sanbase2/Dockerfile at master · santiment/sanbase2 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
ARG ELIXIR_VERSION=1.19.4
ARG OTP_VERSION=28.4
ARG DEBIAN_VERSION=bookworm-20260223-slim

ARG BUILDER_IMAGE="hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}"
ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}"

FROM ${BUILDER_IMAGE} as builder

# install build dependencies
RUN apt-get update -y && apt-get install -y \
  build-essential \
  cmake \
  make \
  g++ \
  git \
  nodejs \
  npm \
  openssl \
  wget \
  ca-certificates \
  gcc \
  libc6-dev \
  curl \
  && apt-get clean && rm -f /var/lib/apt/lists/*_*

# prepare build dir
RUN mkdir /app
WORKDIR /app

# Add rust version 1.75.0 for better GLIBC compatibility
RUN curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain=1.75.0 -y

# The --allow-multiple-definition linker flag is required here to work around
# duplicate symbol errors that occur when statically linking certain Rust crates
# with Erlang NIFs or C dependencies. This flag prevents linker failures due to
# multiple definitions, which can happen in this build context. See:
# https://github.com/rust-lang/rust/issues/38281 for more details.
ENV RUSTFLAGS="-C target-feature=-crt-static -C link-arg=-Wl,--allow-multiple-definition"

ENV PATH=/root/.cargo/bin:$PATH

# install hex + rebar
RUN mix local.hex --force && \
  mix local.rebar --force

# set build ENV
ENV MIX_ENV="prod"

# install mix dependencies
COPY mix.exs mix.lock ./
RUN mix deps.get --only $MIX_ENV

RUN mkdir config
# copy compile-time config files before we compile dependencies
# to ensure any relevant config change will trigger the dependencies
# to be re-compiled.
COPY config/config.exs \
  config/ueberauth_config.exs \
  config/notifications_config.exs \
  config/scheduler_config.exs \
  config/scrapers_config.exs \
  config/stripe_config.exs \
  config/${MIX_ENV}.exs \
  config/

RUN mix deps.compile

COPY priv priv

COPY lib lib

COPY src src

# install npm dependencies first (cached unless package.json/lock changes)
ENV NODE_ENV=production
COPY assets/package.json assets/package-lock.json assets/
COPY assets/graphiql/patch-monaco.sh assets/graphiql/patch-monaco.sh
RUN cd assets && npm install

COPY assets assets

# check that the code is formatted
COPY .formatter.exs ./
RUN mix format --check-formatted

# compile assets
RUN mix assets.setup
RUN mix assets.deploy

# Allow sentry to package source code when it reports errors
RUN mix sentry.package_source_code

# Compile the release
RUN mix compile

# Changes to config/runtime.exs don't require recompiling the code
COPY config/runtime.exs config/

COPY rel rel
RUN mix release

# start a new build stage so that the final image will only contain
# the compiled release and other runtime necessities
FROM ${RUNNER_IMAGE}

RUN apt-get update -y && apt-get install -y libstdc++6 openssl libncurses5 locales imagemagick ca-certificates \
  && apt-get clean && rm -f /var/lib/apt/lists/*_*

# Set the locale
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen

ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US:en
ENV LC_ALL=en_US.UTF-8

WORKDIR "/app"

# Necessary as k8s sets it to /root and this causes permission issues when
# storing the cookie file during booting
ENV HOME=/app

RUN chown nobody /app

# expect a build-time argument
ARG GIT_COMMIT

# set runner ENV vars
ENV MIX_ENV="prod"
ENV GIT_COMMIT=$GIT_COMMIT

# Only copy the final release from the build stage
COPY --from=builder --chown=nobody:root /app/_build/${MIX_ENV}/rel/sanbase ./

USER nobody

CMD ["/bin/bash", "-c", "/app/bin/migrate && /app/bin/server"]