Skip to content

Commit 3060355

Browse files
tgxworldtgxworld
committed
WIP: Consolidate layers
1 parent b2dab18 commit 3060355

File tree

1 file changed

+106
-108
lines changed

1 file changed

+106
-108
lines changed

image/base/slim.Dockerfile

Lines changed: 106 additions & 108 deletions
Original file line numberDiff line numberDiff line change
@@ -8,126 +8,124 @@ ARG DEBIAN_RELEASE
88
ENV PG_MAJOR=13 \
99
RUBY_ALLOCATOR=/usr/lib/libjemalloc.so \
1010
LEFTHOOK=0 \
11-
DEBIAN_RELEASE=${DEBIAN_RELEASE}
11+
DEBIAN_RELEASE=${DEBIAN_RELEASE} \
12+
LC_ALL=en_US.UTF-8 \
13+
LANG=en_US.UTF-8 \
14+
LANGUAGE=en_US.UTF-8
1215

1316
#LABEL maintainer="Sam Saffron \"https://twitter.com/samsaffron\""
1417

15-
# Ensures that the gid and uid of the following users are consistent to avoid permission issues on directories in the
16-
# mounted volumes.
17-
RUN groupadd --gid 104 postgres &&\
18-
useradd --uid 101 --gid 104 --home /var/lib/postgresql --shell /bin/bash -c "PostgreSQL administrator,,," postgres &&\
19-
groupadd --gid 106 redis &&\
20-
useradd --uid 103 --gid 106 --home /var/lib/redis --shell /usr/sbin/nologin redis &&\
21-
groupadd --gid 1000 discourse &&\
22-
useradd --uid 1000 --gid 1000 -m --shell /bin/bash discourse
23-
24-
RUN echo 2.0.`date +%Y%m%d` > /VERSION
25-
RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"
26-
RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
27-
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
28-
RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true"
29-
RUN apt-mark hold initscripts
30-
RUN apt-get -y upgrade
31-
32-
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales locales-all
33-
ENV LC_ALL en_US.UTF-8
34-
ENV LANG en_US.UTF-8
35-
ENV LANGUAGE en_US.UTF-8
36-
37-
RUN install -d /usr/share/postgresql-common/pgdg &&\
38-
curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
39-
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list
40-
41-
RUN curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
42-
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
43-
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
44-
RUN apt-get -y update
45-
# install these without recommends to avoid pulling in e.g.
46-
# X11 libraries, mailutils
47-
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
48-
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install autoconf build-essential ca-certificates rsync \
49-
libxslt-dev libcurl4-openssl-dev \
50-
libssl-dev libyaml-dev libtool \
51-
libpcre3 libpcre3-dev zlib1g zlib1g-dev \
52-
libxml2-dev gawk parallel \
53-
postgresql-${PG_MAJOR} postgresql-client \
54-
postgresql-contrib-${PG_MAJOR} libpq-dev postgresql-${PG_MAJOR}-pgvector \
55-
libreadline-dev anacron wget \
56-
psmisc whois brotli libunwind-dev \
57-
libtcmalloc-minimal4 cmake \
58-
pngcrush pngquant ripgrep poppler-utils
59-
RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron
60-
RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
61-
RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf
62-
RUN dpkg-divert --local --rename --add /sbin/initctl
63-
RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"
64-
RUN cd / &&\
65-
DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat &&\
66-
mkdir -p /etc/runit/1.d &&\
67-
apt-get clean &&\
68-
rm -f /etc/apt/apt.conf.d/40proxy &&\
69-
locale-gen en_US &&\
70-
DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn &&\
71-
npm install -g terser uglify-js pnpm
72-
7318
ADD install-imagemagick /tmp/install-imagemagick
74-
RUN /tmp/install-imagemagick
75-
7619
ADD install-jemalloc /tmp/install-jemalloc
77-
RUN /tmp/install-jemalloc
78-
7920
# From https://nginx.org/en/pgp_keys.html
8021
ADD nginx_public_keys.key /tmp/nginx_public_keys.key
8122
ADD install-nginx /tmp/install-nginx
82-
83-
RUN gpg --import /tmp/nginx_public_keys.key &&\
84-
rm /tmp/nginx_public_keys.key &&\
85-
/tmp/install-nginx
86-
87-
ADD install-redis /tmp/install-redis
88-
RUN /tmp/install-redis
89-
9023
ADD install-oxipng /tmp/install-oxipng
91-
RUN /tmp/install-oxipng
92-
93-
RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
94-
gem update --system
95-
96-
RUN gem install pups --force &&\
97-
mkdir -p /pups/bin/ &&\
98-
ln -s /usr/local/bin/pups /pups/bin/pups
99-
24+
ADD install-redis /tmp/install-redis
10025
# This tool allows us to disable huge page support for our current process
10126
# since the flag is preserved through forks and execs it can be used on any
10227
# process
10328
ADD thpoff.c /src/thpoff.c
104-
RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c
10529

