From b6967e8e2cec205b9c8f6ada7c8730757b7f57db Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Mon, 1 Jul 2024 15:05:45 +0100 Subject: [PATCH 1/9] add docker file --- .dockerignore | 4 ++++ Dockerfile | 19 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..7a38b3f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +node_modules/ +.github/ +.idea/ +.vscode/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0333feb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,19 @@ +# LTS version of Node.js +FROM node:20.9.0-alpine + +RUN mkdir -p /app + +WORKDIR /app + +COPY package*.json ./ + +RUN npm install + +COPY . . + +RUN npm run build + +EXPOSE 4455 + +# Start the app on port 4455 as recommended by ory +CMD ["npm", "start", "--", "-p", "4455"] \ No newline at end of file From 169736ebc83aa6f3db0be886a1b8d5be87dffb72 Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Mon, 1 Jul 2024 17:47:21 +0100 Subject: [PATCH 2/9] added workflow to publish docker images --- .github/workflows/docker.yml | 63 ++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..2485030 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,63 @@ +name: Create and publish a Docker image +on: + release: + types: [published] + push: + branches: + - main + - dev + + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + attestations: write + id-token: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ secrets.GITHUB_USERNAME }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." + * name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + + From af20bc2444f1dc2c4c4bb103c082a5cbbbb774db Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Mon, 1 Jul 2024 17:55:38 +0100 Subject: [PATCH 3/9] fix workflow --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 2485030..4e9a47a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -53,7 +53,7 @@ jobs: labels: ${{ steps.meta.outputs.labels }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - * name: Generate artifact attestation + - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 with: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} From 6fdd10c842f8fe65e7c639cd0e39a24c9a0f8646 Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Mon, 1 Jul 2024 18:04:24 +0100 Subject: [PATCH 4/9] fix gh user --- .github/workflows/docker.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4e9a47a..0dc2bc1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -32,7 +32,7 @@ jobs: uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: registry: ${{ env.REGISTRY }} - username: ${{ secrets.GITHUB_USERNAME }} + username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker From 2cab159bfb2cbe97243d967a8b52704aafe2bca8 Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Tue, 13 Aug 2024 11:30:05 +0100 Subject: [PATCH 5/9] remove CI flows not required --- .github/workflows/release.yml | 4 ++-- .github/workflows/test.yml | 34 +--------------------------------- 2 files changed, 3 insertions(+), 35 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bfb451c..0c19e74 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,9 +10,9 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with: - node-version: '16' + node-version: '20' - run: npm ci - run: npm version --no-git-tag-version ${{ github.event.release.tag_name }} - run: npm run build - - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN_AENEASR }}" > ~/.npmrc + - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - run: npm publish --access public diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7995913..ee2fb81 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,45 +7,13 @@ on: - dev jobs: - production: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - with: - node-version: '16' - - run: npm ci - - run: npm run format:check - - run: npm run build - - run: | - npm run start & - npm run test - env: - ORY_KRATOS_URL: https://playground.projects.oryapis.com/ - - staging: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - with: - node-version: '16' - - run: npm ci - - run: npm run format:check - - run: npm run build - - run: | - npm run start & - npm run test - env: - ORY_KRATOS_URL: https://blissful-greider-9hmtg26xai.projects.staging.oryapis.dev/ - self-hosted: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: actions/setup-node@v2 with: - node-version: '16' + node-version: '20' - run: npm ci - run: npm run format:check - run: npm run build From 7018b23ccd559718bc804555241ff5355248d7f0 Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Tue, 13 Aug 2024 11:38:05 +0100 Subject: [PATCH 6/9] delete publish flow as not needed --- .github/workflows/release.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 0c19e74..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Release NPM Package -on: - release: - types: [published] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - with: - node-version: '20' - - run: npm ci - - run: npm version --no-git-tag-version ${{ github.event.release.tag_name }} - - run: npm run build - - run: echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" > ~/.npmrc - - run: npm publish --access public From 689060065cb213dcecc6b02fefe61ec965dff775 Mon Sep 17 00:00:00 2001 From: yatharthranjan Date: Tue, 13 Aug 2024 11:59:46 +0100 Subject: [PATCH 7/9] fix docker compose cmd --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ee2fb81..d045c2b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: cd ../kratos git checkout master make docker - docker-compose -f quickstart.yml -f quickstart-latest.yml -f contrib/quickstart/kratos/cloud/quickstart.yml up --build --force-recreate -d + docker compose -f quickstart.yml -f quickstart-latest.yml -f contrib/quickstart/kratos/cloud/quickstart.yml up --build --force-recreate -d - run: | npm run start & npm run test From a8b38bec13ea083ee96cc63a47caa784333f7d6f Mon Sep 17 00:00:00 2001 From: Yatharth Ranjan Date: Wed, 14 Aug 2024 12:02:42 +0100 Subject: [PATCH 8/9] run docker GA on feature branches --- .github/workflows/docker.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 0dc2bc1..b6503f1 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -6,6 +6,8 @@ on: branches: - main - dev + - 'feat/**' + - 'feature/**' # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. From 0ca96a323faa81750bbd212f16220d181621e370 Mon Sep 17 00:00:00 2001 From: Yatharth Ranjan Date: Wed, 14 Aug 2024 12:06:53 +0100 Subject: [PATCH 9/9] update docker port to 3000 for backward compatibility --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0333feb..721ae7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ COPY . . RUN npm run build -EXPOSE 4455 +EXPOSE 3000 # Start the app on port 4455 as recommended by ory -CMD ["npm", "start", "--", "-p", "4455"] \ No newline at end of file +CMD ["npm", "start", "--", "-p", "3000"]