Use new Dockerfile template, with images from hex.pm

This template is based on the Dockerfile that nowadays is generated with mix phx.gen.release, and make use of tagged images with well known versions, rather a rolling tag. Elixir and OTP version are explicitly set, and should be manually updated. Signed-off-by: Davide Bettio <davide.bettio@secomind.com>
edgehog-device-manager · Jul 12, 2023 · 9fdae68 · 9fdae68
1 parent 1777f71
commit 9fdae68
Show file tree

Hide file tree

Showing 12 changed files with 140 additions and 36 deletions.
diff --git a/backend/.dockerignore b/backend/.dockerignore
@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: 2023 SECO Mind Srl
+# SPDX-License-Identifier: CC0-1.0
+
+# This file excludes paths from the Docker build context.
+#
+# By default, Docker's build context includes all files (and folders) in the
+# current directory. Even if a file isn't copied into the container it is still sent to
+# the Docker daemon.
+#
+# There are multiple reasons to exclude files from the build context:
+#
+# 1. Prevent nested folders from being copied into the container (ex: exclude
+# /assets/node_modules when copying /assets)
+# 2. Reduce the size of the build context and improve build time (ex. /build, /deps, /doc)
+# 3. Avoid sending files containing sensitive information
+#
+# More information on using .dockerignore is available here:
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+.dockerignore
+
+# Ignore git, but keep git HEAD and refs to access current commit hash if needed:
+#
+# $ cat .git/HEAD | awk '{print ".git/"$2}' | xargs cat
+# d0b8727759e1e0e7aa3d41707d12376e373d5ecc
+.git
+!.git/HEAD
+!.git/refs
+
+# Common development/test artifacts
+/cover/
+/doc/
+/test/
+/tmp/
+.elixir_ls
+
+# Mix artifacts
+/_build/
+/deps/
+*.ez
+
+# Generated on crash by the VM
+erl_crash.dump
+
+# Static artifacts - These should be fetched and built inside the Docker image
+/assets/node_modules/
+/priv/static/assets/
+/priv/static/cache_manifest.json
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -1,7 +1,7 @@
 #
 # This file is part of Edgehog.
 #
-# Copyright 2021 SECO Mind Srl
+# Copyright 2021-2023 SECO Mind Srl
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,49 +18,87 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-FROM elixir:1.15.0 as builder
+# Find eligible builder and runner images on Docker Hub. We use Ubuntu/Debian
+# instead of Alpine to avoid DNS resolution issues in production.
+#
+# https://hub.docker.com/r/hexpm/elixir/tags?page=1&name=ubuntu
+# https://hub.docker.com/_/ubuntu?tab=tags
+#
+# This file is based on these images:
+#
+# - https://hub.docker.com/r/hexpm/elixir/tags - for the build image
+# - https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye-20230612-slim - for the release image
+# - https://pkgs.org/ - resource for finding needed packages
+# - Ex: hexpm/elixir:1.15.0-erlang-26.0.2-debian-bullseye-20230612-slim
+#
+ARG ELIXIR_VERSION=1.15.0
+ARG OTP_VERSION=26.0.2
+ARG DEBIAN_VERSION=bullseye-20230612-slim
+
+ARG BUILDER_IMAGE="hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}"
+ARG RUNNER_IMAGE="debian:${DEBIAN_VERSION}"
+
+FROM ${BUILDER_IMAGE} as builder
 
+# install build dependencies
+RUN apt-get update -y && apt-get install -y build-essential git \
+ && apt-get clean && rm -f /var/lib/apt/lists/*_*
+
+# prepare build dir
 WORKDIR /app
 
-# Install hex
+# install hex + rebar
 RUN mix local.hex --force && \
- mix local.rebar --force && \
- mix hex.info
+ mix hex.info && \
+ mix local.rebar --force
 
-# Pass --build-arg BUILD_ENV=dev to build a dev image
-ARG BUILD_ENV=prod
+# set build ENV
+ENV MIX_ENV="prod"
 
-ENV MIX_ENV=$BUILD_ENV
+# install mix dependencies
+COPY mix.exs mix.lock ./
+RUN mix deps.get --only $MIX_ENV
+RUN mkdir config
 
