invidious/docker/Dockerfile
Leon Klingele ea39bb4334
docker: various improvements to Dockerfile
This includes the following changes:

- Use multi-stage build to run application in an optimized environment, see
  https://docs.docker.com/develop/develop-images/multistage-build/
- Run application on alpine instead of archlinux to further reduce image size
- Build Crystal application with --release for improved runtime performance
- Run application as non-root user for better security, see
  https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
- Only rebuild Docker layers when required
2019-08-04 11:21:32 +02:00

28 lines
1,013 B
Docker
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

FROM alpine:latest AS builder
RUN apk add -u crystal shards libc-dev \
yaml-dev libxml2-dev sqlite-dev sqlite-static zlib-dev openssl-dev
WORKDIR /invidious
COPY ./shard.yml ./shard.yml
RUN shards update && shards install
COPY ./src/ ./src/
# TODO: .git folder is required for building this is destructive.
# See definition of CURRENT_BRANCH, CURRENT_COMMIT and CURRENT_VERSION.
COPY ./.git/ ./.git/
RUN crystal build --static --release \
# TODO: Remove next line, see https://github.com/crystal-lang/crystal/issues/7946
-Dmusl \
./src/invidious.cr
FROM alpine:latest
RUN apk add -u imagemagick ttf-opensans
WORKDIR /invidious
RUN addgroup -g 1000 -S invidious && \
adduser -u 1000 -S invidious -G invidious
COPY ./assets/ ./assets/
COPY ./config/config.yml ./config/config.yml
COPY ./config/sql/ ./config/sql/
COPY ./locales/ ./locales/
RUN sed -i 's/host: localhost/host: postgres/' config/config.yml
COPY --from=builder /invidious/invidious .
USER invidious
CMD [ "/invidious/invidious" ]