From abbb43c7285e52bd7e8a95fe5e1a620d0445ac29 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Fri, 2 Oct 2020 01:28:44 +0200 Subject: [PATCH 01/11] Ignore baked compose --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index e94dee3..d490cbc 100644 --- a/.gitignore +++ b/.gitignore @@ -233,6 +233,9 @@ $RECYCLE.BIN/ # End of https://www.toptal.com/developers/gitignore/api/git,yarn,react,linux,macos,windows,webstorm,visualstudiocode +# Docker +docker-compose.bake.yml + # Build /build From 6b4fed8225fe58dac8c3069c63160d1c1ce75e00 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 00:04:36 +0200 Subject: [PATCH 02/11] Build Docker image --- .github/workflows/ci-cd.yml | 280 ++++++++++++++++++-- .github/workflows/dockerhub-description.yml | 38 +++ .github/workflows/greetings.yml | 1 + .github/workflows/label.yml | 4 +- .github/workflows/stale.yml | 24 +- Dockerfile | 4 +- 6 files changed, 316 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/dockerhub-description.yml diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 851ddce..942286b 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -1,19 +1,23 @@ name: CI/CD +env: + IMAGE_NAME: weleda-webcenter-text-export + on: push: branches: - master - develop + tags: + - "*.*.*" paths: - .github/workflows/ci-cd.yml - # - "docker/**" + - "docker/**" - "public/**" - "src/**" - # - .dockerignore + - .dockerignore - .yarnrc.yml - # - docker-compose.build.yml - # - Dockerfile + - Dockerfile - package.json - tsconfig.json - yarn.lock @@ -26,10 +30,19 @@ jobs: test: runs-on: ubuntu-latest + # https://github.com/marketplace/actions/build-and-push-docker-images#local-registry + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: - - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - name: Setup Node.JS + uses: actions/setup-node@v1 with: node-version: "14" @@ -37,34 +50,159 @@ jobs: - name: Get yarn cache directory path id: yarn-cache-dir-path run: echo "::set-output name=dir::$(yarn config get cacheFolder)" - - - uses: actions/cache@v2 - id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) + - name: Cache local yarn repository + id: yarn-cache + uses: actions/cache@v2 with: + # A list of files, directories, and wildcard patterns to cache and restore. See @actions/glob for supported patterns. path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + # An explicit key for restoring and saving the cache key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + # An ordered list of keys to use for restoring the cache if no cache hit occurred for key restore-keys: | ${{ runner.os }}-yarn- - name: Install dependencies run: yarn install --immutable + - name: Build + run: yarn run build + - name: Run tests run: yarn run test - - name: Build - run: yarn run build + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + # with: + # # QEMU static binaries Docker image + # image: tonistiigi/binfmt:latest # optional, default is "tonistiigi/binfmt" + # # Platforms to install (e.g. arm64,riscv64,arm) + # platforms: all # optional, default is "all" + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + # Buildx version. + # version: latest # optional + # Sets the builder driver to be used + # driver: docker-container # optional, default is "docker-container" + # List of additional driver-specific options (eg. image=moby/buildkit:master) + driver-opts: network=host # optional + # Flags for buildkitd daemon (since buildx v0.3.0) + # buildkitd-flags: # optional + # Sets up docker build command as an alias to docker buildx + # install: false # optional, default is "false" + # Switch to this builder instance + # use: true # optional, default is "true" + # Optional address for docker socket or context from docker context ls + # endpoint: # optional - publish: + # https://github.com/marketplace/actions/build-and-push-docker-images#leverage-github-cache + - name: Cache Docker layers + uses: actions/cache@v2 + with: + # A list of files, directories, and wildcard patterns to cache and restore. See @actions/glob for supported patterns. + path: /tmp/.buildx-cache + # An explicit key for restoring and saving the cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + # An ordered list of keys to use for restoring the cache if no cache hit occurred for key + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build (Docker) + uses: docker/build-push-action@v2 + with: + # Builder instance (see setup-buildx action) + # builder: # optional + # Build's context is the set of files located in the specified PATH or URL + # context: . # optional, default is git context + # Path to the Dockerfile + # file: ./Dockerfile # optional, default is "Dockerfile" + # List of build-time variables + # build-args: # optional + # List of metadata for an image + # labels: # optional + # List of tags + tags: localhost:5000/name/app:latest # optional + # Always attempt to pull a newer version of the image + # pull: false # optional, default is "false" + # Sets the target stage to build + # target: # optional + # List of extra privileged entitlement (eg. network.host,security.insecure) + # allow: # optional + # Do not use cache when building the image + # no-cache: false # optional, default is "false" + # List of target platforms for build + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 # optional + # Load is a shorthand for --output=type=docker + # load: false # optional, default is "false" + # Push is a shorthand for --output=type=registry + push: true # optional, default is "false" + # List of output destinations (format: type=local,dest=path) + # outputs: # optional + # List of external cache sources (eg. type=local,src=path/to/dir) + cache-from: type=local,src=/tmp/.buildx-cache # optional + # List of cache export destinations (eg. type=local,dest=path/to/dir) + cache-to: type=local,dest=/tmp/.buildx-cache # optional + # List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken) + # secrets: # optional + + - name: Inspect + run: | + docker buildx imagetools inspect localhost:5000/name/app:latest + + deploy: needs: test runs-on: ubuntu-latest - if: github.event_name == 'push' && github.repository == 'D3strukt0r/weleda-webcenter-text-export' + if: github.event_name != 'pull_request' && github.repository == 'D3strukt0r/weleda-webcenter-text-export' steps: - - uses: actions/checkout@v2 + - name: Checkout + uses: actions/checkout@v2 + + # https://github.com/actions/starter-workflows/blob/main/ci/docker-publish.yml + # https://github.com/docker/build-push-action#complete-workflow + - name: Prepare + id: prep + run: | + DOCKER_IMAGE="$(echo "${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME" | tr '[A-Z]' '[a-z]')" + + # Strip git ref prefix from version + VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') + + # Rename branches which stand for latest or similar + if [ "$VERSION" = '${{ github.event.repository.default_branch }}' ]; then + VERSION=latest + elif [ "$VERSION" = 'develop' ]; then + VERSION=nightly + else + VERSION=$(echo "$VERSION" | sed -r 's#/+#-#g') + fi + + # Strip "v" prefix from tag name + if [[ "${{ github.ref }}" == refs/tags/* ]]; then + VERSION=$(echo $VERSION | sed -e 's/^v//') + fi + + # Create tags + TAGS="${DOCKER_IMAGE}:${VERSION}" + if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + MINOR=${VERSION%.*} + MAJOR=${MINOR%.*} + TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest" + elif [ "${{ github.event_name }}" = 'push' ]; then + TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" + fi - - uses: actions/setup-node@v1 + echo ::set-output name=version::${VERSION} + echo ::set-output name=tags::${TAGS} + echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') + + - name: Setup Node.JS + uses: actions/setup-node@v1 with: node-version: "14" @@ -78,12 +216,15 @@ jobs: - name: Get yarn cache directory path id: yarn-cache-dir-path run: echo "::set-output name=dir::$(yarn config get cacheFolder)" - - - uses: actions/cache@v2 - id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`) + - name: Cache local yarn repository + id: yarn-cache + uses: actions/cache@v2 with: + # A list of files, directories, and wildcard patterns to cache and restore. See @actions/glob for supported patterns. path: ${{ steps.yarn-cache-dir-path.outputs.dir }} + # An explicit key for restoring and saving the cache