diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index e69de29..0000000 diff --git a/.github/workflows/publish-api.yaml b/.github/workflows/publish-api.yaml new file mode 100644 index 0000000..72dd0ac --- /dev/null +++ b/.github/workflows/publish-api.yaml @@ -0,0 +1,51 @@ +# +name: Create and publish docker images for the API + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['main'] + paths: + - 'api/**' + workflow_dispatch: + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-api + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: api + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/.github/workflows/publish-ui.yaml b/.github/workflows/publish-ui.yaml new file mode 100644 index 0000000..8304121 --- /dev/null +++ b/.github/workflows/publish-ui.yaml @@ -0,0 +1,55 @@ +# +name: Create and publish docker images for the UI + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['main'] + paths: + - 'app/**' + workflow_dispatch: + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-ui + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: app + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + "REACT_APP_HCAPTCHA_SITE_KEY=${{ secrets.REACT_APP_HCAPTCHA_SITE_KEY }}" + "REACT_APP_FAUCET_API_URL=${{ secrets.REACT_APP_FAUCET_API_URL}}" + \ No newline at end of file diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e69de29..0000000 diff --git a/api/.dockerignore b/api/.dockerignore new file mode 100644 index 0000000..ea31b69 --- /dev/null +++ b/api/.dockerignore @@ -0,0 +1,21 @@ +# Python +__pycache__ +*.pyc +*.pyo +*.pyd +.Python +env +pip-log.txt +pip-delete-this-directory.txt +.tox +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.log +.git +.mypy_cache +.pytest_cache +.hypothesis \ No newline at end of file diff --git a/api/Dockerfile b/api/Dockerfile new file mode 100644 index 0000000..dedcc66 --- /dev/null +++ b/api/Dockerfile @@ -0,0 +1,11 @@ +FROM python:3.8-slim-buster + +WORKDIR api + +COPY requirements.txt requirements.txt +RUN pip3 install -r requirements.txt + +COPY . . + +EXPOSE 5000 +CMD [ "python3", "-m" , "flask", "run", "--host=0.0.0.0", "--port", "5000"] \ No newline at end of file diff --git a/app/.dockerignore b/app/.dockerignore new file mode 100644 index 0000000..bf3e1d1 --- /dev/null +++ b/app/.dockerignore @@ -0,0 +1,9 @@ +# NodeJS +**/node_modules/ +**/dist +.git +npm-debug.log +.coverage +.coverage.* +.env +.aws \ No newline at end of file diff --git a/app/Dockerfile b/app/Dockerfile new file mode 100644 index 0000000..fc31313 --- /dev/null +++ b/app/Dockerfile @@ -0,0 +1,22 @@ +# Stage 1 +FROM node:18.5.0-slim@sha256:ab9c000b5369548683617a64ced2eace8714b496abaeac9bd796266471ee65a7 as builder + +WORKDIR app +COPY package.json . +COPY yarn.lock . +RUN yarn +COPY . . + +ENV NODE_ENV production +ARG REACT_APP_HCAPTCHA_SITE_KEY +ARG REACT_APP_FAUCET_API_URL +ENV REACT_APP_HCAPTCHA_SITE_KEY ${REACT_APP_HCAPTCHA_SITE_KEY} +ENV REACT_APP_FAUCET_API_URL ${REACT_APP_FAUCET_API_URL} +RUN yarn build + +# Stage 2 +FROM nginx:1.25.3@sha256:3c4c1f42a89e343c7b050c5e5d6f670a0e0b82e70e0e7d023f10092a04bbb5a7 +WORKDIR /usr/share/nginx/html +RUN rm -rf ./* +COPY --from=builder /app/build . +ENTRYPOINT ["nginx", "-g", "daemon off;"] \ No newline at end of file