don't install apt-get recommendations

.gitea/workflows/ci.yaml

@@ -85,9 +85,6 @@ jobs:
           printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
           printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 

Dockerfile

@@ -0,0 +1,42 @@
+ARG RUBY_VERSION="3.4.3"
+FROM ruby:${RUBY_VERSION} AS base
+
+WORKDIR /app
+
+RUN <<EOT
+  apt-get update
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+
+FROM base AS build
+
+RUN <<EOT
+  apt-get install --yes gcc make
+EOT
+
+COPY Gemfile* .
+
+RUN <<EOT
+  bundle config set --local without development
+  bundle install
+EOT
+
+
+FROM base
+
+ENV PORT=4567
+
+# RUN useradd ruby --home /app --shell /bin/sh
+RUN useradd --home /app --create-home app
+
+USER app:app
+
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
+
+EXPOSE 4567
+CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]

Gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
+gem "rackup"
 
 gem "anyflake"
 gem "ksuid"

Gemfile.lock

@@ -45,6 +45,8 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
     rainbow (3.1.1)
     rake (13.2.1)
     rbs (3.9.2)
@@ -136,6 +138,7 @@ DEPENDENCIES
   nanoid
   puma
   rack-test
+  rackup
   rake
   rspec
   ruby-lsp

app.rb

@@ -21,7 +21,7 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.2.1"
+VERSION = "0.1.4"
 
 CHUNK_SIZE = 1024**2
 SESSION_SECRET_HEX_LENGTH = 64

charts/kubernaut/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.1.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.1"
+appVersion: "0.1.4"

dockerfiles/alpine.Dockerfile

@@ -1,51 +1,43 @@
 ARG RUBY_VERSION="3.4.3"
-FROM docker.io/library/ruby:${RUBY_VERSION}-alpine AS base
+FROM ruby:${RUBY_VERSION}-alpine AS base
 
-WORKDIR /kubernaut
+WORKDIR /app
 
 RUN <<EOT
-  apk update -q
+  apk update
-  apk add bash jemalloc
-  rm -rf /var/cache/apk
   gem update --system --no-document
   gem install -N bundler
 EOT
 
-ENV RACK_ENV="production" \
-  BUNDLE_DEPLOYMENT=true \
-  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
+ENV BUNDLE_DEPLOYMENT=true \
+  BUNDLE_WITHOUT="development test"
+
 RUN <<EOT
   apk add musl-dev gcc make
-  rm -rf /var/cache/apk
 EOT
 
-COPY Gemfile Gemfile.lock ./
+COPY Gemfile* .
 
 RUN <<EOT
   bundle install
-  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 
-COPY . .
 
 FROM base
 
 ENV PORT=4567
 
-RUN <<EOT
+RUN adduser --home /app --disabled-password app
-  addgroup --system --gid 666 kubernaut
-  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
-EOT
 
-COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+USER app:app
-COPY --from=build /kubernaut /kubernaut
 
-USER kubernaut:kubernaut
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
 
 EXPOSE $PORT
-ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "puma" ]
-CMD [ "bundle", "exec", "puma" ]

dockerfiles/bookworm.Dockerfile

@@ -1,52 +1,44 @@
 ARG RUBY_VERSION="3.4.3"
-FROM docker.io/library/ruby:${RUBY_VERSION}-slim-bookworm AS base
+FROM ruby:${RUBY_VERSION}-slim-bookworm AS base
 
-WORKDIR /kubernaut
+WORKDIR /app
 
 RUN <<EOT
-  apt-get update -qq
+  apt-get update
-  apt-get install --yes --no-install-recommends libjemalloc2
-  rm -rf /var/lib/apt/lists /var/cache/apt/archives
   gem update --system --no-document
   gem install -N bundler
 EOT
 
-ENV RACK_ENV="production" \
-  BUNDLE_DEPLOYMENT=true \
-  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
+ENV BUNDLE_DEPLOYMENT=true \
+  BUNDLE_WITHOUT="development test"
+
 RUN <<EOT
-  apt-get update -qq
   apt-get install --yes --no-install-recommends gcc make libc-dev
-  rm -rf /var/lib/apt/lists /var/cache/apt/archives
 EOT
 
-COPY Gemfile Gemfile.lock ./
+COPY Gemfile* .
 
 RUN <<EOT
   bundle install
-  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 
-COPY . .
 
 FROM base
 
 ENV PORT=4567
 
-RUN <<EOT
+# RUN useradd ruby --home /app --shell /bin/sh
-  groupadd --system --gid 666 kubernaut
+RUN useradd --home /app --create-home app
-  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
-EOT
 
-COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+USER app:app
-COPY --from=build /kubernaut /kubernaut
 
-USER kubernaut:kubernaut
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
 
 EXPOSE $PORT
-ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "puma" ]
-CMD [ "bundle", "exec", "puma" ]

dockerfiles/entrypoint.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# output debugging info
-ruby --version
-printf "rubygems %s\n" "$(gem --version)"
-bundle version
-
-if [ -z "${LD_PRELOAD+x}" ]; then
-    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
-    export LD_PRELOAD
-fi
-
-exec "${@}"

kustomize/app/deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.1
+          image: git.kill0.net/ryanc/kubernaut:0.1.4
           imagePullPolicy: Always
           ports:
             - name: sinatra-web