLUME /mastodon/public/system /mastodon/log