kevinsivic/dawarich
1
0
Fork 0
mirror of https://github.com/Freika/dawarich.git synced 2026-01-10 01:01:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
dawarich/docker/Dockerfile
ZeroKnight 4f87fb7220 fix(docker): app and sidekiq containers ignore signals 
Typically, when attempting to stop a container via `docker stop` or
`podman stop`, the container engine will send a stop signal (SIGTERM by
default) to the container's main process. There are two common ways this
can go wrong:

1. The main process is run as PID 1 and doesn't register a signal
   handler for the stop signal and is consequently ignored
2. The main process is a shell script running a foreground process with
   no `trap`s and is consequently ignored by the *shell*

In either case, because the graceful stop signal is ignored, the
container engine will then send a `SIGKILL` to the container process
after a default timeout of 10 seconds. This is why some containers can
be observed to "hang" when being stopped when they have no other reason
to do so. Unlike `SIGTERM` or `SIGINT`, `SIGKILL` is an immediate,
ungraceful stop that doesn't give the process time to clean up.

There is a fair bit of nuance in how `sh` and `bash` handle signals in
different circumstances. The behavior relevant to the second case above
and Dawarich's entrypoints in particular is that the shell ignores
signals like `SIGTERM` and `SIGINT` when waiting on a foreground job; in
this case, that would be: `bundle exec ${@}`. The reason that `SIGINT`
is not ignored after pressing `Ctrl+C` while running the docker compose
stack is because in that case the shell is **interactive** and the shell
*does* respond to `SIGINT` then (c.f. the aforementioned nuance).

Thankfully, the fix is simple: `exec` the main process, which causes the
server process to *replace* the shell process and directly receive any
signals sent. Additionally, the stop signal for the app process should
be set to `SIGINT`, as that is the expected signal for graceful
shutdown. Sidekiq is fine with either `SIGTERM` or `SIGINT`, which is
convenient.
2025-12-06 16:03:14 -08:00

85 lines
2.3 KiB
Docker
Raw Blame History

FROM ruby:3.4.6-slim
ARG RAILS_ENV=production
ENV APP_PATH=/var/app
ENV BUNDLE_VERSION=2.5.21
ENV BUNDLE_PATH=/usr/local/bundle/gems
ENV RAILS_LOG_TO_STDOUT=true
ENV RAILS_PORT=3000
RUN apt-get update -qq \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y -qq \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
curl \
wget \
build-essential \
git \
postgresql-client \
libpq-dev \
libxml2-dev \
libxslt-dev \
libyaml-dev \
libgeos-dev libgeos++-dev \
imagemagick \
tzdata \
less \
libjemalloc2 libjemalloc-dev \
cmake \
ca-certificates \
&& mkdir -p $APP_PATH \
&& rm -rf /var/lib/apt/lists/*
# Install Node.js from Debian repositories (supports all architectures including armv7)
RUN apt-get update -qq \
&& apt-get install -y nodejs npm \
&& npm install -g yarn \
&& rm -rf /var/lib/apt/lists/*
# Use jemalloc with check for architecture
RUN if [ "$(uname -m)" = "x86_64" ]; then \
echo "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" > /etc/ld.so.preload; \
else \
echo "/usr/lib/aarch64-linux-gnu/libjemalloc.so.2" > /etc/ld.so.preload; \
fi
# Enable YJIT
ENV RUBY_YJIT_ENABLE=1
# Update RubyGems and install Bundler
RUN gem update --system 3.6.9 \
&& gem install bundler --version "$BUNDLE_VERSION" \
&& rm -rf $GEM_HOME/cache/*
WORKDIR $APP_PATH
COPY ../Gemfile ../Gemfile.lock ../.ruby-version ../vendor ./
# Install production gems only
RUN bundle config set --local path 'vendor/bundle' \
&& bundle config set --local without 'development test' \
&& bundle install --jobs 4 --retry 3 \
&& rm -rf vendor/bundle/ruby/3.4.0/cache/*.gem
COPY ../. ./
# Precompile assets
RUN SECRET_KEY_BASE_DUMMY=1 bundle exec rake assets:precompile \
&& rm -rf node_modules tmp/cache
# Copy public directory to temp location for syncing with volume at runtime
# This allows new static files to be added to the persistent volume
RUN cp -r public /tmp/public_assets
# Copy entrypoint scripts and grant execution permissions
COPY ./docker/web-entrypoint.sh /usr/local/bin/web-entrypoint.sh
RUN chmod +x /usr/local/bin/web-entrypoint.sh
COPY ./docker/sidekiq-entrypoint.sh /usr/local/bin/sidekiq-entrypoint.sh
RUN chmod +x /usr/local/bin/sidekiq-entrypoint.sh
EXPOSE $RAILS_PORT
STOPSIGNAL SIGINT
ENTRYPOINT [ "bundle", "exec" ]
Reference in a new issue View git blame Copy permalink