22# check=error=true
33
44# Make sure RUBY_VERSION matches the Ruby version in .ruby-version
5- ARG RUBY_VERSION=4.0.1
5+ ARG RUBY_VERSION=4.0.2
66ARG BUNDLE_WITHOUT="development:test"
77ARG RAILS_ENV="production"
88FROM docker.io/library/ruby:$RUBY_VERSION-slim AS base
@@ -23,7 +23,8 @@ ENV RAILS_ENV="$RAILS_ENV" \
2323 NODE_ENV="production" \
2424 BUNDLE_WITHOUT="$BUNDLE_WITHOUT" \
2525 BUNDLE_DEPLOYMENT="1" \
26- BUNDLE_PATH="/usr/local/bundle"
26+ BUNDLE_PATH="/usr/local/bundle" \
27+ XDG_STATE_HOME="/rails/tmp"
2728
2829# Throw-away build stage to reduce size of final image
2930FROM base AS build
@@ -77,11 +78,6 @@ FROM base
7778COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
7879COPY --from=build /rails /rails
7980
80- # Run and own only the runtime files as a non-root user for security
81- RUN groupadd --system --gid 1000 rails && \
82- useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
83- chown -R rails:rails db log storage tmp
84-
8581# Generate and install self-signed TLS certificates at build time.
8682RUN apt-get update -qq && \
8783 apt-get install --no-install-recommends -y sudo && \
@@ -90,6 +86,11 @@ RUN apt-get update -qq && \
9086 apt-get autoremove -y && \
9187 rm -rf /var/lib/apt/lists /var/cache/apt/archives
9288
89+ # Run and own only the runtime files as a non-root user for security
90+ RUN groupadd --system --gid 1000 rails && \
91+ useradd rails --uid 1000 --gid 1000 --create-home --shell /bin/bash && \
92+ chown -R rails:rails db log storage tmp
93+
9394USER 1000:1000
9495
9596# Entrypoint prepares the database.
0 commit comments