From 0d6ac5c4f4c61512ca5f0e610fc75550bab33000 Mon Sep 17 00:00:00 2001 From: tawoe Date: Tue, 14 May 2024 11:02:58 +0200 Subject: [PATCH] container build pipeline --- .dockerignore | 4 +- .github/workflows/build_container_image.yml | 51 +++++++++++++++++++++ Dockerfiles/Dockerfile_backend | 2 +- Dockerfiles/Dockerfile_frontend | 5 +- 4 files changed, 56 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/build_container_image.yml diff --git a/.dockerignore b/.dockerignore index 1b08915..0711afc 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,4 @@ package-lock.json -yarn.lock \ No newline at end of file +yarn.lock +dist +server-dist \ No newline at end of file diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml new file mode 100644 index 0000000..4beb0d9 --- /dev/null +++ b/.github/workflows/build_container_image.yml @@ -0,0 +1,51 @@ +name: build and publish container + +on: [push] +env: + DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }} + DOCKER_HUB_REPOSITORY: api-explorer-ii + + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Extract branch name + shell: bash + run: echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >>$GITHUB_OUTPUT + id: extract_branch + + - uses: actions/checkout@v2 + - name: Build the Docker image with latest tag + if: steps.extract_branch.outputs.branch == develop + run: | + echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io + docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest + docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags + echo docker api-explorer-ii with latest tag done + + - name: Build the Docker image without latest tag + if: steps.extract_branch.outputs.branch == develop + run: | + echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io + docker build . --file Dockerfiles/Dockerfile_backend --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags + echo docker api-explorer-ii without latest tag done + + - uses: sigstore/cosign-installer@main + - name: Write signing key to disk (only needed for `cosign sign --key`) + run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key + - name: Sign container image with annotations from our environment + env: + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} + run: | + cosign sign -y --key cosign.key \ + -a "repo=${{ github.repository }}" \ + -a "workflow=${{ github.workflow }}" \ + -a "ref=${{ github.sha }}" \ + docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }} + + + + diff --git a/Dockerfiles/Dockerfile_backend b/Dockerfiles/Dockerfile_backend index 1c8fa28..62bd447 100644 --- a/Dockerfiles/Dockerfile_backend +++ b/Dockerfiles/Dockerfile_backend @@ -2,7 +2,7 @@ FROM node:lts-bullseye as builder # Add application sources -ADD ../.. /home/node/app/ +ADD .. /home/node/app/ WORKDIR /home/node/app # Install the dependencies RUN npm install diff --git a/Dockerfiles/Dockerfile_frontend b/Dockerfiles/Dockerfile_frontend index 87f6434..68e36b8 100644 --- a/Dockerfiles/Dockerfile_frontend +++ b/Dockerfiles/Dockerfile_frontend @@ -1,10 +1,7 @@ FROM node:lts-bullseye as builder -USER 0 # Add application sources -# Add application sources -ADD ../.. /home/node/app/ +ADD .. /home/node/app/ WORKDIR /home/node/app - # Install the dependencies RUN npm install RUN npm run build