-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1138 from gafderks/docker-workflow
Implement docker workflow for ocd theme
- Loading branch information
Showing
18 changed files
with
212 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,7 +7,6 @@ build/ | |
static/ | ||
media/ | ||
functional_tests/ | ||
tests/ | ||
**/*.mo | ||
**/*.pyc | ||
.git/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
name: Docker build and export | ||
|
||
on: | ||
push: | ||
branches: | ||
- "theme/ocd" | ||
pull_request: | ||
branches: | ||
- "theme/ocd" | ||
|
||
env: | ||
WEB_TEST_IMAGE: dbase-web:test | ||
WEB_IMAGE: gafderkspersonal/dbase-web | ||
NGINX_TEST_IMAGE: dbase-nginx:test | ||
NGINX_IMAGE: gafderkspersonal/dbase-nginx | ||
|
||
jobs: | ||
build: | ||
environment: CI | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
- name: Set short git commit SHA | ||
id: vars | ||
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | ||
- name: Output git commit SHA | ||
run: echo ${{ steps.vars.outputs.sha_short }} | ||
- name: Build web test image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
target: web-test | ||
context: . | ||
load: true | ||
tags: ${{ env.WEB_TEST_IMAGE }} | ||
- name: Test web test image | ||
run: | | ||
docker run \ | ||
-e SECRET_KEY="${{ secrets.SECRET_KEY }}" \ | ||
-e DATABASE_URL="sqlite:////app/db.sqlite3" \ | ||
-e DEBUG=on \ | ||
--rm ${{ env.WEB_TEST_IMAGE }} \ | ||
python manage.py test --exclude-tag=functional -v 2 | ||
- name: Build nginx image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
target: nginx | ||
context: . | ||
load: true | ||
tags: ${{ env.NGINX_TEST_IMAGE }} | ||
- name: Publish web image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
target: runtime | ||
tags: ${{ env.WEB_IMAGE }}:latest-ocd,${{ env.WEB_IMAGE }}:${{ steps.vars.outputs.sha_short }}-ocd | ||
if: github.ref == 'refs/heads/theme/ocd' && github.event_name != 'pull_request' | ||
- name: Publish nginx image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
target: nginx | ||
tags: ${{ env.NGINX_IMAGE }}:latest-ocd,${{ env.NGINX_IMAGE }}:${{ steps.vars.outputs.sha_short }}-ocd | ||
if: github.ref == 'refs/heads/theme/ocd' && github.event_name != 'pull_request' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,21 +9,25 @@ ENV APP_HOME=/app | |
RUN mkdir -p ${APP_HOME} | ||
WORKDIR ${APP_HOME} | ||
|
||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends \ | ||
curl ca-certificates gnupg git | ||
RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates gnupg git \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Install Node.js | ||
SHELL ["/bin/bash", "-o", "pipefail", "-c"] | ||
RUN mkdir -p /etc/apt/keyrings && \ | ||
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \ | ||
NODE_MAJOR=20; echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && \ | ||
apt-get update && apt-get install -y --no-install-recommends nodejs | ||
apt-get update && apt-get install -y --no-install-recommends nodejs \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
RUN npm install -g [email protected] | ||
|
||
ENV PYTHONDONTWRITEBYTECODE 1 | ||
ENV PYTHONUNBUFFERED 1 | ||
ENV DOCKER_BUILD 1 | ||
ENV NODE_ENV production | ||
|
||
RUN pip install --upgrade --no-cache-dir pipenv==2023.10.24 wheel==0.41.2 | ||
COPY ./Pipfile . | ||
|
@@ -33,18 +37,18 @@ RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy | |
COPY ./package-lock.json . | ||
COPY ./package.json . | ||
|
||
RUN npm ci && \ | ||
RUN npm ci --omit=dev && \ | ||
npx update-browserslist-db@latest | ||
|
||
COPY . . | ||
|
||
RUN SECRET_KEY=dummy pipenv run ./manage.py collectstatic --noinput | ||
RUN SECRET_KEY=dummy pipenv run python ./manage.py collectstatic --noinput | ||
|
||
########### | ||
## NGINX ## | ||
########### | ||
|
||
FROM nginx:1.25.3@sha256:add4792d930c25dd2abf2ef9ea79de578097a1c175a16ab25814332fe33622de as nginx | ||
FROM nginx:1.25.3@sha256:1c274506e6ef5d92b7df28fd61e35cea64ed0530994bc16b768a69313e6ff74a as nginx | ||
LABEL maintainer="Geert Derks <[email protected]>" | ||
|
||
COPY ./config/nginx.conf /etc/nginx/nginx.conf | ||
|
@@ -56,10 +60,12 @@ COPY --from=base /app/static /opt/services/dbase/static | |
## RUNTIME ## | ||
############# | ||
|
||
FROM python:3.12-slim@sha256:8e216a21d8df597118b46f3fff477ed1c5c11be81531b6da87790a17851b7f1c as runtime | ||
FROM python:3.12-slim@sha256:41487afa4d11d89b3ec37fdfb652ceb2f2db0c19b2259a24b052e5805bc22197 as runtime | ||
LABEL maintainer="Geert Derks <[email protected]>" | ||
|
||
RUN apt-get update && apt-get install -y --no-install-recommends gettext curl | ||
RUN apt-get update && apt-get install -y --no-install-recommends gettext curl \ | ||
&& apt-get clean \ | ||
&& rm -rf /var/lib/apt/lists/* | ||
|
||
# Prevent writing pyc files | ||
ENV PYTHONDONTWRITEBYTECODE 1 | ||
|
@@ -73,7 +79,8 @@ ENV APP_HOME=/app | |
RUN groupadd -g 999 appuser && \ | ||
useradd -r -u 999 -g appuser appuser | ||
|
||
RUN mkdir ${APP_HOME} | ||
RUN mkdir ${APP_HOME} && \ | ||
chown appuser:appuser ${APP_HOME} | ||
RUN mkdir ${APP_HOME}/media && \ | ||
chown appuser:appuser ${APP_HOME}/media | ||
WORKDIR ${APP_HOME} | ||
|
@@ -88,12 +95,21 @@ COPY --chown=appuser:appuser . . | |
|
||
USER 999 | ||
|
||
ENV PATH="/${APP_HOME}/.venv/bin:$PATH" | ||
ENV PATH="${APP_HOME}/.venv/bin:$PATH" | ||
|
||
RUN django-admin compilemessages | ||
|
||
ENTRYPOINT [ "./entrypoint.sh" ] | ||
|
||
# Migrate (separate command, do not want to run this simultaneously if started multiple times.) | ||
############# | ||
## TESTING ## | ||
############# | ||
|
||
FROM base as base-test | ||
|
||
RUN PIPENV_VENV_IN_PROJECT=1 pipenv install --deploy --dev | ||
|
||
FROM runtime as web-test | ||
|
||
COPY --from=base-test --chown=appuser:appuser ${APP_HOME}/.venv ./.venv | ||
|
||
# TODO: https://snyk.io/blog/best-practices-containerizing-python-docker/#:~:text=5.%20Handle%20unhealthy%20states%20of%20your%20containerized%20Python%20application |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
Oops, something went wrong.