Alpine prod image

Dockerfile

@@ -1,66 +1,58 @@
 # syntax = docker/dockerfile:1
-
-# This Dockerfile is designed for production, not development. Use with Kamal or build'n'run by hand:
-# docker build -t my-app .
-# docker run -d -p 80:80 -p 443:443 --name my-app -e RAILS_MASTER_KEY=<value from config/master.key> my-app
-
-# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
 ARG RUBY_VERSION=3.3.4
-FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
+ARG RAILS_ROOT=/app
+FROM ruby:$RUBY_VERSION-alpine AS builder
 
-# Rails app lives here
-WORKDIR /rails
-
-# Install base packages
-RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y curl libjemalloc2 libsqlite3-0 libvips && \
-    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+# Install build dependencies
+RUN apk add --no-cache build-base git pkgconfig
 
 # Set production environment
 ENV RAILS_ENV="production" \
+    RAILS_ROOT="/app" \
     BUNDLE_DEPLOYMENT="1" \
-    BUNDLE_PATH="/usr/local/bundle" \
-    BUNDLE_WITHOUT="development"
-
-# Throw-away build stage to reduce size of final image
-FROM base AS build
+    BUNDLE_PATH="/app/.bundle" \
+    BUNDLE_WITHOUT="test development"
 
-# Install packages needed to build gems
-RUN apt-get update -qq && \
-    apt-get install --no-install-recommends -y build-essential git pkg-config && \
-    rm -rf /var/lib/apt/lists /var/cache/apt/archives
+WORKDIR $RAILS_ROOT
 
-# Install application gems
+# Install gems
 COPY Gemfile Gemfile.lock ./
-RUN bundle install && \
-    rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git && \
-    bundle exec bootsnap precompile --gemfile
+RUN bundle config --global frozen 1 \
+    && bundle config set path 'vendor/bundle' \
+    && bundle install --without development:test -j4 --retry 3 \
+    && rm -rf vendor/bundle/ruby/3.3.0/cache/*.gem # \
+    && find vendor/bundle/ruby/3.3.0/gems/ -name "*.c" -delete \
+    && find vendor/bundle/ruby/3.3.0/gems/ -name "*.o" -delete
 
 # Copy application code
 COPY . .
 
-# Precompile bootsnap code for faster boot times
+# Precompile bootsnap
 RUN bundle exec bootsnap precompile app/ lib/
 
+# Final stage
+FROM ruby:$RUBY_VERSION-alpine
 
+# Install runtime dependencies
+RUN apk add --no-cache curl jemalloc sqlite-libs vips tzdata
 
+ENV RAILS_ENV="production" \
+    RAILS_ROOT="/app" \
+    BUNDLE_DEPLOYMENT="1" \
+    BUNDLE_APP_CONFIG="/app/.bundle" \
+    BUNDLE_WITHOUT="test development"
 
-# Final stage for app image
-FROM base
+WORKDIR $RAILS_ROOT
 
-# Copy built artifacts: gems, application
-COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
-COPY --from=build /rails /rails
+# Copy built artifacts
+COPY --from=builder $RAILS_ROOT $RAILS_ROOT
 
-# Run and own only the runtime files as a non-root user for security
-RUN groupadd --system --gid 1000 rails && \
-    useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
+# Add non-root user
+RUN addgroup -S rails && adduser -S rails -G rails && \
     chown -R rails:rails db log storage tmp
-USER 1000:1000
-
-# Entrypoint prepares the database.
-ENTRYPOINT ["/rails/bin/docker-entrypoint"]
+USER rails:rails
 
 # Start the server by default, this can be overwritten at runtime
 EXPOSE 3000
-CMD ["./bin/rails", "server"]
+# Start the server
+CMD ["bin/rails", "server", "-b", "0.0.0.0"]