ledermann / docker-rails-base Goto Github PK

Just noticed that the base Dockerfile precompile step has SECRET_KEY_BASE=dummy . Isn't this a security risk?

There are a few workarounds here: rails/rails#32947 that could make it more secure, such as using SECRET_KEY_BASE=``bin/rake secret`` bin/rake assets:precompile.

Is there a way to pass ENV vars to the container before bundling?

I (sadly) have the need for imagemagick(-dev, -libs) in my Build Stage in Order to use a certain gem later in Production.

How would that be possible?
I tried copying the whole Builder Dockerfile in place of FROM ledermann/rails-base-builder:3.2.2-alpine AS Builder but i don't get running Images.

Appreciated!

Asset Precompilation in Builder Stage crashes with
Error loading shared library glib-2.0.so.0: No such file or directory.
if gem "vips" is added to Bundle.

Builder Stage would need vips-dev Alpine Package in order to alleviate this.

Related Issue

After I updated ledermann/rails-base-builder:3.0.2-alpine and ledermann/rails-base-final:3.0.2-alpine.
I met the problem when running my image on AWS ECS with errors /home/app is not writable even I set USER to app on Dockerfile.
Full errors.

Do you have any suggestions?

I tried this way

FROM ledermann/rails-base-builder:3.1.1-alpine AS Builder
FROM ledermann/rails-base-final:3.1.1-alpine

RUN apk add --no-cache sqlite-dev
USER app
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

failed with cmd docker build .

Installing sqlite3 1.4.2 with native extensions
Installing importmap-rails 1.0.3
Installing stimulus-rails 1.0.4
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /usr/local/bundle/gems/sqlite3-1.4.2/ext/sqlite3
/usr/local/bin/ruby -I /usr/local/lib/ruby/3.1.0 -r
./siteconf20220313-8-4cuwka.rb extconf.rb
checking for sqlite3.h... no
sqlite3.h is missing. Try 'brew install sqlite3',
'yum install sqlite-devel' or 'apt-get install libsqlite3-dev'

it seems sqlite-dev is not added before onbuild is triggered.
maybe I need build my builder image?

Just noticed this line:

It only clears out .gem caches. If you have a gem that is referencing a git repo, the cache there will be the entire repo itself. I think it's safe to clear out the entire cache/* directory instead of looking only for *.gem files.

I tried using your project for a fresh rails project (thanks for this! this is great) but wasn't able to get it running out of the box.

Using a brand new rails project, and using the basic Dockerfile:

FROM ledermann/rails-base-builder:latest AS Builder
FROM ledermann/rails-base-final:latest
USER app
CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]

When running a docker build, I was getting the following error:

/usr/local/lib/ruby/2.6.0/rubygems.rb:283:in `find_spec_for_exe': Could not find 'bundler' (2.1.4) required by your /app/Gemfile.lock. (Gem::GemNotFoundException)
To update to the latest version installed on your system, run `bundle update --bundler`.
To install the missing version, run `gem install bundler:2.1.4`
	from /usr/local/lib/ruby/2.6.0/rubygems.rb:302:in `activate_bin_path'
	from /usr/local/bin/bundle:23:in `<main>'

It looks like the base containers don't actually have bundler so I needed to add RUN gem install bundler before the bundle config call here: https://github.com/ledermann/docker-rails-base/blob/master/Builder/Dockerfile#L22

Am I missing a setup step for local development / is there a reason why install bundler isn't added? (do you expect CI to add it?)

Dependabot couldn't find a package.json for this project.

Dependabot requires a package.json to evaluate your project's current JavaScript dependencies. It had expected to find one at the path: /package.json.

If this isn't a JavaScript project, or if it is a library, you may wish to disable updates for it from within Dependabot.

View the update logs.

# Dockerfile
FROM ledermann/rails-base-builder:latest AS builder

FROM nginx:alpine
COPY --from=builder /app/public /usr/share/nginx/html/

# build.log 
Step 1/5 : FROM ledermann/rails-base-builder:latest AS builder
# Executing 5 build triggers
 ---> Using cache
 ---> Using cache
 ---> Running in e572cd7508c3
rails aborted!
ActiveSupport::EncryptedFile::MissingKeyError: Missing encryption key to decrypt file with. Ask your team for your master key and write it to /app/config/master.key or put it in the ENV['RAILS_MASTER_KEY'].

I tried to use

# Dockerfile
FROM ledermann/rails-base-builder:latest AS builder
ARG CREDENTIALS_KEY=changeme
ENV RAILS_MASTER_KEY=$CREDENTIALS_KEY

FROM nginx:alpine
COPY --from=builder /app/public /usr/share/nginx/html/

to allow usage with docker-compose --build-arg but it doesn't work that way :(

Any suggested solution?

Since the update to engine 20.10, I can no longer use :

FROM ledermann/rails-base-builder:2.7.2-alpine AS Builder
FROM ledermann/rails-base-final:2.7.2-alpine

It seems to me that rails-base-builder is never executed.

