Revert "ci: Remove docker setup"

This reverts commit 78fd1c6.
sebbo2002 · May 16, 2022 · 655068b · 655068b
1 parent 946a8ac
commit 655068b
Show file tree

Hide file tree

Showing 6 changed files with 304 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,3 +9,13 @@ updates:
       include: scope
     schedule:
       interval: weekly
+  - package-ecosystem: docker
+    directory: /
+    assignees:
+      - sebbo2002
+    commit-message:
+      prefix: "build"
+      include: scope
+    schedule:
+      interval: weekly
+
diff --git a/.github/workflows/test-release.yml b/.github/workflows/test-release.yml
@@ -61,14 +61,213 @@ jobs:
       - name: 🕵️‍♀️ Run license checker
         run: npm run license-check
 
+  docker-image:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    env:
+      PUSH_TO_DOCKERHUB: ${{ (github.repository != 'sebbo2002/js-template') && (secrets.DOCKERHUB_TOKEN != null) }}
+    steps:
+      - name: ☁️ Checkout
+        uses: actions/checkout@v3
+      - name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: 🔧 Set up Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+      - name: 🔐 Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: 🔐 Login to DockerHub
+        uses: docker/login-action@v2
+        if: ${{ env.PUSH_TO_DOCKERHUB == 'true' }}
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: ℹ️ Set Build Variables
+        id: buildVars
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d %H:%M:%S')"
+      - name: 🪄 Build and push (1/2)
+        uses: docker/build-push-action@v3
+        continue-on-error: true
+        id: docker-build-1-1
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          target: build-container
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (1/2; #2)
+        uses: docker/build-push-action@v3
+        continue-on-error: true
+        if: steps.docker-build-1-1.outcome=='failure'
+        id: docker-build-1-2
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          target: build-container
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (1/2; #3)
+        uses: docker/build-push-action@v3
+        continue-on-error: true
+        if: steps.docker-build-1-2.outcome=='failure'
+        id: docker-build-1-3
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          target: build-container
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (1/2; Summary)
+        if: always()
+        run: |
+          if ${{ steps.docker-build-1-1.outcome=='success' || steps.docker-build-1-2.outcome=='success' || steps.docker-build-1-3.outcome=='success' }}; then
+             echo "🎉 Whoop whoop, that worked…"
+          else
+             exit 1
+          fi
+      - name: 🪄 Build and push (2/2)
+        uses: docker/build-push-action@v3
+        continue-on-error: true
+        id: docker-build-2-1
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ steps.buildVars.outputs.date }}
+            org.opencontainers.image.ref.name=${{ github.ref }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          cache-from: |
+            type=gha
+            type=registry,ref=ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+            type=registry,ref=ghcr.io/${{ github.repository }}:next
+            type=registry,ref=ghcr.io/${{ github.repository }}:latest
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (2/2; #2)
+        uses: docker/build-push-action@v3
+        continue-on-error: true
+        if: steps.docker-build-2-1.outcome=='failure'
+        id: docker-build-2-2
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ steps.buildVars.outputs.date }}
+            org.opencontainers.image.ref.name=${{ github.ref }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          cache-from: |
+            type=gha
+            type=registry,ref=ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+            type=registry,ref=ghcr.io/${{ github.repository }}:next
+            type=registry,ref=ghcr.io/${{ github.repository }}:latest
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (2/2; #3)
+        uses: docker/build-push-action@v3
+        if: steps.docker-build-2-2.outcome=='failure'
+        continue-on-error: true
+        id: docker-build-2-3
+        with:
+          context: .
+          github-token: ${{ secrets.GH_TOKEN }}
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/arm/v7,linux/arm/v6
+          pull: true
+          push: true
+          tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          labels: |
+            org.opencontainers.image.authors=${{ github.repository_owner }}
+            org.opencontainers.image.created=${{ steps.buildVars.outputs.date }}
+            org.opencontainers.image.ref.name=${{ github.ref }}
+            org.opencontainers.image.revision=${{ github.sha }}
+            org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          cache-from: |
+            type=gha
+            type=registry,ref=ghcr.io/${{ github.repository }}:build-container-${{ github.sha }}
+            type=registry,ref=ghcr.io/${{ github.repository }}:next
+            type=registry,ref=ghcr.io/${{ github.repository }}:latest
+          cache-to: type=gha,mode=max
+      - name: 🪄 Build and push (2/2; Summary)
+        if: always()
+        id: docker-build-2
+        run: |
+          if ${{ steps.docker-build-2-1.outcome=='success' }}; then
+             echo "🎉 Whoop whoop, that worked (first try)"
+             echo "::set-output name=digest::${{ steps.docker-build-2-1.outputs.digest }}"
+          elif ${{ steps.docker-build-2-2.outcome=='success' }}; then
+             echo "🎉 Whoop whoop, that worked (second try)"
+             echo "::set-output name=digest::${{ steps.docker-build-2-2.outputs.digest }}"
+          elif ${{ steps.docker-build-2-3.outcome=='success' }}; then
+             echo "🎉 Whoop whoop, that worked (third try)"
+             echo "::set-output name=digest::${{ steps.docker-build-2-3.outputs.digest }}"
+          else
+             exit 1
+          fi
+      - name: 🔄 Push container to DockerHub
+        if: ${{ env.PUSH_TO_DOCKERHUB == 'true' }}
+        run: |
+          docker pull $SOURCE
+          docker tag $SOURCE $TARGET
+          docker push $TARGET
+        env:
+          SOURCE: ghcr.io/${{ github.repository }}:${{ github.sha }}
+          TARGET: ${{ github.repository }}:${{ github.sha }}
+      - name: 🏁 Boot-up Check
+        if: github.repository != 'sebbo2002/js-template'
+        run: |
+          docker run --name "app" -d $IMAGE
+          sleep 5
+          docker logs app
+          docker exec app echo "Ok."
+          docker stop app
+          docker rm app
+        env:
+          IMAGE: ghcr.io/${{ github.repository }}:${{ github.sha }}
+    outputs:
+      digest: ${{ steps.docker-build-2.outputs.digest }}
+
   release:
     name: Release
     runs-on: ubuntu-latest
     concurrency: release
+    env:
+      PUSH_TO_DOCKERHUB: ${{ (github.repository != 'sebbo2002/js-template') && (secrets.DOCKERHUB_TOKEN != null) }}
     needs:
       - coverage
       - tests
       - license-checker
+      - docker-image
     if: ${{ github.repository != 'sebbo2002/js-template' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop') }}
     steps:
       - name: ☁️ Checkout Project
@@ -81,6 +280,34 @@ jobs:
         run: npm ci
       - name: 📂 Create docs folder
         run: mkdir ./docs
+      - name: 🔐 Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: 🔐 Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: ⬇️ Pull GitHub Containers
+        id: github
+        run: |
+          docker pull "${IMAGE}@${DIGEST}"
+          echo "::set-output name=image::${IMAGE}@${DIGEST}"
+        env:
+          IMAGE: ghcr.io/${{ github.repository }}
+          DIGEST: ${{ needs.docker-image.outputs.digest }}
+      - name: ⬇️ Pull Docker Hub Containers
+        if: ${{ env.PUSH_TO_DOCKERHUB == 'true' }}
+        id: dockerhub
+        run: |
+          docker pull "${IMAGE}@${DIGEST}"
+          echo "::set-output name=image::${IMAGE}@${DIGEST}"
+        env:
+          IMAGE: ${{ github.repository }}
+          DIGEST: ${{ needs.docker-image.outputs.digest }}
       - name: 🪄 Run semantic-release
         run: BRANCH=${GITHUB_REF#refs/heads/} npx semantic-release
         env:
@@ -91,6 +318,8 @@ jobs:
           GITHUB_NPM_TOKEN: ${{ secrets.GH_TOKEN }}
           PUBLIC_NPM_CONFIG_REGISTRY: https://registry.npmjs.org
           PUBLIC_NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          DOCKER_LOCAL_IMAGE_GH: ${{ steps.github.outputs.image }}
+          DOCKER_LOCAL_IMAGE_DH: ${{ steps.dockerhub.outputs.image }}
       - name: 🔃 Merge main back into develop
         if: ${{ github.ref == 'refs/heads/main' }}
         uses: everlytic/branch-merge@1.1.2