key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + # An ordered list of keys to use for restoring the cache if no cache hit occurred for key restore-keys: | ${{ runner.os }}-yarn- @@ -106,7 +247,6 @@ jobs: --verbose \ --local_dir build \ --fqdn webcenter-text-export.manuele-vaccari.ch - - name: Deploy to Github Pages (Development) if: github.ref == 'refs/heads/develop' run: | @@ -119,3 +259,105 @@ jobs: --verbose \ --local_dir build \ --fqdn webcenter-text-export-dev.manuele-vaccari.ch + + - name: Setup QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + # with: + # # QEMU static binaries Docker image + # image: tonistiigi/binfmt:latest # optional, default is "tonistiigi/binfmt" + # # Platforms to install (e.g. arm64,riscv64,arm) + # platforms: all # optional, default is "all" + + - name: Setup Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + with: + # Buildx version. + version: latest # optional + # Sets the builder driver to be used + # driver: docker-container # optional, default is "docker-container" + # List of additional driver-specific options (eg. image=moby/buildkit:master) + # driver-opts: | # optional + # image=moby/buildkit:master + # network=host + # Flags for buildkitd daemon (since buildx v0.3.0) + # buildkitd-flags: # optional + # Sets up docker build command as an alias to docker buildx + # install: false # optional, default is "false" + # Switch to this builder instance + # use: true # optional, default is "true" + # Optional address for docker socket or context from docker context ls + # endpoint: # optional + + # https://github.com/marketplace/actions/build-and-push-docker-images#leverage-github-cache + - name: Cache Docker layers + uses: actions/cache@v2 + with: + # A list of files, directories, and wildcard patterns to cache and restore. See @actions/glob for supported patterns. + path: /tmp/.buildx-cache + # An explicit key for restoring and saving the cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + # An ordered list of keys to use for restoring the cache if no cache hit occurred for key + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + # Server address of Docker registry. If not set then will default to Docker Hub + # registry: # optional, default is docker registry + # Username used to log against the Docker registry + username: ${{ secrets.DOCKER_USERNAME }} + # Password or personal access token used to log against the Docker registry + password: ${{ secrets.DOCKER_PASSWORD }} + # Log out from the Docker registry at the end of a job + # logout: true # optional, default is "true" + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v2 + with: + # Builder instance (see setup-buildx action) + # builder: + # Build's context is the set of files located in the specified PATH or URL + # context: . # default is "" + # Path to the Dockerfile + # file: ./Dockerfile # default is "Dockerfile" + # List of build-time variables + # build-args: # optional + # List of metadata for an image + # https://github.com/opencontainers/image-spec/blob/master/annotations.md + labels: | # optional + org.opencontainers.image.created=${{ steps.prep.outputs.created }} + org.opencontainers.image.url=${{ github.event.repository.html_url }} + org.opencontainers.image.source=${{ github.event.repository.clone_url }} + org.opencontainers.image.version=${{ steps.prep.outputs.version }} + org.opencontainers.image.revision=${{ github.sha }} + org.opencontainers.image.title=${{ github.event.repository.name }} + org.opencontainers.image.description=${{ github.event.repository.description }} + org.opencontainers.image.licenses=${{ github.event.repository.license.spdx_id }} + # List of tags + tags: ${{ steps.prep.outputs.tags }} + # Always attempt to pull a newer version of the image + # pull: false # optional, default is "false" + # Sets the target stage to build + # target: # optional + # List of extra privileged entitlement (eg. network.host,security.insecure) + # allow: # optional + # Do not use cache when building the image + # no-cache: false # optional, default is "false" + # List of target platforms for build + platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x,linux/386,linux/arm/v7,linux/arm/v6 # optional + # Load is a shorthand for --output=type=docker + # load: false # optional, default is "false" + # Push is a shorthand for --output=type=registry + push: ${{ github.event_name != 'pull_request' }} # optional, default is "false" + # List of output destinations (format: type=local,dest=path) + # outputs: # optional + # List of external cache sources (eg. type=local,src=path/to/dir) + cache-from: type=local,src=/tmp/.buildx-cache # optional + # List of cache export destinations (eg. type=local,dest=path/to/dir) + cache-to: type=local,dest=/tmp/.buildx-cache # optional + # List of secrets to expose to the build (eg. key=value, GIT_AUTH_TOKEN=mytoken) + # secrets: # optional diff --git a/.github/workflows/dockerhub-description.yml b/.github/workflows/dockerhub-description.yml new file mode 100644 index 0000000..b17a5c5 --- /dev/null +++ b/.github/workflows/dockerhub-description.yml @@ -0,0 +1,38 @@ +name: Update Docker Hub Description + +env: + IMAGE_NAME: weleda-webcenter-text-export + +on: + push: + branches: + - master + paths: + - README.md + - .github/workflows/dockerhub-description.yml + + workflow_dispatch: + +jobs: + dockerHubDescription: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Prepare + id: prep + run: echo "::set-output name=repository::$(echo "${{ secrets.DOCKER_USERNAME }}/$IMAGE_NAME" | tr '[A-Z]' '[a-z]')" + + - name: Update README for image on Docker Hub + uses: peter-evans/dockerhub-description@v2 + with: + # Docker Hub username. If updating a Docker Hub repository belonging to an organization, this user must have Admin permissions for the repository. + username: ${{ secrets.DOCKER_USERNAME }} + # Docker Hub password. + password: ${{ secrets.DOCKER_PASSWORD }} + # Docker Hub repository in the format /. + repository: ${{ steps.prep.outputs.repository }} # optional, default is "github.repository" + # Docker Hub repository short description. Input exceeding 100 characters will be truncated. + short-description: ${{ github.event.repository.description }} # optional + # Path to the repository readme. + # readme-filepath: ./README.md # optional, default is "./README.md" diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 906b7bb..1393244 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -5,6 +5,7 @@ on: [pull_request, issues] jobs: greeting: runs-on: ubuntu-latest + steps: - uses: actions/first-interaction@v1 with: diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index a9b0116..193c219 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -11,6 +11,6 @@ jobs: with: repo-token: ${{ secrets.GITHUB_TOKEN }} # The path to the label configuration file - # configuration-path: .github/labeler.yml # optional, default is .github/labeler.yml + # configuration-path: .github/labeler.yml # optional, default is ".github/labeler.yml" # Whether or not to remove labels when matching files are reverted or no longer changed by the PR - sync-labels: true # optional, default is false + sync-labels: true # optional, default is "false" diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 05ee0a3..c7399f3 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -21,31 +21,31 @@ jobs: # The message to post on the pr when closing it. If none provided, will not comment when closing a pull requests. close-pr-message: "Stale pull request closed" # optional # The number of days old an issue can be before marking it stale. Set to -1 to never mark issues or pull requests as stale automatically. - days-before-stale: 60 # optional, default is 60 + # days-before-stale: 60 # optional, default is "60" # The number of days to wait to close an issue or pull request after it being marked stale. Set to -1 to never close stale issues. - days-before-close: 7 # optional, default is 7 + # days-before-close: 7 # optional, default is "7" # The label to apply when an issue is stale. - stale-issue-label: "no-issue-activity" # optional, default is Stale + stale-issue-label: "no-issue-activity" # optional, default is "Stale" # The label to apply when an issue is closed. - # close-issue-label: "" # optional + # close-issue-label: # optional # The labels to apply when an issue is