From 997dd6eaeb8ec380fc8c818f279e748ea5935a2e Mon Sep 17 00:00:00 2001
From: Cyril Rohr <hey@cyrilrohr.com>
Date: Tue, 1 Aug 2023 10:12:37 +0000
Subject: [PATCH] Use new dockerfile for prod

---
 docker/prod/Dockerfile      | 169 ++++++++++++++++++++++++++------
 docker/prod/Dockerfile.next | 188 ------------------------------------
 2 files changed, 140 insertions(+), 217 deletions(-)
 delete mode 100644 docker/prod/Dockerfile.next

diff --git a/docker/prod/Dockerfile b/docker/prod/Dockerfile
index a611d91f8db..95d9f4c4773 100644
--- a/docker/prod/Dockerfile
+++ b/docker/prod/Dockerfile
@@ -1,49 +1,160 @@
-ARG BASE_PREFIX
-FROM ${BASE_PREFIX}ruby:3.2.2-bullseye
+ARG RUBY_VERSION="3.2.2"
+ARG NODE_VERSION="16.17.0"
+ARG BUNDLER_VERSION="2.4.7"
+ARG DEBIAN_FRONTEND=noninteractive
 
-MAINTAINER operations@openproject.com
+# -------------------------------------
+# rubygems (private)
+# -------------------------------------
+FROM ruby:${RUBY_VERSION}-bullseye as rubygems
+ENV BUNDLE_JOBS=8
+ENV BUNDLE_RETRY=3
+ENV BUNDLE_WITHOUT="development:test"
 
+WORKDIR /app
+
+RUN gem install bundler --version "$BUNDLER_VERSION" --no-document
+
+COPY Gemfile Gemfile.modules Gemfile.lock ./
+COPY modules ./modules
+RUN bundle install
+
+# -------------------------------------
+# nodejs (private)
+# -------------------------------------
+# Using docker image for node so that multi-arch is automatically taken care of
+FROM node:${NODE_VERSION} as nodejs
+
+WORKDIR /app
+
+COPY package.json ./
+COPY frontend/package.json frontend/package-lock.json frontend/.npmrc ./frontend/
+RUN JOBS=8 npm install
+
+# -------------------------------------
+# assets (private)
+# -------------------------------------
+FROM rubygems as assets
+
+COPY --from=nodejs /usr/local/bin/node /usr/local/bin/node
+COPY --from=nodejs /usr/local/lib/node_modules /usr/local/lib/node_modules
+COPY --from=nodejs /usr/local/include/node /usr/local/include/node
+RUN ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm
+
+WORKDIR /app
+
+COPY --from=nodejs /app/node_modules ./node_modules
+COPY --from=nodejs /app/frontend/node_modules ./frontend/node_modules
+COPY Rakefile .
+COPY bin ./bin
+COPY app ./app
+COPY config ./config
+COPY lib ./lib
+COPY lib_static ./lib_static
+COPY frontend ./frontend
+COPY modules ./modules
+COPY vendor ./vendor
+
+RUN --mount=type=cache,target=/app/frontend/.angular/cache,uid=1000,gid=1000 \
+  SECRET_KEY_BASE=1 RAILS_ENV=production DATABASE_URL=nulldb://db \
+  bin/rails openproject:plugins:register_frontend assets:precompile && \
+  # only keep most current angular cache since webpack is unable to cleanup after itself
+	find frontend/.angular/cache -type d -exec sh -c 'ls -dt "$1"/*/ | tail -n +2 | xargs rm -r' sh {} \;
+
+# -------------------------------------
+# base (private)
+# -------------------------------------
+FROM ruby:${RUBY_VERSION}-slim-bullseye as base
+LABEL maintainer="operations@openproject.com"
+
+# SYSTEM
+ENV APP_USER=app
+ENV APP_PATH=/app
+ENV APP_DATA_PATH=/var/openproject/assets
+ENV PGVERSION="13"
+ENV PGBIN="/usr/lib/postgresql/$PGVERSION/bin"
+ENV BUNDLE_WITHOUT="development:test"
+
+# RAILS
+# Set a default key base, ensure to provide a secure value in production environments!
+ENV SECRET_KEY_BASE=OVERWRITE_ME
+ENV RAILS_ENV=production
+ENV RAILS_LOG_TO_STDOUT=1
+ENV RAILS_SERVE_STATIC_FILES=1
+
+# OPENPROJECT
+# Valid values are: standard,bim
+ENV OPENPROJECT_EDITION=standard
+ENV OPENPROJECT_INSTALLATION__TYPE=docker
+ENV OPENPROJECT_ATTACHMENTS__STORAGE__PATH=$APP_DATA_PATH/files
+ENV OPENPROJECT_RAILS__CACHE__STORE=file_store
+
+RUN useradd -d /home/$APP_USER -m $APP_USER
+RUN mkdir -p $APP_PATH && chown $APP_USER:$APP_USER $APP_PATH
+RUN mkdir -p $APP_DATA_PATH && chown $APP_USER:$APP_USER $APP_DATA_PATH
+
+WORKDIR $APP_PATH
+
+RUN --mount=type=cache,target=/var/cache/apt \
+  apt-get update -qq \
+  && apt-get install -yq --no-install-recommends \
+  curl \
+  gnupg2 \
+  && curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
+  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main' $PGVERSION > /etc/apt/sources.list.d/pgdg.list \
+  && apt-get update -qq \
+  && apt-get install -yq --no-install-recommends \
+  libpq5 \
+  postgresql-client-$PGVERSION \
+  libffi7 \
+  unrtf tesseract-ocr poppler-utils catdoc imagemagick \
+  && apt-get purge -y curl gnupg2 \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+  && truncate -s 0 /var/log/*log
+
+# -------------------------------------
+# slim (public)
+# -------------------------------------
+FROM base as slim
+COPY --chown=$APP_USER:$APP_USER --from=rubygems /usr/local/bundle /usr/local/bundle
+COPY --chown=$APP_USER:$APP_USER --from=assets /app/public/assets /app/public/assets
+COPY --chown=$APP_USER:$APP_USER --from=assets /app/config/frontend_assets.manifest.json /app/config/frontend_assets.manifest.json
+COPY --chown=$APP_USER:$APP_USER . .
+
+USER $APP_USER
+RUN ln -s $APP_PATH/docker/prod/setup/.irbrc /home/$APP_USER/
+
+EXPOSE 8080
+CMD ["./docker/prod/web"]
+VOLUME ["$APP_DATA_PATH"]
+
+# -------------------------------------
+# all-in-one (public)
+# -------------------------------------
+FROM base as all-in-one
+ARG DEBIAN_FRONTEND
+ARG NODE_VERSION
+ARG BUNDLER_VERSION
 # Allow platform-specific additions. Valid values are: on-prem,saas,bahn
 ARG PLATFORM=on-prem
 # Use OAuth token in case private gems need to be fetched
 ARG GITHUB_OAUTH_TOKEN
-ARG DEBIAN_FRONTEND=noninteractive
 ARG BIM_SUPPORT=true
+ARG GOSU_VERSION="1.16"
 
