search

LearnersGuild / idm

identity management service
MIT License
2 stars 24 forks source link

codeship: fix `Dockerfile` so that `postinstall` runs properly #126

Open jeffreywescott opened 8 years ago

jeffreywescott commented 8 years ago

@jeffreywescott commented on Tue Aug 16 2016

There are a cascading set of issues with this:

  1. The Dockerfile runs npm install, but postinstall fails because it requires write permissions, and by default, npm runs scripts with UID set to nobody. We can fix this by running npm install with the unsafe-perms flag.
  2. However, to optimize the docker container build, rather than copying the whole repository to the container before running npm install, we just copy package.json to the container, then run npm install. But our postinstall script depends on some of the source code being available (like the scripts/createSymlinks module). We don't want to pre-copy the source code because then we lose Docker's automatic caching of the results of npm install, which is a huge time savings for building the container. To work around this, we could run npm install with the ignore-scripts flag set, then run postinstall only after we copy the source code over.
  3. BUT, we have an .npmrc file in our source code repository that depends on an NPM_AUTH_TOKEN variable being set, and right now, Codeship doesn't yet support the Docker Compose Version 2 syntax. From [the docs]:

Codeship does not yet support Docker Compose Version 2 syntax or Version 2-specific features such as build arguments. We are currently working on support for Compose features up to the latest version and will announce as soon as full support is available to all users.

Ideally, what we want is a Dockerfile that looks something like this:

FROM node:5.10
MAINTAINER jeffrey@learnersguild.org
WORKDIR /app
COPY package.json ./
RUN npm install --ignore-scripts
COPY . ./
ARG NPM_AUTH_TOKEN
RUN npm postinstall --unsafe-perms

... and a codeship-services.yml file that looks something like this:

app:
  build:
    image: learnersguild/idm-test
    dockerfile_path: Dockerfile
    args:
      - NPM_AUTH_TOKEN
  links:
    - rethinkdb
  encrypted_env_file: app.env.encrypted
  environment:
    - RETHINKDB_URL=rethinkdb://rethinkdb:28015/idm_test
rethinkdb:
  image: rethinkdb:2.3
herokudeployment:
  image: codeship/heroku-deployment
  encrypted_env_file: herokudeployment.env.encrypted
  volumes:
    - ./:/deploy
cache:
  image: rethinkdb:2.3
  image: codeship/heroku-deployment:latest

But we need to wait for Codeship.