exempt from being marked stale. Separate multiple labels with commas (eg. "label1,label2") - exempt-issue-labels: "awaiting-approval,work-in-progress" # optional, default is + exempt-issue-labels: "awaiting-approval,work-in-progress" # optional # The label to apply when a pull request is stale. - stale-pr-label: "no-pr-activity" # optional, default is Stale + stale-pr-label: "no-pr-activity" # optional, default is "Stale" # The label to apply when a pull request is closed. - # close-pr-label: "" # optional + # close-pr-label: # optional # The labels to apply when a pull request is exempt from being marked stale. Separate multiple labels with commas (eg. "label1,label2") - exempt-pr-labels: "awaiting-approval,work-in-progress" # optional, default is + exempt-pr-labels: "awaiting-approval,work-in-progress" # optional # Only issues or pull requests with all of these labels are checked if stale. Defaults to `[]` (disabled) and can be a comma-separated list of labels. - only-labels: "awaiting-feedback,awaiting-answers" # optional, default is + only-labels: "awaiting-feedback,awaiting-answers" # optional # The maximum number of operations per run, used to control rate limiting. - # operations-per-run: 30 # optional, default is 30 + # operations-per-run: 30 # optional, default is "30" # Remove stale labels from issues when they are updated or commented on. - # remove-stale-when-updated: true # optional, default is true + # remove-stale-when-updated: true # optional, default is "true" # Run the processor in debug mode without actually performing any operations on live issues. # debug-only: # optional # The order to get issues or pull requests. Defaults to false, which is descending - # ascending: false # optional + # ascending: false # optional, default is "false" # Skip adding stale message when marking a pull request as stale. # skip-stale-pr-message: # optional # Skip adding stale message when marking an issue as stale. diff --git a/Dockerfile b/Dockerfile index 968d4d2..34dcf8c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG NGINX_VERSION=1.19 # --------- # Development stage # --------- -FROM node:${NODE_VERSION}-alpine AS development +FROM --platform=${BUILDPLATFORM:-arm64} node:${NODE_VERSION}-alpine AS development WORKDIR /app @@ -35,7 +35,7 @@ RUN set -eux; \ # Nginx stage # ----------- # Depends on the "build" stage above -FROM nginx:${NGINX_VERSION}-alpine AS nginx +FROM --platform=${TARGETPLATFORM:-arm64} nginx:${NGINX_VERSION}-alpine AS nginx WORKDIR /app From 4943dffff1a545b2ca30b96845b462bf874db9be Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 01:36:55 +0200 Subject: [PATCH 03/11] Fix entrypoint --- docker/docker-entrypoint.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 docker/docker-entrypoint.sh diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh old mode 100644 new mode 100755 From 7828b7aff2a1b75b8dfed4d55c293fa3b0340265 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 01:47:10 +0200 Subject: [PATCH 04/11] Remove deployment to Github pages --- .github/workflows/ci-cd.yml | 59 ------------------------------------- 1 file changed, 59 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 942286b..50bb627 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -201,65 +201,6 @@ jobs: echo ::set-output name=tags::${TAGS} echo ::set-output name=created::$(date -u +'%Y-%m-%dT%H:%M:%SZ') - - name: Setup Node.JS - uses: actions/setup-node@v1 - with: - node-version: "14" - - - name: Setup Travis DPL - run: | - sudo apt update - sudo apt install -y ruby - sudo gem install dpl --pre - - # https://github.com/actions/cache/blob/main/examples.md#node---yarn-2 - - name: Get yarn cache directory path - id: yarn-cache-dir-path - run: echo "::set-output name=dir::$(yarn config get cacheFolder)" - - name: Cache local yarn repository - id: yarn-cache - uses: actions/cache@v2 - with: - # A list of files, directories, and wildcard patterns to cache and restore. See @actions/glob for supported patterns. - path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - # An explicit key for restoring and saving the cache - key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} - # An