-ENV NODE_VERSION="16.17.0"
-ENV BUNDLER_VERSION="2.4.7"
-ENV BUNDLE_PATH__SYSTEM=false
-ENV APP_USER=app
-ENV APP_PATH=/app
-ENV APP_DATA_PATH=/var/openproject/assets
+ENV OPENPROJECT_RAILS__CACHE__STORE=memcache
+ENV DATABASE_URL=postgres://openproject:openproject@127.0.0.1/openproject
 ENV PGDATA=/var/openproject/pgdata
-ENV PGVERSION="13"
 ENV PGBIN="/usr/lib/postgresql/$PGVERSION/bin"
 
-ENV DATABASE_URL=postgres://openproject:openproject@127.0.0.1/openproject
-ENV RAILS_ENV=production
-ENV RAILS_GROUPS=production
-ENV RAILS_LOG_TO_STDOUT=1
-ENV RAILS_SERVE_STATIC_FILES=1
-ENV OPENPROJECT_ATTACHMENTS__STORAGE__PATH=$APP_DATA_PATH/files
-# Valid values are: standard,bim
-ENV OPENPROJECT_EDITION=standard
-ENV OPENPROJECT_INSTALLATION__TYPE=docker
-ENV OPENPROJECT_RAILS__CACHE__STORE=memcache
-# Set a default key base, ensure to provide a secure value in production environments!
-ENV SECRET_KEY_BASE=OVERWRITE_ME
+COPY docker/prod/setup ./docker/prod/setup
+RUN ./docker/prod/setup/preinstall.sh
 
-ARG GOSU_VERSION=1.16
 RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
  && chmod +x /usr/local/bin/gosu \
  && gosu nobody true
 
