kbase · jsfillman · Jun 26, 2023 · Jun 26, 2023 · Jun 26, 2023 · Jun 26, 2023
diff --git a/.env b/.env
@@ -1,7 +1,7 @@
 # Base URL path for the enviroment
 PUBLIC_URL = '/dev/'
 
-REACT_APP_KBASE_ENV=ci-europa
+# Domain of enviroment for build
 REACT_APP_KBASE_DOMAIN=ci-europa.kbase.us
 # The following must be a subdomain of REACT_APP_KBASE_DOMAIN
 REACT_APP_KBASE_LEGACY_DOMAIN=legacy.ci-europa.kbase.us

diff --git a/.eslintignore b/.eslintignore
@@ -1,3 +1,4 @@
 build
 coverage
 node_modules
+deploy
diff --git a/.github/workflows/build_and_push.yml b/.github/workflows/build_and_push.yml
@@ -1,176 +1,48 @@
-name: Build and Push Images
+# This is a basic workflow to help you get started with Actions
 
+name: Build and Push to static-content
+
+# Controls when the workflow will run
 on:
-  pull_request:
-    branches:
-      - develop
-      - main
-      - master
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - closed
-    inputs:
-      name:
-        description: The image name
-        required: true
-        type: string
-      tags:
-        description: The image tags
-        required: true
-        type: string
+  # Triggers the workflow on push or pull request events but only for the main branch
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  build-artifacts:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - name: Checkout Repository
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - name: Checkout Repo
         uses: actions/checkout@v2
-      - name: Set up Node.js
+
+      - name: Install proper Node
         uses: actions/setup-node@v2
         with:
           node-version: '16'
-      - name: Get current date
-        id: date
-        run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+
       - name: Run build
         env:
           PUBLIC_URL: '/'
           REACT_APP_AUTH_SERIVCE_URL: 'https://ci-europa.kbase.us/services/auth'
         run: npm install && npm run build
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to GHCR
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          # note that the calling workflow must set `secrets: inherit`
-          username: '${{ secrets.GHCR_USERNAME }}'
-          password: '${{ secrets.GHCR_TOKEN }}'
-      - name: Create github action tags from image tags
-        id: tags
-        uses: actions/github-script@v6
-        with:
-          result-encoding: string
-          script: |
-            const tags = '${{ inputs.tags }}'.split(',');
-            const username = '${{ github.event.repository.owner.login }}';
-            const repoName = '${{ inputs.name }}';
-            return tags.map((tag) => {
-              return `ghcr.io/kbase/static-ui:${tag}`;
-            }).join(',');
-      - name: Build and push
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          file: ./Dockerfile
-          pull: true
-          push: true
-          build-args: |
-            BUILD_DATE=${{ steps.date.outputs.date }}
-            VCS_REF=${{ github.sha }}
-            BRANCH='${{ github.ref }}'
-            TAG='${{ github.ref }}'
-          tags: '${{ steps.tags.outputs.result }}'
-
-### Cruft
-#
-#      - name: Upload Artifact
-#        uses: actions/upload-artifact@v3
-#        with:
-#          name: static-ui-build
-#          path: build/
-#  build-develop-open:
-#    if: github.base_ref == 'develop' && github.event.pull_request.merged == false
-#    runs-on: ubuntu-latest
-#    needs: build-artifacts
-#    steps:
-#      - name: Download Artifact
-#        uses: actions/download-artifact@v3
-#        with:
-#          name: static-ui-build
-#          path: build
-#      - name: Set up Docker Buildx
-#        uses: docker/setup-buildx-action@v2
-#      - name: Show build directory contents
-#        run: |
-#         ls -la ./
-#      - name: Show parent directory contents
-#        run: |
-#         ls -la ../
-#      - name: Build without push
-#        uses: docker/build-push-action@v2
-#        with:
-#          context: .
-#          dockerfile: ./Dockerfile  # Specify the path to your Dockerfile
-#          push: false
-#  build-develop-merge:
-#    if: github.base_ref == 'develop' && github.event.pull_request.merged == true
-#    runs-on: ubuntu-latest
-#    needs: build-artifacts
-#    steps:
-#      - name: Download Artifact
-#        uses: actions/download-artifact@v3
-#        with:
-#          name: static-ui-build
-#          path: build
-#      - name: Get current date
-#        id: date
-#        run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-#      - name: Set up Docker Buildx
-#        uses: docker/setup-buildx-action@v1
-#      - name: Login to GHCR
-#        uses: docker/login-action@v2
-#        with:
-#          registry: ghcr.io
-#          # note that the calling workflow must set `secrets: inherit`
-#          username: '${{ secrets.GHCR_USERNAME }}'
-#          password: '${{ secrets.GHCR_TOKEN }}'
-#      - name: Create github action tags from image tags
-#        id: tags
-#        uses: actions/github-script@v6
-#        with:
-#          result-encoding: string
-#          script: |
-#            const tags = '${{ inputs.tags }}'.split(',');
-#            const username = '${{ github.event.repository.owner.login }}';
-#            const repoName = '${{ inputs.name }}';
-#            return tags.map((tag) => {
-#              return `ghcr.io/${username}/${repoName}:${tag}`;
-#            }).join(',');
-#      - name: Build and push
-#        uses: docker/build-push-action@v3
-#        with:
-#          context: .
-#          file: ./Dockerfile
-#          pull: true
-#          push: true
-#          build-args: |
-#            BUILD_DATE=${{ steps.date.outputs.date }}
-#            VCS_REF=${{ github.sha }}
-#            BRANCH='${{ github.ref }}'
-#            TAG='${{ github.ref }}'
-#          tags: '${{ steps.tags.outputs.result }}'
-#
-#
-#
-#  build-main-open:
-#    if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false
-#    uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
-#    with:
-#      name: '${{ github.event.repository.name }}'
-#      tags: pr-${{ github.event.number }}
-#    secrets: inherit
-#  build-main-merge:
-#    if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true
-#    uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
-#    with:
-#      name: '${{ github.event.repository.name }}'
-#      tags: pr-${{ github.event.number }},latest-rc
-#    secrets: inherit
-#  trivy-scans:
-#    if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false
-#    uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main
-#    secrets: inherit
 