ordered list of keys to use for restoring the cache if no cache hit occurred for key - restore-keys: | - ${{ runner.os }}-yarn- - - - name: Install dependencies - run: yarn install --immutable - - - name: Build - run: yarn run build - - # https://github.com/travis-ci/dpl#github-pages - - name: Deploy to Github Pages (Production) - if: github.ref == 'refs/heads/master' - run: | - dpl pages git \ - --repo D3strukt0r/weleda-webcenter-text-export-prod \ - --token ${{ secrets.PAT }} \ - --target_branch master \ - --keep_history \ - --allow_empty_commit \ - --verbose \ - --local_dir build \ - --fqdn webcenter-text-export.manuele-vaccari.ch - - name: Deploy to Github Pages (Development) - if: github.ref == 'refs/heads/develop' - run: | - dpl pages git \ - --repo D3strukt0r/weleda-webcenter-text-export-dev \ - --token ${{ secrets.PAT }} \ - --target_branch master \ - --keep_history \ - --allow_empty_commit \ - --verbose \ - --local_dir build \ - --fqdn webcenter-text-export-dev.manuele-vaccari.ch - - name: Setup QEMU id: qemu uses: docker/setup-qemu-action@v1 From c843d8abe19dfa08006405f0c8bf483d7ad6c1fa Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 01:55:38 +0200 Subject: [PATCH 05/11] Reduce healthcheck output --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 34dcf8c..bf423dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -76,7 +76,7 @@ RUN set -eux; \ # Fix permission adduser -u 82 -D -S -G www-data www-data -HEALTHCHECK --interval=10s --timeout=3s --retries=3 CMD curl -f http://localhost/ || exit 1 +HEALTHCHECK --interval=10s --timeout=3s --retries=3 CMD curl -fsSL http://localhost >/dev/null || exit 1 COPY docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint ENTRYPOINT ["docker-entrypoint"] From f888646392700028f79d8952e10217bb89495419 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 02:07:00 +0200 Subject: [PATCH 06/11] Skip SHA builds --- .github/workflows/ci-cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 50bb627..e572011 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -193,8 +193,8 @@ jobs: MINOR=${VERSION%.*} MAJOR=${MINOR%.*} TAGS="$TAGS,${DOCKER_IMAGE}:${MINOR},${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:latest" - elif [ "${{ github.event_name }}" = 'push' ]; then - TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" + # elif [ "${{ github.event_name }}" = 'push' ]; then + # TAGS="$TAGS,${DOCKER_IMAGE}:sha-${GITHUB_SHA::8}" fi echo ::set-output name=version::${VERSION} From ee3b9d7d3cf0f17aff40d2d99417a94da7e208b6 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 02:07:12 +0200 Subject: [PATCH 07/11] Add maintainer --- .github/workflows/ci-cd.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index e572011..63ec1a7 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -270,6 +270,7 @@ jobs: # List of metadata for an image # https://github.com/opencontainers/image-spec/blob/master/annotations.md labels: | # optional + maintainer=Manuele Vaccari org.opencontainers.image.created=${{ steps.prep.outputs.created }} org.opencontainers.image.url=${{ github.event.repository.html_url }} org.opencontainers.image.source=${{ github.event.repository.clone_url }} From 49c3db37cb4591b2053d8a5422f325e70f32a110 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 12:13:01 +0200 Subject: [PATCH 08/11] Fix wrong default platform --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index bf423dd..03b5b17 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,7 +8,7 @@ ARG NGINX_VERSION=1.19 # --------- # Development stage # --------- -FROM --platform=${BUILDPLATFORM:-arm64} node:${NODE_VERSION}-alpine AS development +FROM --platform=${BUILDPLATFORM:-linux/amd64} node:${NODE_VERSION}-alpine AS development WORKDIR /app @@ -35,7 +35,7 @@ RUN set -eux; \ # Nginx stage # ----------- # Depends on the "build" stage above -FROM --platform=${TARGETPLATFORM:-arm64} nginx:${NGINX_VERSION}-alpine AS nginx +FROM --platform=${TARGETPLATFORM:-linux/amd64} nginx:${NGINX_VERSION}-alpine AS nginx WORKDIR /app From 05c616a99e14e8d18bff1adf3b403a9354633817 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 21:00:22 +0200 Subject: [PATCH 09/11] Add