Merge pull request #48 from tawoe/container

Add Container pipeline

.dockerignore

@@ -0,0 +1,4 @@
+package-lock.json
+yarn.lock
+dist
+server-dist

.github/workflows/build_container_image.yml

@@ -0,0 +1,44 @@
+name: build and publish container
+
+on:
+  push:
+    branches:
+    - develop
+env:
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: api-explorer-ii
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT
+        id: extract_branch
+
+      - uses: actions/checkout@v2
+      - name: Build the Docker image with latest tag
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-explorer-ii with latest tag done
+
+      - uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign container image with annotations from our environment
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        run: |
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+
+
+
+

.github/workflows/build_container_image_not_develop.yml

@@ -0,0 +1,45 @@
+name: build and publish container
+
+on:
+  push:
+    branches:
+    - '*'
+    - '!develop'
+env:
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: api-explorer-ii
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT
+        id: extract_branch
+
+      - uses: actions/checkout@v2
+      - name: Build the Docker image without latest tag
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-explorer-ii without latest tag done
+
+      - uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign container image with annotations from our environment
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        run: |
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+
+
+
+

Dockerfiles/Dockerfile_backend

@@ -0,0 +1,21 @@
+# First stage builds the application
+FROM node:lts-bullseye as builder
+
+# Add application sources
+ADD .. /home/node/app/
+WORKDIR /home/node/app
+# Install the dependencies
+RUN npm install
+RUN npm run build-server
+
+# Run script uses standard ways to run the application
+# CMD npm run -d start
+FROM node:lts-bullseye
+
+COPY --from=builder /home/node/app/server-dist /home/node/app
+RUN mkdir /home/node/node_modules
+COPY --from=builder /home/node/app/node_modules /home/node/node_modules
+WORKDIR /home/node/app
+CMD ["node", "app.js"]
+
+

Dockerfiles/Dockerfile_frontend

@@ -0,0 +1,22 @@
+FROM node:lts-bullseye as builder
+# Add application sources
+ADD .. /home/node/app/
+WORKDIR /home/node/app
+# Install the dependencies
+RUN npm install
+RUN npm run build
+
+FROM registry.access.redhat.com/ubi9/nginx-120
+USER 0
+RUN dnf update -y
+RUN chown -R 1001 /var/log/nginx
+ADD Dockerfiles/nginx.conf "${NGINX_DEFAULT_CONF_PATH}"
+COPY --from=builder /home/node/app/dist /opt/app-root/src
+RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/
+USER 1001
+CMD ["nginx", "-g", "daemon off;"]
+
+
+
+
+

Dockerfiles/nginx.conf

@@ -0,0 +1,7 @@
+
+    server_name  localhost;
+    location / {
+      root   /opt/app-root/src/;
+      index  index.html;
+      try_files $uri $uri/ /index.html;
+    }