-# Cache elixir deps
-ADD mix.exs mix.lock ./
-ADD config config
-RUN mix do deps.get --only $MIX_ENV, deps.compile
+# copy compile-time config files before we compile dependencies
+# to ensure any relevant config change will trigger the dependencies
+# to be re-compiled.
+COPY config/config.exs config/${MIX_ENV}.exs config/
+RUN mix deps.compile
 
-ADD priv priv
+COPY priv priv
 
-# Add the actual code
-ADD lib lib
-RUN mix do compile, release
+# Compile the release
+COPY lib lib
 
-# Note: it is important to keep Debian versions in sync, or incompatibilities between libcrypto will happen
-FROM debian:bullseye-slim
+RUN mix compile
 
-WORKDIR /app
+# Changes to config/runtime.exs don't require recompiling the code
+COPY config/runtime.exs config/
+
+COPY rel rel
+RUN mix release
 
-RUN apt-get -qq update
+# start a new build stage so that the final image will only contain
+# the compiled release and other runtime necessities
+FROM ${RUNNER_IMAGE}
+
+RUN apt-get update -y && apt-get install -y libstdc++6 openssl libncurses5 locales \
+ && apt-get clean && rm -f /var/lib/apt/lists/*_*
 
 # Set the locale
-ENV LANG C.UTF-8
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
 
-# We need SSL
-RUN apt-get -qq install libssl1.1
+WORKDIR "/app"
+RUN chown nobody /app
 
-# We have to redefine this here since it goes out of scope for each build stage
-ARG BUILD_ENV=prod
+# Only copy the final release from the build stage
+COPY --from=builder --chown=nobody:root /app/_build/prod/rel/edgehog ./
 
-COPY --from=builder /app/_build/$BUILD_ENV/rel/edgehog .
-COPY entrypoint.sh .
+USER nobody
 
-ENTRYPOINT ["/bin/bash", "entrypoint.sh"]
-CMD ["start"]
+CMD ["/app/bin/server"]
diff --git a/backend/entrypoint.sh b/backend/entrypoint.sh
diff --git a/backend/lib/release.ex → backend/lib/edgehog/release.ex b/backend/lib/release.ex → backend/lib/edgehog/release.ex
diff --git a/backend/rel/overlays/bin/migrate b/backend/rel/overlays/bin/migrate
@@ -0,0 +1,3 @@
+#!/bin/sh
+cd -P -- "$(dirname -- "$0")"
+exec ./edgehog eval Edgehog.Release.migrate
diff --git a/backend/rel/overlays/bin/migrate.bat b/backend/rel/overlays/bin/migrate.bat
@@ -0,0 +1 @@
+call "%~dp0\edgehog" eval Edgehog.Release.migrate
diff --git a/backend/rel/overlays/bin/migrate.bat.license b/backend/rel/overlays/bin/migrate.bat.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021-2023 SECO Mind Srl
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/backend/rel/overlays/bin/migrate.license b/backend/rel/overlays/bin/migrate.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021-2023 SECO Mind Srl
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/backend/rel/overlays/bin/server b/backend/rel/overlays/bin/server
@@ -0,0 +1,6 @@
+#!/bin/sh
+cd -P -- "$(dirname -- "$0")"
+
+exec ./edgehog eval Edgehog.Release.migrate || exit 1
+
+PHX_SERVER=true exec ./edgehog start
diff --git a/backend/rel/overlays/bin/server.bat b/backend/rel/overlays/bin/server.bat
@@ -0,0 +1,3 @@
+set PHX_SERVER=true
+call "%~dp0\edgehog" eval Edgehog.Release.migrate
+call "%~dp0\edgehog" start
diff --git a/backend/rel/overlays/bin/server.bat.license b/backend/rel/overlays/bin/server.bat.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021-2023 SECO Mind Srl
+
+SPDX-License-Identifier: Apache-2.0
diff --git a/backend/rel/overlays/bin/server.license b/backend/rel/overlays/bin/server.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2021-2023 SECO Mind Srl
+
+SPDX-License-Identifier: Apache-2.0