container build pipeline

.dockerignore

@@ -1,2 +1,4 @@
 package-lock.json
-yarn.lock
+yarn.lock
+dist
+server-dist

.github/workflows/build_container_image.yml

@@ -0,0 +1,51 @@
+name: build and publish container
+
+on: [push]
+env:
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: api-explorer-ii
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT
+        id: extract_branch
+
+      - uses: actions/checkout@v2
+      - name: Build the Docker image with latest tag
+        if: steps.extract_branch.outputs.branch == develop
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-explorer-ii with latest tag done
+
+      - name: Build the Docker image without latest tag
+        if: steps.extract_branch.outputs.branch == develop
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-explorer-ii without latest tag done
+
+      - uses: sigstore/cosign-installer@main
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+      - name: Sign container image with annotations from our environment
+        env:
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
+        run: |
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+
+
+
+

Dockerfiles/Dockerfile_backend

@@ -2,7 +2,7 @@
 FROM node:lts-bullseye as builder
 
 # Add application sources
-ADD ../.. /home/node/app/
+ADD .. /home/node/app/
 WORKDIR /home/node/app
 # Install the dependencies
 RUN npm install

Dockerfiles/Dockerfile_frontend

@@ -1,10 +1,7 @@
 FROM node:lts-bullseye as builder
-USER 0
 # Add application sources
-# Add application sources
-ADD ../.. /home/node/app/
+ADD .. /home/node/app/
 WORKDIR /home/node/app
-
 # Install the dependencies
 RUN npm install
 RUN npm run build