106-
# clean up for docker squash
107-
RUN rm -fr /usr/share/man &&\
108-
rm -fr /usr/share/doc &&\
109-
rm -fr /usr/share/vim/vim74/doc &&\
110-
rm -fr /usr/share/vim/vim74/lang &&\
111-
rm -fr /usr/share/vim/vim74/spell/en* &&\
112-
rm -fr /usr/share/vim/vim74/tutor &&\
113-
rm -fr /usr/local/share/doc &&\
114-
rm -fr /usr/local/share/ri &&\
115-
rm -fr /var/lib/apt/lists/* &&\
116-
rm -fr /root/.gem &&\
117-
rm -fr /root/.npm &&\
118-
rm -fr /tmp/*
119-
120-
# this can probably be done, but I worry that people changing PG locales will have issues
121-
# cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`
122-
123-
# this is required for aarch64 which uses buildx
124-
# see https://github.com/docker/buildx/issues/150
125-
RUN rm -f /etc/service
126-
127-
COPY etc/ /etc
30+
RUN set -eux; \
31+
# Ensures that the gid and uid of the following users are consistent to avoid permission issues on directories in the
32+
# mounted volumes.
33+
groupadd --gid 104 postgres; \
34+
useradd --uid 101 --gid 104 --home /var/lib/postgresql --shell /bin/bash -c "PostgreSQL administrator,,," postgres; \
35+
groupadd --gid 106 redis; \
36+
useradd --uid 103 --gid 106 --home /var/lib/redis --shell /usr/sbin/nologin redis; \
37+
groupadd --gid 1000 discourse; \
38+
useradd --uid 1000 --gid 1000 -m --shell /bin/bash discourse; \
39+
\
40+
echo 2.0.`date +%Y%m%d` > /VERSION; \
41+
echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"; \
42+
echo "debconf debconf/frontend select Teletype" | debconf-set-selections; \
43+
apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping; \
44+
sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true"; \
45+
apt-mark hold initscripts; \
46+
apt-get -y upgrade; \
47+
\
48+
DEBIAN_FRONTEND=noninteractive apt-get install -y locales locales-all; \
49+
install -d /usr/share/postgresql-common/pgdg; \
50+
curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc; \
51+
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
52+
curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -; \
53+
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -; \
54+
echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list; \
55+
apt-get -y update; \
56+
\
57+
# install these without recommends to avoid pulling in e.g.
58+
# X11 libraries, mailutils
59+
DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less; \
60+
DEBIAN_FRONTEND=noninteractive apt-get -y install ca-certificates rsync \
61+
libxslt-dev libcurl4-openssl-dev \
62+
libssl-dev libyaml-dev libtool \
63+
libpcre3 libpcre3-dev zlib1g zlib1g-dev \
64+
libxml2-dev gawk parallel \
65+
postgresql-${PG_MAJOR} postgresql-client \
66+
postgresql-contrib-${PG_MAJOR} libpq-dev postgresql-${PG_MAJOR}-pgvector \
67+
libreadline-dev anacron wget \
68+
psmisc whois brotli libunwind-dev \
69+
libtcmalloc-minimal4 cmake \
70+
pngcrush pngquant ripgrep poppler-utils; \
71+
\
72+
sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron; \
73+
sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf; \
74+
sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf; \
75+
dpkg-divert --local --rename --add /sbin/initctl; \
76+
sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"; \
77+
DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat; \
78+
mkdir -p /etc/runit/1.d; \
79+
rm -f /etc/apt/apt.conf.d/40proxy; \
80+
locale-gen en_US; \
81+
DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn; \
82+
npm install -g terser uglify-js pnpm; \
83+
\
84+
# Installs ImageMagick
85+
/tmp/install-imagemagick; \
86+
# Installs JeMalloc
87+
/tmp/install-jemalloc; \
88+
\
89+
# Installs Nginx
90+
gpg --import /tmp/nginx_public_keys.key; \
91+
rm /tmp/nginx_public_keys.key; \
92+
/tmp/install-nginx; \
93+
# Installs Redis
94+
/tmp/install-redis; \
95+
# Installs Oxipng
96+
/tmp/install-oxipng; \
97+
echo 'gem: --no-document' >> /usr/local/etc/gemrc; \
98+
gem update --system; \
99+
gem install pups --force; \
100+
mkdir -p /pups/bin/; \
101+
ln -s /usr/local/bin/pups /pups/bin/pups; \
102+
gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c; \
103+
\
104+
# Discourse specific bits
105+
install -dm 0755 -o discourse -g discourse /var/www/discourse; \
106+
sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse; \
107+
gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' /var/www/discourse/Gemfile.lock); \
108+
\
109+
# Clean up
110+
rm -fr /usr/share/man; \
111+
rm -fr /usr/share/doc; \
112+
rm -fr /usr/share/vim/vim74/doc; \
113+
rm -fr /usr/share/vim/vim74/lang; \
114+
rm -fr /usr/share/vim/vim74/spell/en*; \
115+
rm -fr /usr/share/vim/vim74/tutor; \
116+
rm -fr /usr/local/share/doc; \
117+
rm -fr /usr/local/share/ri; \
118+
rm -fr /var/lib/apt/lists/*; \
119+
rm -fr /root/.gem; \
120+
rm -fr /root/.npm; \
121+
rm -fr /tmp/*; \
122+
apt purge -y gcc g++ make cmake autoconf automake libtool wget curl; \
123+
apt purge -y --auto-remove; \
124+
apt-get clean; \
125+
\
126+
# this is required for aarch64 which uses buildx
127+
# see https://github.com/docker/buildx/issues/150
128+
rm -f /etc/services; \
129+
130+
COPY etc/ /etc
128131
COPY sbin/ /sbin
129-
130-
# Discourse specific bits
131-
RUN install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
132-
sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse &&\
133-
gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' /var/www/discourse/Gemfile.lock)

0 commit comments

Comments
 (0)