diff options
| author | Leon Klingele <git@leonklingele.de> | 2019-08-01 12:49:12 +0200 |
|---|---|---|
| committer | Leon Klingele <git@leonklingele.de> | 2019-08-04 11:21:32 +0200 |
| commit | ea39bb4334227804b95a2a084e51ae004d8f5f9e (patch) | |
| tree | 42be1f7c38ad9ce5ecb9f1f1268f7a98c01b57c4 /docker | |
| parent | f99a7b2a8c8c480f175f15155e8616cdefb59300 (diff) | |
| download | invidious-ea39bb4334227804b95a2a084e51ae004d8f5f9e.tar.gz invidious-ea39bb4334227804b95a2a084e51ae004d8f5f9e.tar.bz2 invidious-ea39bb4334227804b95a2a084e51ae004d8f5f9e.zip | |
docker: various improvements to Dockerfile
This includes the following changes:
- Use multi-stage build to run application in an optimized environment, see
https://docs.docker.com/develop/develop-images/multistage-build/
- Run application on alpine instead of archlinux to further reduce image size
- Build Crystal application with --release for improved runtime performance
- Run application as non-root user for better security, see
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
- Only rebuild Docker layers when required
Diffstat (limited to 'docker')
| -rw-r--r-- | docker/Dockerfile | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index 043d950e..c9fa6367 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,15 +1,28 @@ -FROM archlinux/base - -RUN pacman -Sy --noconfirm shards crystal imagemagick librsvg \ - which pkgconf gcc ttf-liberation glibc -# base-devel contains many other basic packages, that are normally assumed to already exist on a clean arch system - -ADD . /invidious - +FROM alpine:latest AS builder +RUN apk add -u crystal shards libc-dev \ + yaml-dev libxml2-dev sqlite-dev sqlite-static zlib-dev openssl-dev WORKDIR /invidious +COPY ./shard.yml ./shard.yml +RUN shards update && shards install +COPY ./src/ ./src/ +# TODO: .git folder is required for building – this is destructive. +# See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION. +COPY ./.git/ ./.git/ +RUN crystal build --static --release \ +# TODO: Remove next line, see https://github.com/crystal-lang/crystal/issues/7946 + -Dmusl \ + ./src/invidious.cr -RUN sed -i 's/host: localhost/host: postgres/' config/config.yml && \ - shards update && shards install && \ - crystal build src/invidious.cr - +FROM alpine:latest +RUN apk add -u imagemagick ttf-opensans +WORKDIR /invidious +RUN addgroup -g 1000 -S invidious && \ + adduser -u 1000 -S invidious -G invidious +COPY ./assets/ ./assets/ +COPY ./config/config.yml ./config/config.yml +COPY ./config/sql/ ./config/sql/ +COPY ./locales/ ./locales/ +RUN sed -i 's/host: localhost/host: postgres/' config/config.yml +COPY --from=builder /invidious/invidious . +USER invidious CMD [ "/invidious/invidious" ] |