+      - name: Push to repository
+        uses: cpina/github-action-push-to-another-repository@main
+        env:
+          USERNAME: '${{ secrets.GHCR_USERNAME }}'
+          API_TOKEN_GITHUB: '${{ secrets.GHCR_TOKEN }}'
+        with:
+          source-directory: 'build'
+          destination-github-username: 'kbase'
+          destination-repository-name: 'static-content'
+          user-email: 'sysadmins@lists.kbase.us'
+          target-branch: main
 
+      - name: Call Static Server to Deploy Update
+        run: curl --fail -XGET 'https://ci-europa.kbase.us/services/static-server'
diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml
@@ -0,0 +1,98 @@
+name: Build Static Nginx Docker Image
+
+on:
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
+        with:
+          cosign-release: 'v1.13.1'
+
+
+      # Workaround: https://github.com/docker/build-push-action/issues/461
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Install proper Node
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+
+      - name: Run multi-enviroment build
+        run: npm install && ./scripts/build_deploy.sh
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -0,0 +1,36 @@
+name: PR Checks
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - uses: actions/checkout@v2
+      - run: npm install
+      - run: npm run test
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - uses: actions/checkout@v2
+      - run: npm install
+      - run: npm run build
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - uses: actions/checkout@v2
+      - run: npm install
+      - run: npm run lint:strict
diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,7 @@
 
 # production
 /build
+/deploy
 
 # misc
 .DS_Store

diff --git a/Dockerfile b/Dockerfile
@@ -1,2 +1,12 @@
-FROM nginx
-COPY build /usr/share/nginx/html
+FROM bitnami/nginx:latest
+USER root
+
+# Copy built static files for all enviroments to image
+COPY ./deploy /deploy/
+
+# Copy nginx config template to image
+COPY ./scripts/nginx.conf.tmpl /nginx.conf.tmpl
+
+COPY ./scripts/docker_entrypoint.sh /entrypoint.sh
+USER 1001
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# UI
+# UI Refresh Test Repo
 
 This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app) (`npx create-react-app ui-refresh-test --template typescript`). It also includes the following:
 

diff --git a/package.json b/package.json
@@ -101,8 +101,8 @@
       "^d3-(.*)$": "d3-$1/dist/d3-$1"
     }
   },
-  "name": "@jsfillman/ui",
-  "private": false,
+  "name": "ui-refresh-test",
+  "private": true,
   "proxy": "https://ci-europa.kbase.us",
   "remarkConfig": {
     "plugins": {
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,6 +10,7 @@ @@
     # production
     /build
+    /deploy
     # misc
     .DS_Store
@@ Expand Down @@