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,29 @@
+FROM node:lts-alpine@sha256:1a9a71ea86aad332aa7740316d4111ee1bd4e890df47d3b5eff3e5bded3b3d10 as build-container
+
+WORKDIR "/app"
+
+COPY package*.json "/app/"
+RUN npm ci
+
+COPY . "/app/"
+RUN npm run build && \
+    rm -rf ./.github ./src ./test ./node_modules
+
+
+FROM node:lts-alpine@sha256:1a9a71ea86aad332aa7740316d4111ee1bd4e890df47d3b5eff3e5bded3b3d10
+ARG NODE_ENV=production
+ENV NODE_ENV=$NODE_ENV
+WORKDIR "/app"
+
+RUN apk add --no-cache --update dumb-init && \
+    ln -s /app/dist/bin/start.js /usr/local/bin/start && \
+    ln -s /app/dist/bin/cli.js /usr/local/bin/cli
+
+COPY --from=build-container /app/package*.json "/app/"
+RUN npm ci --only-production
+
+COPY --from=build-container "/app" "/app"
+USER node
+
+ENTRYPOINT ["/usr/bin/dumb-init", "--"]
+CMD ["/usr/local/bin/start"]
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,6 +13,7 @@
   "devDependencies": {
     "@amanda-mitchell/semantic-release-npm-multiple": "^2.15.0",
     "@qiwi/semantic-release-gh-pages-plugin": "^5.2.0",
+    "@sebbo2002/semantic-release-docker": "^1.0.0-develop.1",
     "@semantic-release/changelog": "^6.0.1",
     "@semantic-release/exec": "^6.0.2",
     "@semantic-release/git": "^10.0.1",

diff --git a/release.config.js b/release.config.js
@@ -46,6 +46,19 @@ configuration.plugins.push(['@semantic-release/git', {
     'message': 'chore(release): :bookmark: ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}'
 }]);
 
+const dockerImages = [];
+if (process.env.DOCKER_LOCAL_IMAGE_DH) {
+    dockerImages.push(process.env.DOCKER_LOCAL_IMAGE_DH);
+}
+if (process.env.DOCKER_LOCAL_IMAGE_GH) {
+    dockerImages.push(process.env.DOCKER_LOCAL_IMAGE_GH);
+}
+if(dockerImages.length > 0) {
+    configuration.plugins.push(['@sebbo2002/semantic-release-docker', {
+        images: dockerImages
+    }]);
+}
+
 configuration.plugins.push(['@qiwi/semantic-release-gh-pages-plugin', {
     'msg': 'docs: Updated for <%= nextRelease.gitTag %>',
     'src': './docs',