rubys/Dockerfile Secret

## Dockerfile
# syntax = docker/dockerfile:1

# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
ARG RUBY_VERSION=3.2.1
FROM --platform=linux/amd64 ruby:$RUBY_VERSION-slim as base

# Rails app lives here
WORKDIR /rails

# Set production environment
ENV RAILS_ENV="production" \
    BUNDLE_DEPLOYMENT="1" \
    BUNDLE_WITHOUT="development:test"

# Update gems and bundler
RUN gem update --system --no-document && \
    gem install -N bundler

# Install packages needed to install nodejs and chrome
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y curl gnupg && \
    rm -rf /var/lib/apt/lists /var/cache/apt/archives

# Install Node.js
ARG NODE_VERSION=19.7.0
ENV PATH=/usr/local/node/bin:$PATH
RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz | tar xz -C /tmp/ && \
    /tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
    rm -rf /tmp/node-build-master


# Throw-away build stage to reduce size of final image
FROM base as build

# Install packages needed to build gems and node modules
RUN apt-get update -qq && \
    apt-get install --no-install-recommends -y build-essential node-gyp pkg-config python-is-python3

# Build options
ENV PATH="/usr/local/node/bin:$PATH" \
    PUPPETEER_SKIP_CHROMIUM_DOWNLOAD="true"

# Install application gems
COPY Gemfile Gemfile.lock .
RUN bundle install

# Install node modules
COPY package.json package-lock.json .
RUN npm install

# Copy application code
COPY . .

# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
RUN SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile


# Final stage for app image
FROM base

# Install packages needed for deployment
RUN curl https://dl-ssl.google.com/linux/linux_signing_key.pub | \
    gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg && \
    echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list && \
    apt-get update -qq && \
    apt-get install --no-install-recommends -y google-chrome-stable libsqlite3-0 && \
    rm -rf /var/lib/apt/lists /var/cache/apt/archives

# Run and own the application files as a non-root user for security
RUN useradd rails
USER rails:rails

# Copy built artifacts: gems, application
COPY --from=build /usr/local/bundle /usr/local/bundle
COPY --from=build --chown=rails:rails /rails /rails

# Deployment options
ENV RAILS_LOG_TO_STDOUT="1" \
    RAILS_SERVE_STATIC_FILES="true" \
    GROVER_NO_SANDBOX="true" \
    PUPPETEER_EXECUTABLE_PATH="/usr/bin/google-chrome"

# Entrypoint prepares the database.
ENTRYPOINT ["/rails/bin/docker-entrypoint"]

# Start the server by default, this can be overwritten at runtime
EXPOSE 3000
CMD ["./bin/rails", "server"]
	# syntax = docker/dockerfile:1

	# Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile
	ARG RUBY_VERSION=3.2.1
	FROM --platform=linux/amd64 ruby:$RUBY_VERSION-slim as base

	# Rails app lives here
	WORKDIR /rails

	# Set production environment
	ENV RAILS_ENV="production" \
	BUNDLE_DEPLOYMENT="1" \
	BUNDLE_WITHOUT="development:test"

	# Update gems and bundler
	RUN gem update --system --no-document && \
	gem install -N bundler

	# Install packages needed to install nodejs and chrome
	RUN apt-get update -qq && \
	apt-get install --no-install-recommends -y curl gnupg && \
	rm -rf /var/lib/apt/lists /var/cache/apt/archives

	# Install Node.js
	ARG NODE_VERSION=19.7.0
	ENV PATH=/usr/local/node/bin:$PATH
	RUN curl -sL https://github.com/nodenv/node-build/archive/master.tar.gz \| tar xz -C /tmp/ && \
	/tmp/node-build-master/bin/node-build "${NODE_VERSION}" /usr/local/node && \
	rm -rf /tmp/node-build-master


	# Throw-away build stage to reduce size of final image
	FROM base as build

	# Install packages needed to build gems and node modules
	RUN apt-get update -qq && \
	apt-get install --no-install-recommends -y build-essential node-gyp pkg-config python-is-python3

	# Build options
	ENV PATH="/usr/local/node/bin:$PATH" \
	PUPPETEER_SKIP_CHROMIUM_DOWNLOAD="true"

	# Install application gems
	COPY Gemfile Gemfile.lock .
	RUN bundle install

	# Install node modules
	COPY package.json package-lock.json .
	RUN npm install

	# Copy application code
	COPY . .

	# Precompiling assets for production without requiring secret RAILS_MASTER_KEY
	RUN SECRET_KEY_BASE=DUMMY ./bin/rails assets:precompile


	# Final stage for app image
	FROM base

	# Install packages needed for deployment
	RUN curl https://dl-ssl.google.com/linux/linux_signing_key.pub \| \
	gpg --dearmor > /etc/apt/trusted.gpg.d/google-archive.gpg && \
	echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list && \
	apt-get update -qq && \
	apt-get install --no-install-recommends -y google-chrome-stable libsqlite3-0 && \
	rm -rf /var/lib/apt/lists /var/cache/apt/archives

	# Run and own the application files as a non-root user for security
	RUN useradd rails
	USER rails:rails

	# Copy built artifacts: gems, application
	COPY --from=build /usr/local/bundle /usr/local/bundle
	COPY --from=build --chown=rails:rails /rails /rails

	# Deployment options
	ENV RAILS_LOG_TO_STDOUT="1" \
	RAILS_SERVE_STATIC_FILES="true" \
	GROVER_NO_SANDBOX="true" \
	PUPPETEER_EXECUTABLE_PATH="/usr/bin/google-chrome"

	# Entrypoint prepares the database.
	ENTRYPOINT ["/rails/bin/docker-entrypoint"]

	# Start the server by default, this can be overwritten at runtime
	EXPOSE 3000
	CMD ["./bin/rails", "server"]