docker_ruby - robjcook/sync GitHub Wiki

# Use the official Ruby 3.0.0 Alpine image as the base
FROM ruby:3.0.0-alpine

# Set the working directory inside the container
WORKDIR /app

# 1. Install necessary dependencies for building gems and for SSL certificate management
#    ca-certificates is crucial for managing system-wide trust store.
RUN apk add --no-cache \
    build-base \
    libxml2-dev \
    libxslt-dev \
    nodejs \
    yarn \
    sqlite-dev \
    postgresql-client \
    mysql-client \
    git \
    tzdata \
    ca-certificates \
    openssl # openssl is often already part of the base, but ensures it's there

# 2. Copy the SSL certificate into the Docker image
#    Place your certificate file in the same directory as your Dockerfile.
#    You'll need to know the name of your certificate file (e.g., nexus-ca.crt or your_org_root.pem)
COPY nexus-ca.crt /usr/local/share/ca-certificates/nexus-ca.crt

# 3. Update the system's CA certificate store
#    This command adds your certificate to the list of trusted certificates on Alpine.
RUN update-ca-certificates

# 4. (Optional but recommended) Configure Bundler to use the system's CA bundle
#    This ensures Bundler explicitly trusts the system-wide certificates.
#    Alternatively, you can specify the path directly.
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

# 5. Add your private Nexus registry source to Bundler's configuration
#    This makes it so you don't have to include the full URL in your Gemfile
#    Replace 'https://your-nexus-host/repository/rubygems-private/' with your actual Nexus URL.
#    The `bundle config set` command is a good way to persist this.
#    Using '--local' would write to .bundle/config, which you'd then COPY.
#    Using '--global' writes to ~/.bundle/config.
#    For Docker builds, it's often easiest to configure this at build time via environment variable
#    or by explicitly setting it in the Dockerfile which will apply globally for the user.
RUN bundle config mirror.https://rubygems.org https://your-nexus-host/repository/rubygems-proxy/ && \
    bundle config https://your-nexus-host/repository/rubygems-private/

# If your Nexus requires authentication, you can pass credentials securely:
# 6. (Optional) Set up authentication for your private Nexus registry
#    NEVER hardcode credentials directly in your Dockerfile.
#    Instead, use ARG/ENV from build arguments or secrets if using Docker Compose/Swarm.
ARG NEXUS_USERNAME
ARG NEXUS_PASSWORD
RUN bundle config "https://your-nexus-host/repository/rubygems-private/" "${NEXUS_USERNAME}:${NEXUS_PASSWORD}"

# Copy Gemfile and Gemfile.lock (after system dependencies and certs are set up)
COPY Gemfile Gemfile.lock ./

# Install the gems using the configured sources
RUN bundle install --jobs $(nproc) --retry 3

# Copy the rest of the application code
COPY . .

# Expose the port your application will run on
EXPOSE 3000

# Define the default command to run when the container starts
CMD ["bundle", "exec", "rails", "server", "-b", "0.0.0.0"]