-WORKDIR $APP_PATH
-
-COPY docker/prod/setup ./docker/prod/setup
-RUN ./docker/prod/setup/preinstall.sh
-
 # set irb default config for app (docker run -it ...) and root (docker exec -it ...) users
 RUN ln -s /app/docker/prod/setup/.irbrc /home/$APP_USER/
 RUN ln -s /app/docker/prod/setup/.irbrc /root/
diff --git a/docker/prod/Dockerfile.next b/docker/prod/Dockerfile.next
deleted file mode 100644
index 95d9f4c4773..00000000000
--- a/docker/prod/Dockerfile.next
+++ /dev/null
@@ -1,188 +0,0 @@
-ARG RUBY_VERSION="3.2.2"
-ARG NODE_VERSION="16.17.0"
-ARG BUNDLER_VERSION="2.4.7"
-ARG DEBIAN_FRONTEND=noninteractive
-
-# -------------------------------------
-# rubygems (private)
-# -------------------------------------
-FROM ruby:${RUBY_VERSION}-bullseye as rubygems
-ENV BUNDLE_JOBS=8
-ENV BUNDLE_RETRY=3
-ENV BUNDLE_WITHOUT="development:test"
-
-WORKDIR /app
-
-RUN gem install bundler --version "$BUNDLER_VERSION" --no-document
-
-COPY Gemfile Gemfile.modules Gemfile.lock ./
-COPY modules ./modules
-RUN bundle install
-
-# -------------------------------------
-# nodejs (private)
-# -------------------------------------
-# Using docker image for node so that multi-arch is automatically taken care of
-FROM node:${NODE_VERSION} as nodejs
-
-WORKDIR /app
-
-COPY package.json ./
-COPY frontend/package.json frontend/package-lock.json frontend/.npmrc ./frontend/
-RUN JOBS=8 npm install
-
-# -------------------------------------
-# assets (private)
-# -------------------------------------
-FROM rubygems as assets
-
-COPY --from=nodejs /usr/local/bin/node /usr/local/bin/node
-COPY --from=nodejs /usr/local/lib/node_modules /usr/local/lib/node_modules
-COPY --from=nodejs /usr/local/include/node /usr/local/include/node
-RUN ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm
-
-WORKDIR /app
-
-COPY --from=nodejs /app/node_modules ./node_modules
-COPY --from=nodejs /app/frontend/node_modules ./frontend/node_modules
-COPY Rakefile .
-COPY bin ./bin
-COPY app ./app
-COPY config ./config
-COPY lib ./lib
-COPY lib_static ./lib_static
-COPY frontend ./frontend
-COPY modules ./modules
-COPY vendor ./vendor
-
-RUN --mount=type=cache,target=/app/frontend/.angular/cache,uid=1000,gid=1000 \
-  SECRET_KEY_BASE=1 RAILS_ENV=production DATABASE_URL=nulldb://db \
-  bin/rails openproject:plugins:register_frontend assets:precompile && \
-  # only keep most current angular cache since webpack is unable to cleanup after itself
-	find frontend/.angular/cache -type d -exec sh -c 'ls -dt "$1"/*/ | tail -n +2 | xargs rm -r' sh {} \;
-
-# -------------------------------------
-# base (private)
-# -------------------------------------
-FROM ruby:${RUBY_VERSION}-slim-bullseye as base
-LABEL maintainer="operations@openproject.com"
-
-# SYSTEM
-ENV APP_USER=app
-ENV APP_PATH=/app
-ENV APP_DATA_PATH=/var/openproject/assets
-ENV PGVERSION="13"
-ENV PGBIN="/usr/lib/postgresql/$PGVERSION/bin"
-ENV BUNDLE_WITHOUT="development:test"
-
-# RAILS
-# Set a default key base, ensure to provide a secure value in production environments!
-ENV SECRET_KEY_BASE=OVERWRITE_ME
-ENV RAILS_ENV=production
-ENV RAILS_LOG_TO_STDOUT=1
-ENV RAILS_SERVE_STATIC_FILES=1
-
-# OPENPROJECT
-# Valid values are: standard,bim
-ENV OPENPROJECT_EDITION=standard
-ENV OPENPROJECT_INSTALLATION__TYPE=docker
-ENV OPENPROJECT_ATTACHMENTS__STORAGE__PATH=$APP_DATA_PATH/files
-ENV OPENPROJECT_RAILS__CACHE__STORE=file_store
-
-RUN useradd -d /home/$APP_USER -m $APP_USER
-RUN mkdir -p $APP_PATH && chown $APP_USER:$APP_USER $APP_PATH
-RUN mkdir -p $APP_DATA_PATH && chown $APP_USER:$APP_USER $APP_DATA_PATH
-
-WORKDIR $APP_PATH
-
-RUN --mount=type=cache,target=/var/cache/apt \
-  apt-get update -qq \
-  && apt-get install -yq --no-install-recommends \
-  curl \
-  gnupg2 \
-  && curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \
-  && echo 'deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main' $PGVERSION > /etc/apt/sources.list.d/pgdg.list \
-  && apt-get update -qq \
-  && apt-get install -yq --no-install-recommends \
-  libpq5 \
-  postgresql-client-$PGVERSION \
-  libffi7 \
-  unrtf tesseract-ocr poppler-utils catdoc imagemagick \
-  && apt-get purge -y curl gnupg2 \
-  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
-  && truncate -s 0 /var/log/*log
-
-# -------------------------------------
-# slim (public)
-# -------------------------------------
-FROM base as slim
-COPY --chown=$APP_USER:$APP_USER --from=rubygems /usr/local/bundle /usr/local/bundle
-COPY --chown=$APP_USER:$APP_USER --from=assets /app/public/assets /app/public/assets
-COPY --chown=$APP_USER:$APP_USER --from=assets /app/config/frontend_assets.manifest.json /app/config/frontend_assets.manifest.json
-COPY --chown=$APP_USER:$APP_USER . .
-
-USER $APP_USER
-RUN ln -s $APP_PATH/docker/prod/setup/.irbrc /home/$APP_USER/
-
-EXPOSE 8080
-CMD ["./docker/prod/web"]
-VOLUME ["$APP_DATA_PATH"]
-
-# -------------------------------------
-# all-in-one (public)
-# -------------------------------------
-FROM base as all-in-one
-ARG DEBIAN_FRONTEND
-ARG NODE_VERSION
-ARG BUNDLER_VERSION
-# Allow platform-specific additions. Valid values are: on-prem,saas,bahn
-ARG PLATFORM=on-prem
-# Use OAuth token in case private gems need to be fetched
-ARG GITHUB_OAUTH_TOKEN
-ARG BIM_SUPPORT=true
-ARG GOSU_VERSION="1.16"
-
-ENV OPENPROJECT_RAILS__CACHE__STORE=memcache
-ENV DATABASE_URL=postgres://openproject:openproject@127.0.0.1/openproject
-ENV PGDATA=/var/openproject/pgdata
-ENV PGBIN="/usr/lib/postgresql/$PGVERSION/bin"
-
-COPY docker/prod/setup ./docker/prod/setup
-RUN ./docker/prod/setup/preinstall.sh
-
-RUN dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
- && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
- && chmod +x /usr/local/bin/gosu \
- && gosu nobody true
-
-# set irb default config for app (docker run -it ...) and root (docker exec -it ...) users
-RUN ln -s /app/docker/prod/setup/.irbrc /home/$APP_USER/
-RUN ln -s /app/docker/prod/setup/.irbrc /root/
-
-COPY Gemfile ./Gemfile
-COPY Gemfile.* ./
-COPY modules ./modules
-COPY vendor ./vendor
-# some gemspec files of plugins require files in there, notably OpenProject::Version
-COPY lib ./lib
-
-RUN bundle install --quiet --deployment --path vendor/bundle --no-cache \
-  --with="$RAILS_GROUPS" --without="test development" --jobs=8 --retry=3 && \
-  rm -rf vendor/bundle/ruby/*/cache && rm -rf vendor/bundle/ruby/*/gems/*/spec && rm -rf vendor/bundle/ruby/*/gems/*/test
-
-# Finally, copy over the whole thing
-COPY . .
-
-RUN ./docker/prod/setup/postinstall.sh
-
-# Expose ports for apache and postgres
-EXPOSE 80 5432
-
-# Expose the postgres data directory and OpenProject data directory as volumes
-VOLUME ["$PGDATA", "$APP_DATA_PATH"]
-
-# Set a custom entrypoint to allow for privilege dropping and one-off commands
-ENTRYPOINT ["./docker/prod/entrypoint.sh"]
-
-# Set default command to launch the all-in-one configuration supervised by supervisord
-CMD ["./docker/prod/supervisord"]