documentation --- docker/default-ssl.conf | 18 ++++++++++++++ docker/default.conf | 18 ++++++++++++++ docker/nginx.conf | 53 ++++++++++++++++++++++++++--------------- 3 files changed, 70 insertions(+), 19 deletions(-) diff --git a/docker/default-ssl.conf b/docker/default-ssl.conf index ef0da92..bda376b 100644 --- a/docker/default-ssl.conf +++ b/docker/default-ssl.conf @@ -1,3 +1,21 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/docker/default.conf b/docker/default.conf index 4d9cbbc..101b15a 100644 --- a/docker/default.conf +++ b/docker/default.conf @@ -1,3 +1,21 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + server { listen 80; listen [::]:80; diff --git a/docker/nginx.conf b/docker/nginx.conf index 1709347..eeab3df 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -1,51 +1,66 @@ user nginx; worker_processes auto; - -error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; + # multi_accept on; } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; + ################## + # Basic Settings # + ################## + sendfile on; + # tcp_nopush on; + # types_hash_max_size 2048; + # server_tokens off; - access_log /var/log/nginx/access.log main; + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; - sendfile on; - #tcp_nopush on; + include /etc/nginx/mime.types; + default_type application/octet-stream; keepalive_timeout 65; # Max upload size client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE}; - # SSL + ################ + # SSL Settings # + ################ ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH; ssl_prefer_server_ciphers on; # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#using-sslv3-with-https ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; - #ssl_stapling on; - #ssl_stapling_verify on; - #ssl_trusted_certificate /root/certs/example.com/cert.crt; + # ssl_stapling on; + # ssl_stapling_verify on; + # ssl_trusted_certificate /root/certs/example.com/cert.crt; + + #################### + # Logging Settings # + #################### + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; - # GZIP compression + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; + + ################# + # Gzip Settings # + ################# gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/jpg image/jpeg image/png image/svg+xml; - # servers + ######################## + # Virtual Host Configs # + ######################## include /etc/nginx/conf.d/*.conf; - - #server_tokens off; } From 1bcef518a5ff16afd67fe634f18686c1ab445f28 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Mon, 5 Oct 2020 21:00:33 +0200 Subject: [PATCH 10/11] Remove unnecessary platform argument --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 03b5b17..54012f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,7 +35,7 @@ RUN set -eux; \ # Nginx stage # ----------- # Depends on the "build" stage above -FROM --platform=${TARGETPLATFORM:-linux/amd64} nginx:${NGINX_VERSION}-alpine AS nginx +FROM nginx:${NGINX_VERSION}-alpine AS nginx WORKDIR /app From fd4542aa9fa82a603d9e448f9e61074b2a6765e7 Mon Sep 17 00:00:00 2001 From: Manuele Vaccari Date: Wed, 7 Oct 2020 15:21:26 +0200 Subject: [PATCH 11/11] Run CI for all branches and CD only for master and develop --- .github/workflows/ci-cd.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 63ec1a7..9c59a76 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -6,8 +6,7 @@ env: on: push: branches: - - master - - develop + - "**" tags: - "*.*.*" paths: @@ -41,7 +40,7 @@ jobs: - name: Checkout uses: actions/checkout@v2 - - name: Setup Node.JS + - name: Setup Node.js uses: actions/setup-node@v1 with: node-version: "14" @@ -157,7 +156,7 @@ jobs: needs: test runs-on: ubuntu-latest - if: github.event_name != 'pull_request' && github.repository == 'D3strukt0r/weleda-webcenter-text-export' + if: github.event_name != 'pull_request' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop') && github.repository == 'D3strukt0r/weleda-webcenter-text-export' steps: - name: Checkout @@ -179,6 +178,7 @@ jobs: elif [ "$VERSION" = 'develop' ]; then VERSION=nightly else + # Rename my/branch to my-branch VERSION=$(echo "$VERSION" | sed -r 's#/+#-#g') fi