[community-platform] add ability to load AWS Secrets

Closes: aptos-labs#933
serbangv · May 12, 2022 · e0ec46a · e0ec46a
1 parent 836bf9d
commit e0ec46a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 9 deletions.
diff --git a/ecosystem/platform/server/.dockerignore b/ecosystem/platform/server/.dockerignore
@@ -40,3 +40,5 @@
 
 # Never commit this dangerous file :-)
 .env
+
+/Dockerfile
diff --git a/ecosystem/platform/server/Dockerfile b/ecosystem/platform/server/Dockerfile
@@ -1,19 +1,28 @@
+# syntax=docker/dockerfile:1.4
+
+FROM golang:1.18.2-buster@sha256:72506be8130fd4c98a032a497db82234aaace7eb48a90aee161e821c767111f1 as aws-env
+
+# build aws-env which is used to inject load AWS Secrets as environment variables at init time.
+RUN git clone --depth=1 --branch v1.3.0 https://github.com/aptos-labs/aws-env src \
+    && cd src \
+    && CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -ldflags '-w -s' -o /aws-env && chmod +x /aws-env
+
 FROM ruby:3.1.2-slim
 
 RUN apt-get update -qq && apt-get install -yq --no-install-recommends \
-    build-essential \
-    gnupg2 \
-    less \
-    git \
-    libpq-dev \
-    postgresql-client \
+  build-essential \
+  gnupg2 \
+  less \
+  git \
+  libpq-dev \
+  postgresql-client \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 RUN gem update --system && gem install bundler
 
 WORKDIR /usr/src/app
 
-COPY Gemfile Gemfile.lock ./
+COPY --link Gemfile Gemfile.lock ./
 
 ENV RAILS_ENV production
 ENV RAILS_SERVE_STATIC_FILES true
@@ -23,7 +32,7 @@ RUN bundle config --global frozen 1
 RUN bundle config set --local without 'development test'
 RUN bundle install
 
-COPY . /usr/src/app
+COPY --link . /usr/src/app
 
 # this is a fake secret key just to get it to compile the assets
 ENV SECRET_KEY_BASE=18ff7d41b9da02d394434e2eb140611516707334b7d7a7e15cf8b567061f30e9400a82e61aa772b9e6ccb72853932769d03bbbb9d78f62333c8f7adb95cc727d
@@ -32,5 +41,8 @@ ENV SECRET_KEY_BASE=18ff7d41b9da02d394434e2eb140611516707334b7d7a7e15cf8b567061f
 # https://github.com/rails/tailwindcss-rails/issues/158
 RUN bundle exec rake assets:precompile && bundle exec rake assets:precompile
 
+COPY --link --from=aws-env /aws-env /aws-env
+
 EXPOSE 3000
-CMD ["bundle", "exec", "rails", "s", "-b", "0.0.0.0"]
+
+CMD ["aws-env", "exec", "--", "bundle", "exec", "rails", "s", "-b", "0.0.0.0"]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -40,3 +40,5 @@

		# Never commit this dangerous file :-)
		.env

		/Dockerfile