Perl-Types
view release on metacpan or search on metacpan
ENV PERL_CPANM_OPT="--verbose --notest --skip-satisfied --local-lib=${LOCAL_LIB}"
# switch to non-root for all subsequent steps, except where specified
USER ${USER}
WORKDIR /app
# install local::lib & Dist::Zilla from CPAN
RUN cpanm local::lib Dist::Zilla
# copy minimal files first, for better Docker layer cache
COPY --chown=${UID}:${GID} debianfile cpanfile pythonfile rubyfile ./
# install project-specific Debian dependencies using `apt-get`,
# accepting as input our custom-named 'debianfile' Debian dependency specification file;
# use `test` to check if the 'debianfile' exists and is not empty;
# if the file is valid, then use `sed` to read its contents and filter out comments,
# use `xargs` to pass the package names to `apt-get` for installation, and
# clean up the apt cache to minimize the final Docker image size;
# run all commands as root then switch back to normal user
USER root
RUN test -s debianfile && sed 's/#.*//' debianfile | xargs apt-get install --no-install-recommends -y && rm -rf /var/lib/apt/lists/*
# Ruby is configured system-wide to install and find gems in '/app/ruby-gems', by setting this directory
# as the value of the "GEM_HOME" and "GEM_PATH" environment variables respectively;
# DEV NOTE: disable the 4 following lines if your project does not have any Ruby dependencies
ENV GEM_HOME=/app/ruby-gems
ENV GEM_PATH=/app/ruby-gems
RUN test -s rubyfile && gem install --file rubyfile
# if distributions were installed, the new path will exist; if not, the shell will simply ignore it
ENV PATH="/app/ruby-gems/bin:${PATH}"
# copy the rest of the project
COPY --chown=${UID}:${GID} . .
# switch to root user to copy & run the entrypoint script
USER root
# as root user, copy the entrypoint script from the repository into the Docker image
COPY docker/entrypoint_set_uid_gid_from_host.sh /usr/local/bin/entrypoint_set_uid_gid_from_host.sh
RUN chmod +x /usr/local/bin/entrypoint_set_uid_gid_from_host.sh
# use our special UID-and-GID-changing script as Docker image entrypoint;
# run a developer-friendly bash shell as the default command after entrypoint script finishes
docker/Dockerfile.app view on Meta::CPAN
ENV PERL_VERBOSE=1
ENV PERL_DEBUG=1
ENV PERL_WARNINGS=1
# build as the non-root user
USER ${USER}
WORKDIR /app
# copy project files in a cache-friendly order,
# with 'cpanfile' & 'dist.ini' first because they change less often than the rest of the tree
COPY --chown=${USER}:${USER} cpanfile dist.ini ./
# copy the rest of the project files
COPY --chown=${USER}:${USER} . .
# access the host's real (not fake) '.git' directory via a BuildKit bind mount,
# so Dist::Zilla's Git plugins can work properly during `dzil build`;
# use `git config` to mark '/app' directory as safe to be owned
# by a different UID than USER to avoid the following error...
# fatal: detected dubious ownership in repository at '/app';
# build the distribution and keep a copy in "BUILD_OUT" for GitLab CI to extract as artifact
RUN --mount=type=bind,from=gitctx,source=.git,target=/app/.git,readonly \
git config --global --add safe.directory /app && \
dzil build --in ${BUILD_OUT} && \
docker/entrypoint_set_uid_gid_from_host.sh view on Meta::CPAN
adduser -D -u "$uid" -G "$USER_NAME" "$USER_NAME" 2>/dev/null || true
fi
else
if [ "$uid" != "$cur_uid" ] && command -v usermod >/dev/null 2>&1; then
usermod -o -u "$uid" -g "$gid" "$USER_NAME" 2>/dev/null || true
fi
fi
# fix ownership of the user's home directory, so local::lib directory and caches remain writable
HOME_DIR="/home/$USER_NAME"
[ -d "$HOME_DIR" ] && chown -R "$uid:$gid" "$HOME_DIR" || true
# drop privileges and `exec`; use `gosu` if present, otherwise fallback to `su`
if command -v gosu >/dev/null 2>&1; then
# `gosu` does a clean setuid & exec: it replaces PID 1 with your target process;
# signals (e.g., "SIGTERM" from `docker stop`) reach your Perl application directly, with no extra wrapper process
exec gosu "$USER_NAME" "$@"
else
# `su` often spawns a child shell and then launches your command;
# you can end up with an extra layer that may interfere with signal delivery and shutdown behavior;
# signals and zombie reaping are not as robust as with `gosu`;
( run in 1.006 second using v1.01-cache-2.11-cpan-5511b514fd6 )