Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch to a slim debian Docker image [PLT-1610] #2521

Merged
merged 1 commit into from
Oct 10, 2023
Merged

Switch to a slim debian Docker image [PLT-1610] #2521

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 12 additions & 10 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM public.ecr.aws/docker/library/ruby:3.1.4-bookworm@sha256:ce07ca486ea1589cdbc3df60a554c595b10a792e9a61a0363977d42e9de20726
FROM public.ecr.aws/docker/library/ruby:3.1.4-slim-bookworm@sha256:6c5ebf029d658391fb9243b37e970f84100eab678e2e6e77f316f847e02d5ed9

ARG RAILS_ENV
ARG DD_RUM_VERSION="unknown"
Expand All @@ -10,21 +10,23 @@ ENV DD_RUM_ENABLED=true
ENV RAILS_ENV=${RAILS_ENV:-production}
ENV SECRET_KEY_BASE=xxx

RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null

# Install Node.js
RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash -

RUN echo "--- :package: Installing system deps" \
# Cache apt
rm -f /etc/apt/apt.conf.d/docker-clean \
&& echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache \
# Install a few pre-reqs
&& apt-get update \
&& apt-get install -y curl gnupg \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curl and gnupg aren't needed in prod, but we do need them in the Dockerfile steps further down

# Setup apt for GH cli
&& curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
# Setup apt for node
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - \
&& curl -fsSL https://deb.nodesource.com/setup_18.x | bash - \
# Install all the things
&& apt-get update \
&& apt-get install -y nodejs gh jq \
&& apt-get install -y nodejs gh jq build-essential \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

build-essential is the main thing that was missing from slim. It's needed to compile and install various ruby/node native packages.

## Pull down security updates
&& apt-get upgrade -y \
# Upgrade rubygems and bundler
Expand Down