Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There are a couple weird things in here:

    COPY drkiq/Gemfile Gemfile
    WORKDIR /opt/app/drkiq
    RUN bundle install
This appears to be leaving out copying Gemfile.lock so you have no real idea what versions of dependencies are being installed here. This is not safe. Also it's installing a bunch of dependencies that are not needed in production, a better bundle command would be something like: `RUN bundle install --no-cache --jobs 4 --without development test`

    RUN rails webpacker:install
    RUN rails assets:precompile
Why is `rails webpacker:install` being run here? This is very odd. As a general tip, I would also not compile assets as part of the docker build, but rather externally then only copy over the `public` directory afterward. This removes any need for `node` or any related development tools/packages in the production image.


Instead of compiling assets externally, you could do it in a multi stage docker build.


You can but I've not found the value in the complexity. The CI container image already requires node and all the needed dev packages for tests to run anyway so I just run the precompile in the CI container after tests pass then copy the resulting `public` directory into the production container.

This also means the same exact environment is used to generate the production assets that was used to generate them for test.


I've found it increases portability and makes it both easier to move between pipeline providers and debugging failed builds locally.


> This appears to be leaving out copying Gemfile.lock so you have no real idea what versions of dependencies are being installed here. This is not safe.

As someone who's only touched Ruby for a few years (and not even Ruby on Rails): I wouldn't have even known to look for a Gemfile.lock.

Perhaps the author doesn't know either.


> As someone who's only touched Ruby for a few years

Well... Gemfile.lock has nothing to do with rails and all to do with Bundler, but if you've never used Bundler for dependency management it's possible that it's new to you.

But Bundler (and the Gemfile and Gemfile.lock) are one of the core components of rails, they even get mentioned in the getting started page (https://guides.rubyonrails.org/getting_started.html).

I only have a couple of years of experience with rails and haven't touched it in 6 years, but I'd be very sceptical of any article that tries to teach how to build projects in rails and doesn't even get those basics right.


not really... you can specify a specific version of a gem in the Gemfile.

gem 'byebug', '1.1.0'


That doesn't help with transitive dependencies.


Yes you could do that for all your gems... Or you could just copy in Gemfile.lock. One of the big reasons to run in containers is repeatability and knowing if it runs in your local Docker fine it will run the same on another Docker like system.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: