-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1136 from gafderks/action/docker
Added docker workflow file
- Loading branch information
Showing
10 changed files
with
116 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,6 @@ build/ | |
static/ | ||
media/ | ||
functional_tests/ | ||
tests/ | ||
**/*.mo | ||
**/*.pyc | ||
.git/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
name: Docker build and export | ||
|
||
on: | ||
push: | ||
branches: | ||
- "master" | ||
pull_request: | ||
|
||
env: | ||
WEB_TEST_IMAGE: dbase-web:test | ||
WEB_IMAGE: gafderkspersonal/dbase-web | ||
NGINX_TEST_IMAGE: dbase-nginx:test | ||
NGINX_IMAGE: gafderkspersonal/dbase-nginx | ||
|
||
jobs: | ||
build: | ||
environment: CI | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Set short git commit SHA | ||
id: vars | ||
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | ||
- name: Output git commit SHA | ||
run: echo ${{ steps.vars.outputs.sha_short }} | ||
- name: Build web test image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
target: web-test | ||
context: . | ||
load: true | ||
tags: ${{ env.WEB_TEST_IMAGE }} | ||
- name: Test web test image | ||
run: | | ||
docker run \ | ||
-e SECRET_KEY="${{ secrets.SECRET_KEY }}" \ | ||
-e DATABASE_URL="sqlite:////app/db.sqlite3" \ | ||
-e DEBUG=on \ | ||
--rm ${{ env.WEB_TEST_IMAGE }} \ | ||
python manage.py test --exclude-tag=functional -v 2 | ||
- name: Build nginx image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
target: nginx | ||
context: . | ||
load: true | ||
tags: ${{ env.NGINX_TEST_IMAGE }} | ||
- name: Publish web image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
target: runtime | ||
tags: ${{ env.WEB_IMAGE }}:latest,${{ env.WEB_IMAGE }}:${{ steps.vars.outputs.sha_short }} | ||
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' | ||
- name: Publish nginx image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
target: nginx | ||
tags: ${{ env.NGINX_IMAGE }}:latest,${{ env.NGINX_IMAGE }}:${{ steps.vars.outputs.sha_short }} | ||
if: github.ref == 'refs/heads/master' && github.event_name != 'pull_request' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,21 +9,25 @@ ENV APP_HOME=/app | |
RUN mkdir -p ${APP_HOME} | ||
WORKDIR ${APP_HOME} | ||
|
||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends \ | ||
curl ca-certificates gnupg git | ||
RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates gnupg git \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Install Node.js | ||
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
RUN mkdir -p /etc/apt/keyrings && \ | ||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ | ||
NODE_MAJOR=20; echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ | ||
apt-get update && apt-get install -y --no-install-recommends nodejs | ||
apt-get update && apt-get install -y --no-install-recommends nodejs \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
RUN npm install -g [email protected] | ||
|
||
ENV PYTHONDONTWRITEBYTECODE 1 | ||
ENV PYTHONUNBUFFERED 1 | ||
ENV DOCKER_BUILD 1 | ||
ENV NODE_ENV production | ||
|
||
RUN pip install --upgrade --no-cache-dir pipenv==2023.10.24 wheel==0.41.2 | ||
COPY ./Pipfile . | ||
|
@@ -33,12 +37,12 @@ RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy | |
COPY ./package-lock.json . | ||
COPY ./package.json . | ||
|
||
RUN npm ci && \ | ||
RUN npm ci --omit=dev && \ | ||
npx update-browserslist-db@latest | ||
|
||
COPY . . | ||
|
||
RUN SECRET_KEY=dummy pipenv run ./manage.py collectstatic --noinput | ||
RUN SECRET_KEY=dummy pipenv run python ./manage.py collectstatic --noinput | ||
|
||
########### | ||
## NGINX ## | ||
|
@@ -59,7 +63,9 @@ COPY --from=base /app/static /opt/services/dbase/static | |
FROM python:3.12-slim@sha256:41487afa4d11d89b3ec37fdfb652ceb2f2db0c19b2259a24b052e5805bc22197 as runtime | ||
LABEL maintainer="Geert Derks <[email protected]>" | ||
|
||
RUN apt-get update && apt-get install -y --no-install-recommends gettext curl | ||
RUN apt-get update && apt-get install -y --no-install-recommends gettext curl \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Prevent writing pyc files | ||
ENV PYTHONDONTWRITEBYTECODE 1 | ||
|
@@ -73,7 +79,8 @@ ENV APP_HOME=/app | |
RUN groupadd -g 999 appuser && \ | ||
useradd -r -u 999 -g appuser appuser | ||
|
||
RUN mkdir ${APP_HOME} | ||
RUN mkdir ${APP_HOME} && \ | ||
chown appuser:appuser ${APP_HOME} | ||
RUN mkdir ${APP_HOME}/media && \ | ||
chown appuser:appuser ${APP_HOME}/media | ||
WORKDIR ${APP_HOME} | ||
|
@@ -88,12 +95,21 @@ COPY --chown=appuser:appuser . . | |
|
||
USER 999 | ||
|
||
ENV PATH="/${APP_HOME}/.venv/bin:$PATH" | ||
ENV PATH="${APP_HOME}/.venv/bin:$PATH" | ||
|
||
RUN django-admin compilemessages | ||
|
||
ENTRYPOINT [ "./entrypoint.sh" ] | ||
|
||
# Migrate (separate command, do not want to run this simultaneously if started multiple times.) | ||
############# | ||
## TESTING ## | ||
############# | ||
|
||
FROM base as base-test | ||
|
||
RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy --dev | ||
|
||
FROM runtime as web-test | ||
|
||
COPY --from=base-test --chown=appuser:appuser ${APP_HOME}/.venv ./.venv | ||
|
||
# TODO: https://snyk.io/blog/best-practices-containerizing-python-docker/#:~:text=5.%20Handle%20unhealthy%20states%20of%20your%20containerized%20Python%20application |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.