From fbe9c2c82695cf686ad3976e75b0db84bfaafd82 Mon Sep 17 00:00:00 2001 From: Aethrexal Date: Tue, 5 Nov 2024 16:28:37 +0100 Subject: [PATCH] Docker --- .github/workflows/docker-publish.yml | 96 ++++++++++++++++++++++++++++ .github/workflows/release.yml | 47 -------------- Dockerfile | 43 +++++++++++++ buildImage.sh | 8 ++- buildpack.toml | 3 - 5 files changed, 146 insertions(+), 51 deletions(-) create mode 100644 .github/workflows/docker-publish.yml delete mode 100644 .github/workflows/release.yml create mode 100644 Dockerfile delete mode 100644 buildpack.toml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..3d359c6 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,96 @@ +name: Docker + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + #schedule: + # - cron: "32 8 * * *" + push: + branches: ["main"] + # Publish semver tags as releases. + tags: ["*.*.*"] + pull_request: + branches: ["main"] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: docker.io + # github.repository as / + IMAGE_NAME: metra + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + # This is used to complete the identity challenge + # with sigstore/fulcio when running outside of PRs. + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + # Install the cosign tool except on PR + # https://github.com/sigstore/cosign-installer + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0 + with: + cosign-release: "v2.2.4" + + # Set up BuildKit Docker container builder to be able to build + # multi-platform images and export cache + # https://github.com/docker/setup-buildx-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + + # Login against a Docker registry except on PR + # https://github.com/docker/login-action + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_PASS }} + + # Extract metadata (tags, labels) for Docker + # https://github.com/docker/metadata-action + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # Build and push Docker image with Buildx (don't push on PR) + # https://github.com/docker/build-push-action + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # Sign the resulting Docker image digest except on PRs. + # This will only write to the public Rekor transparency log when the Docker + # repository is public to avoid leaking data. If you would like to publish + # transparency data even for private images, pass --force to cosign below. + # https://github.com/sigstore/cosign + - name: Sign the published Docker image + if: ${{ github.event_name != 'pull_request' }} + env: + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable + TAGS: ${{ steps.meta.outputs.tags }} + DIGEST: ${{ steps.build-and-push.outputs.digest }} + # This step uses the identity token to provision an ephemeral certificate + # against the sigstore community Fulcio instance. + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index f573ed7..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Release - -on: - push: - branches: - - main - -jobs: - register: - name: Package, Publish, and Register - runs-on: - - ubuntu-latest - steps: - - id: checkout - uses: actions/checkout@v3 - - if: ${{ github.event_name != 'pull_request' || ! github.event.pull_request.head.repo.fork }} - uses: docker/login-action@v1 - with: - registry: docker.io - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_PASS }} - - id: setup-tools - uses: buildpacks/github-actions/setup-tools@v5.1.0 - - id: setup-pack - uses: buildpacks/github-actions/setup-pack@v5.1.0 - - id: package - run: | - #!/usr/bin/env bash - set -euo pipefail - BP_ID="$(cat buildpack.toml | yj -t | jq -r .buildpack.id)" - VERSION="$(cat buildpack.toml | yj -t | jq -r .buildpack.version)" - PACKAGE="${REPO}/$(echo "$BP_ID" | sed 's/\//_/g')" - pack buildpack package --publish ${PACKAGE}:${VERSION} - DIGEST="$(crane digest ${PACKAGE}:${VERSION})" - echo "bp_id=$BP_ID" >> "$GITHUB_OUTPUT" - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - echo "address=${PACKAGE}@${DIGEST}" >> "$GITHUB_OUTPUT" - shell: bash - env: - REPO: docker.io/${{ secrets.DOCKER_HUB_USER }} - - id: register - uses: docker://ghcr.io/buildpacks/actions/registry/request-add-entry:5.1.0 - with: - token: ${{ secrets.PUBLIC_REPO_TOKEN }} - id: ${{ steps.package.outputs.bp_id }} - version: ${{ steps.package.outputs.version }} - address: ${{ steps.package.outputs.address }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e845695 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,43 @@ +ARG NODE_VERSION=23.1.0 + +# Create build stage +FROM node:${NODE_VERSION}-slim AS build + +# Enable npm +ENV NPM_HOME="/npm" +ENV PATH="$NPM_HOME:$PATH" +RUN corepack enable + +# Set the working directory inside the container +WORKDIR /app + +# Copy package.json and pnpm-lock.yaml files to the working directory +COPY ./package.json /app/ + +## Install dependencies +RUN npm install --shamefully-hoist + +# Copy the rest of the application files to the working directory +COPY . ./ + +# Build the application +RUN npm run build + +# Create a new stage for the production image +FROM node:${NODE_VERSION}-slim + +# Set the working directory inside the container +WORKDIR /app + +# Copy the output from the build stage to the working directory +COPY --from=build /app/.output ./ + +# Define environment variables +ENV HOST=0.0.0.0 NODE_ENV=production +ENV NODE_ENV=production + +# Expose the port the application will run on +EXPOSE 3000 + +# Start the application +CMD ["node","/app/server/index.mjs"] diff --git a/buildImage.sh b/buildImage.sh index 9ae1177..c9cfb19 100644 --- a/buildImage.sh +++ b/buildImage.sh @@ -1 +1,7 @@ -pack build metra --path . --clear-cache --tag "ghcr.io/aethrexal/metra:$1" --builder heroku/builder:24 +if [ -z "$1" ]; then + echo "Error: Argument is empty" + exit 1 +fi + + +docker build -t metrea:"$1" . diff --git a/buildpack.toml b/buildpack.toml deleted file mode 100644 index 390062c..0000000 --- a/buildpack.toml +++ /dev/null @@ -1,3 +0,0 @@ -[buildpack] -id = "aethrexal/metra" -version = "0.0.1"