My builds have started returning filesystem layer verification failed for digest sha256. Even rebuilding old images and trying to pull them is failing. Is it possible the lastest commit is breaking ?

Dependabot couldn't find a Gemfile for this project.

Dependabot requires a Gemfile to evaluate your project's current Ruby dependencies. It had expected to find one at the path: /Gemfile.

If this isn't a Ruby project, or if it is a library, you may wish to disable updates for it from within Dependabot.

View the update logs.

tailwindcss-rails or rather tailwindcss-cli requires build-base and gcompat in order to compile Tailwind.

Related Issue here

I'm aware that the Builder Dockerfile is meant for Rails 6 currently,
but would it be possible for you to include gcompat aswell?

Appreciated!

PS:
had 4m50s builds with your base images on Rails 6.1
after switching to Rails 7 i got 2m30s on the Build Stage

Hello, Georg. Thanks for putting together the builder and the final docker images. I've recently started using this instead of rolling my own, and the images they produce are nice and lean.

Do you have any plans to add tags to the docker images you push? I had CI start failing on me today because I'm still using Ruby 2.7.1.

With the update of this image to 2.7.2, my docker build step began to fail in CI with Your Ruby version is 2.7.2, but your Gemfile specified 2.7.1 since my Gemfile.lock still has 2.7.1.

Tagging these images (perhaps consistent with the base ruby tag e.g. 2.7.2-alpine) would be a welcome way to avoid getting caught by surprise.

I'm happy to help with a PR if you've got a direction in mind for how you'd like to see the tagging implemented.

First up I have to say a thank you for making a great Rails 7 template! What a gentleman for open sourcing all your hard work!

In my project, I install some gems from local path, e.g.:

gem 'awesome_client', path: './vendor/gems/awesome_client'

I was wondering what is the best practice for handling this, so that issues are not raised when trying to docker-compose up.

2.085 Fetching gem metadata from https://rubygems.org/......
32.84 The path `/app/vendor/gems/awesome_client ` does not exist.
------
failed to solve: process "/bin/sh -c bundle config --local without 'development test' &&             bundle install -j4 --retry 3 &&             bundle exec bootsnap precompile --gemfile || true &&             bundle clean --force &&             rm -rf /usr/local/bundle/cache &&             find /usr/local/bundle/gems/ -name \"*.c\" -delete &&             find /usr/local/bundle/gems/ -name \"*.o\" -delete" did not complete successfully: exit code: 13

I saw that only the app directory was copied, so I thought that might be the issue. I tried adding this to the Dockerfile with no success:

RUN mkdir -p /app/vendor/gems

# Copy each gem individually
COPY ./vendor/gems/awesome_client /app/vendor/gems/awesome_client

As knowledgeable as you are, I am sure you can give some guidance on best practices for handing this case with your template/framework. Thank you!

I'm actively trying to get rid of sprockets since we already have Webpack in Rails applications but calling assets:compile is tied to Sprockets which makes my build fail with

rails aborted!
LoadError: cannot load such file -- uglifier

As far as I am concerned you can call webpacker:compile to get packs compiled.

Would you consider supporting NOT calling assets:precompile?

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::VersionConflict with message: Bundler could not find compatible versions for gem "mimemagic":
  In Gemfile:
    rails (~> 6.1.3) was resolved to 6.1.3, which depends on
      activestorage (= 6.1.3) was resolved to 6.1.3, which depends on
        mimemagic (~> 0.3.2)

Could not find gem 'mimemagic (~> 0.3.2)', which is required by gem 'activestorage (= 6.1.3)', in any of the sources.

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

View the update logs.

When I try running a built image, I run into this error.

Puma starting in single mode...
* Version 4.3.5 (ruby 2.7.1-p83), codename: Mysterious Traveller
* Min threads: 5, max threads: 5
* Environment: development
sh: yarn: not found


========================================
  Your Yarn packages are out of date!
  Please run `yarn install --check-files` to update.
========================================


To disable this check, please change `check_yarn_integrity`
to `false` in your webpacker config file (config/webpacker.yml).





! Unable to load application: SystemExit: exit

It would be great to make every environment as consistent as possible and create a test and development image based on the production image.

Dependabot can't resolve your Ruby dependency files.

As a result, Dependabot couldn't update your dependencies.

The error Dependabot encountered was:

Bundler::GemNotFound with message: Could not find aws-sdk-s3-1.68.0 in any of the sources

If you think the above is an error on Dependabot's side please don't hesitate to get in touch - we'll do whatever we can to fix it.

View the update logs.

https://github.com/ledermann/docker-rails-base/blob/main/Builder/Dockerfile#L67

when app/javascript is removed, the Container will throw a JS Error :

Uncaught TypeError: Failed to resolve module specifier "controllers". Relative references must start with either "/", "./", or "../".

i can't claim to fully grasp what is going on, but my guess is the importmap will pin to the actual uncompressed stimulus .js file located in app/javascript/controllers/hello_controller.js instead of the minified one in /public/assets/controllers/hello_controller.js

Would it be too much to ask to not purge app/javascript?