-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #48 from tawoe/container
Add Container pipeline
- Loading branch information
Showing
6 changed files
with
143 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
package-lock.json | ||
yarn.lock | ||
dist | ||
server-dist |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
name: build and publish container | ||
|
||
on: | ||
push: | ||
branches: | ||
- develop | ||
env: | ||
DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} | ||
DOCKER_HUB_REPOSITORY: api-explorer-ii | ||
|
||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Extract branch name | ||
shell: bash | ||
run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT | ||
id: extract_branch | ||
|
||
- uses: actions/checkout@v2 | ||
- name: Build the Docker image with latest tag | ||
run: | | ||
echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io | ||
docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest | ||
docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags | ||
echo docker api-explorer-ii with latest tag done | ||
- uses: sigstore/cosign-installer@main | ||
- name: Write signing key to disk (only needed for `cosign sign --key`) | ||
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key | ||
- name: Sign container image with annotations from our environment | ||
env: | ||
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | ||
run: | | ||
cosign sign -y --key cosign.key \ | ||
-a "repo=${{ github.repository }}" \ | ||
-a "workflow=${{ github.workflow }}" \ | ||
-a "ref=${{ github.sha }}" \ | ||
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
name: build and publish container | ||
|
||
on: | ||
push: | ||
branches: | ||
- '*' | ||
- '!develop' | ||
env: | ||
DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} | ||
DOCKER_HUB_REPOSITORY: api-explorer-ii | ||
|
||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Extract branch name | ||
shell: bash | ||
run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT | ||
id: extract_branch | ||
|
||
- uses: actions/checkout@v2 | ||
- name: Build the Docker image without latest tag | ||
run: | | ||
echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io | ||
docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} | ||
docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags | ||
echo docker api-explorer-ii without latest tag done | ||
- uses: sigstore/cosign-installer@main | ||
- name: Write signing key to disk (only needed for `cosign sign --key`) | ||
run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key | ||
- name: Sign container image with annotations from our environment | ||
env: | ||
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | ||
run: | | ||
cosign sign -y --key cosign.key \ | ||
-a "repo=${{ github.repository }}" \ | ||
-a "workflow=${{ github.workflow }}" \ | ||
-a "ref=${{ github.sha }}" \ | ||
docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# First stage builds the application | ||
FROM node:lts-bullseye as builder | ||
|
||
# Add application sources | ||
ADD .. /home/node/app/ | ||
WORKDIR /home/node/app | ||
# Install the dependencies | ||
RUN npm install | ||
RUN npm run build-server | ||
|
||
# Run script uses standard ways to run the application | ||
# CMD npm run -d start | ||
FROM node:lts-bullseye | ||
|
||
COPY --from=builder /home/node/app/server-dist /home/node/app | ||
RUN mkdir /home/node/node_modules | ||
COPY --from=builder /home/node/app/node_modules /home/node/node_modules | ||
WORKDIR /home/node/app | ||
CMD ["node", "app.js"] | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
FROM node:lts-bullseye as builder | ||
# Add application sources | ||
ADD .. /home/node/app/ | ||
WORKDIR /home/node/app | ||
# Install the dependencies | ||
RUN npm install | ||
RUN npm run build | ||
|
||
FROM registry.access.redhat.com/ubi9/nginx-120 | ||
USER 0 | ||
RUN dnf update -y | ||
RUN chown -R 1001 /var/log/nginx | ||
ADD Dockerfiles/nginx.conf "${NGINX_DEFAULT_CONF_PATH}" | ||
COPY --from=builder /home/node/app/dist /opt/app-root/src | ||
RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/ | ||
USER 1001 | ||
CMD ["nginx", "-g", "daemon off;"] | ||
|
||
|
||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
|
||
server_name localhost; | ||
location / { | ||
root /opt/app-root/src/; | ||
index index.html; | ||
try_files $uri $uri/ /index.html; | ||
} |