From 636dd28f5d6edd8b03ed042104d7dc95fd376ef5 Mon Sep 17 00:00:00 2001
From: Paul Sanders <pau@ethyca.com>
Date: Fri, 26 Aug 2022 10:52:24 -0400
Subject: [PATCH 1/4] Build docker image for privacy center

---
 clients/ops/privacy-center/.dockerignore | 16 ++++++++
 clients/ops/privacy-center/Dockerfile    | 50 ++++++++++++++++++++++++
 clients/ops/privacy-center/start.sh      |  6 +++
 3 files changed, 72 insertions(+)
 create mode 100644 clients/ops/privacy-center/.dockerignore
 create mode 100644 clients/ops/privacy-center/Dockerfile
 create mode 100755 clients/ops/privacy-center/start.sh

diff --git a/clients/ops/privacy-center/.dockerignore b/clients/ops/privacy-center/.dockerignore
new file mode 100644
index 000000000..761fa92e5
--- /dev/null
+++ b/clients/ops/privacy-center/.dockerignore
@@ -0,0 +1,16 @@
+.dockerignore
+.eslingrc.json
+.git
+.gitignore
+.jest.config.js
+.next
+.prettierignore
+.prettierrc.json
+Dockerfile
+LICENSE
+README.md
+__tests__
+jest.config.jest
+node_modules
+npm-debug.log
+**/*__mocks__
diff --git a/clients/ops/privacy-center/Dockerfile b/clients/ops/privacy-center/Dockerfile
new file mode 100644
index 000000000..166ec6565
--- /dev/null
+++ b/clients/ops/privacy-center/Dockerfile
@@ -0,0 +1,50 @@
+# Based on vercel/next.js example https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
+
+FROM node:16-alpine as deps
+
+RUN apk add --no-cache libc6-compat
+
+WORKDIR /app
+
+COPY package.json package-lock.json .
+RUN npm clean-install
+
+
+from node:16-alpine as builder
+
+WORKDIR /app
+
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN npm run build
+
+
+FROM node:16-alpine as runner
+
+WORKDIR /app
+
+ENV NODE_END production
+ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# We need to copy everything so we can rebuild with the new configs if needed
+COPY --from=builder --chown=nextjs:nodejs /app .
+
+# The config directory is not needed unless it is mounted as a volume because the next
+# build has already been run. By deleteing it we can check if is was added with a volume
+# and we to rebuild with a custom config.
+RUN rm -r config
+
+COPY ./start.sh . 
+RUN chmod +x start.sh && chown nextjs:nodejs start.sh
+
+USER nextjs
+
+EXPOSE 3000
+
+CMD ["./start.sh"]
diff --git a/clients/ops/privacy-center/start.sh b/clients/ops/privacy-center/start.sh
new file mode 100755
index 000000000..23241868f
--- /dev/null
+++ b/clients/ops/privacy-center/start.sh
@@ -0,0 +1,6 @@
+if [ -d config ]; then
+  echo "Recompiling with custom configuration..."
+  npm run build
+fi;
+
+npm run start

From 15bf404af1a215b706bf30540bb12635eb027c4c Mon Sep 17 00:00:00 2001
From: Paul Sanders <pau@ethyca.com>
Date: Tue, 30 Aug 2022 10:43:46 -0400
Subject: [PATCH 2/4] Update docs and add docker publish to workflow

---
 .github/workflows/publish_to_dockerhub.yml | 29 ++++++++++++++++++++-
 docs/fidesops/docs/deployment.md           | 30 +++++++++++++++++++++-
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish_to_dockerhub.yml b/.github/workflows/publish_to_dockerhub.yml
index fd9dc0bb7..d62de10fa 100644
--- a/.github/workflows/publish_to_dockerhub.yml
+++ b/.github/workflows/publish_to_dockerhub.yml
@@ -12,7 +12,7 @@ env:
   DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
 
 jobs:
-  push-image:
+  push-fidesops-image:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -43,3 +43,30 @@ jobs:
       - name: Push Prod Tags
         if: steps.check-tag.outputs.match == 'true'
         run: nox -s "push(prod)"
+  push-fidesops-privacy-center-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ env.DOCKER_USER }}  # Needs updating for fidesops privacy center
+          password: ${{ env.DOCKER_TOKEN }}  # Needs updating for fidesops privacy center
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@4
+        with:
+          images: ethyca/fidesops-privacy-center
+
+      - name: Change to privacy center directory
+        run: cd clients/ops/privacy-center
+
+      - name: Build and publish
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labes: ${{ steps.metadata.outputs.labesl }}
diff --git a/docs/fidesops/docs/deployment.md b/docs/fidesops/docs/deployment.md
index 182accbc4..58d9d69ef 100644
--- a/docs/fidesops/docs/deployment.md
+++ b/docs/fidesops/docs/deployment.md
@@ -10,6 +10,8 @@ Fully deployed, `fidesops` has three individual systems you'll need to run:
 
 ![Deployment Diagram](img/Deployment_Diagram.png)
 
+Optionally the frontend [privacy center](#step-4-setup-privacy-center-\(optional\)) can be deployed as a pre-built way to handle privacy requests.
+
 Let's review each individually.
 
