diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..0711afc --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +package-lock.json +yarn.lock +dist +server-dist \ No newline at end of file diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml new file mode 100644 index 0000000..80e016f --- /dev/null +++ b/.github/workflows/build_container_image.yml @@ -0,0 +1,44 @@ +name: build and publish container + +on: + push: + branches: + - develop +env: + DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} + DOCKER_HUB_REPOSITORY: api-explorer-ii + + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Extract branch name + shell: bash + run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT + id: extract_branch + + - uses: actions/checkout@v2 + - name: Build the Docker image with latest tag + run: | + echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io + docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest + docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags + echo docker api-explorer-ii with latest tag done + + - uses: sigstore/cosign-installer@main + - name: Write signing key to disk (only needed for `cosign sign --key`) + run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key + - name: Sign container image with annotations from our environment + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + run: | + cosign sign -y --key cosign.key \ + -a "repo=${{ github.repository }}" \ + -a "workflow=${{ github.workflow }}" \ + -a "ref=${{ github.sha }}" \ + docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + + + + diff --git a/.github/workflows/build_container_image_not_develop.yml b/.github/workflows/build_container_image_not_develop.yml new file mode 100644 index 0000000..eac18a2 --- /dev/null +++ b/.github/workflows/build_container_image_not_develop.yml @@ -0,0 +1,45 @@ +name: build and publish container + +on: + push: + branches: + - '*' + - '!develop' +env: + DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} + DOCKER_HUB_REPOSITORY: api-explorer-ii + + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Extract branch name + shell: bash + run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT + id: extract_branch + + - uses: actions/checkout@v2 + - name: Build the Docker image without latest tag + run: | + echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io + docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags + echo docker api-explorer-ii without latest tag done + + - uses: sigstore/cosign-installer@main + - name: Write signing key to disk (only needed for `cosign sign --key`) + run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key + - name: Sign container image with annotations from our environment + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + run: | + cosign sign -y --key cosign.key \ + -a "repo=${{ github.repository }}" \ + -a "workflow=${{ github.workflow }}" \ + -a "ref=${{ github.sha }}" \ + docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + + + + diff --git a/Dockerfiles/Dockerfile_backend b/Dockerfiles/Dockerfile_backend new file mode 100644 index 0000000..62bd447 --- /dev/null +++ b/Dockerfiles/Dockerfile_backend @@ -0,0 +1,21 @@ +# First stage builds the application +FROM node:lts-bullseye as builder + +# Add application sources +ADD .. /home/node/app/ +WORKDIR /home/node/app +# Install the dependencies +RUN npm install +RUN npm run build-server + +# Run script uses standard ways to run the application +# CMD npm run -d start +FROM node:lts-bullseye + +COPY --from=builder /home/node/app/server-dist /home/node/app +RUN mkdir /home/node/node_modules +COPY --from=builder /home/node/app/node_modules /home/node/node_modules +WORKDIR /home/node/app +CMD ["node", "app.js"] + + diff --git a/Dockerfiles/Dockerfile_frontend b/Dockerfiles/Dockerfile_frontend new file mode 100644 index 0000000..68e36b8 --- /dev/null +++ b/Dockerfiles/Dockerfile_frontend @@ -0,0 +1,22 @@ +FROM node:lts-bullseye as builder +# Add application sources +ADD .. /home/node/app/ +WORKDIR /home/node/app +# Install the dependencies +RUN npm install +RUN npm run build + +FROM registry.access.redhat.com/ubi9/nginx-120 +USER 0 +RUN dnf update -y +RUN chown -R 1001 /var/log/nginx +ADD Dockerfiles/nginx.conf "${NGINX_DEFAULT_CONF_PATH}" +COPY --from=builder /home/node/app/dist /opt/app-root/src +RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/ +USER 1001 +CMD ["nginx", "-g", "daemon off;"] + + + + + diff --git a/Dockerfiles/nginx.conf b/Dockerfiles/nginx.conf new file mode 100644 index 0000000..79ca96f --- /dev/null +++ b/Dockerfiles/nginx.conf @@ -0,0 +1,7 @@ + + server_name localhost; + location / { + root /opt/app-root/src/; + index index.html; + try_files $uri $uri/ /index.html; + }