ea39bb4334
This includes the following changes: - Use multi-stage build to run application in an optimized environment, see https://docs.docker.com/develop/develop-images/multistage-build/ - Run application on alpine instead of archlinux to further reduce image size - Build Crystal application with --release for improved runtime performance - Run application as non-root user for better security, see https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user - Only rebuild Docker layers when required
29 lines
1,013 B
Docker
29 lines
1,013 B
Docker
FROM alpine:latest AS builder
|
||
RUN apk add -u crystal shards libc-dev \
|
||
yaml-dev libxml2-dev sqlite-dev sqlite-static zlib-dev openssl-dev
|
||
WORKDIR /invidious
|
||
COPY ./shard.yml ./shard.yml
|
||
RUN shards update && shards install
|
||
COPY ./src/ ./src/
|
||
# TODO: .git folder is required for building – this is destructive.
|
||
# See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION.
|
||
COPY ./.git/ ./.git/
|
||
RUN crystal build --static --release \
|
||
# TODO: Remove next line, see https://github.com/crystal-lang/crystal/issues/7946
|
||
-Dmusl \
|
||
./src/invidious.cr
|
||
|
||
FROM alpine:latest
|
||
RUN apk add -u imagemagick ttf-opensans
|
||
WORKDIR /invidious
|
||
RUN addgroup -g 1000 -S invidious && \
|
||
adduser -u 1000 -S invidious -G invidious
|
||
COPY ./assets/ ./assets/
|
||
COPY ./config/config.yml ./config/config.yml
|
||
COPY ./config/sql/ ./config/sql/
|
||
COPY ./locales/ ./locales/
|
||
RUN sed -i 's/host: localhost/host: postgres/' config/config.yml
|
||
COPY --from=builder /invidious/invidious .
|
||
USER invidious
|
||
CMD [ "/invidious/invidious" ]
|