 ## Step 1: Setup Hosted Database
@@ -145,4 +147,30 @@ Note that there's no need for a persistent volume mount for the web server, it's
 
 To test that your server is running, visit `http://{server_url}/health` in your browser (e.g. http://0.0.0.0:8080/health) and you should see `{"webserver": "healthy", "database": "healthy", "cache": "healthy"}`.
 
-You now have a functional `fidesops` server running! Now you can use the API to set up your OAuth clients, connect to databases, configure policies, execute privacy requests, etc. To learn more, head to the [How-To Guides](guides/oauth.md) for details.
\ No newline at end of file
+You now have a functional `fidesops` server running! Now you can use the API to set up your OAuth clients, connect to databases, configure policies, execute privacy requests, etc. To learn more, head to the [How-To Guides](guides/oauth.md) for details.
+
+## Step 4: Setup Privacy Center (Optional)
+
+### Install the fidesops privacy center via Docker
+
+First, ensure that Docker is running on your host, with a minimum version of `20.10.8`.
+
+You can `docker pull ethyca/fidesops-privacy-center` to get the latest image from Ethyca's Docker Hub here: [ethyca/fidesops-privacy-center](https://hub.docker.com/r/ethyca/fidesops-privacy-center).
+
+```
+docker pull ethyca/fidesops-privacy-center
+```
+
+Once pulled, you can run `docker run -rm -p 3000:3000 ethyca/fidesops-privacy-center:latest` to start the server.
+
+To configure the privacy center for your environment create a project directory, i.e. `~/custom-privacy-center`, and within
+this directory create a `config` directory. Copy the [config.json](https://github.com/ethyca/fidesops/blob/main/clients/ops/privacy-center/config/config.json)
+and [config.css](https://github.com/ethyca/fidesops/blob/main/clients/ops/privacy-center/config/config.css) into the `config`
+directory and modify to fit your needs. More information about the configuration options can be found [here](https://ethyca.github.io/fidesops/ui/privacy_center/).
+
+After the configuration is updated the docker image can be run using your custom settings. From within the `~/custom-privacy-center` directory (modify this
+directory name to match the name you used) start the docker container:
+
+```
+docker run --rm -v $(pwd)/config:/app/config -p 3000:3000 ethyca/fidesops-privacy-center:latest`.
+```

From 4b4b44098fdbe7f31cc61292ed28553214832c98 Mon Sep 17 00:00:00 2001
From: Paul Sanders <pau@ethyca.com>
Date: Tue, 30 Aug 2022 10:51:11 -0400
Subject: [PATCH 3/4] Update CHANGELOG

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 438f04aff..8f8d9353c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,13 +19,19 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fidesops/compare/1.7.2...main)
 
+### Developer Experience
+
+* Created a docker image for the privacy center [1165](https://github.com/ethyca/fidesops/pull/1165)
+
 ### Docs
+
 * Fix analytics opt out environment variable name [#1170](https://github.com/ethyca/fidesops/pull/1170)
 * Added how to view a subject request history and reprocess a subject request [#1164](https://github.com/ethyca/fidesops/pull/1164)
 
 ## [1.7.2](https://github.com/ethyca/fidesops/compare/1.7.1...1.7.2)
 
 ### Added
+
 * Adds users and owners configuration for Hubspot connector [#1091](https://github.com/ethyca/fidesops/pull/1091)
 * Foundations for a new email connector type [#1142](https://github.com/ethyca/fidesops/pull/1142)
 

From 75702dd6b23b01f5c8fc7b4b3434a4116352d2b6 Mon Sep 17 00:00:00 2001
From: Paul Sanders <pau@ethyca.com>
Date: Tue, 30 Aug 2022 11:27:06 -0400
Subject: [PATCH 4/4] Move privacy center docker publish to its own workflow

---
 .../publish_privacy_center_to_dockerhub.yaml  | 43 +++++++++++++++++++
 .github/workflows/publish_to_dockerhub.yml    | 27 ------------
 2 files changed, 43 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/publish_privacy_center_to_dockerhub.yaml

diff --git a/.github/workflows/publish_privacy_center_to_dockerhub.yaml b/.github/workflows/publish_privacy_center_to_dockerhub.yaml
new file mode 100644
index 000000000..049dec124
--- /dev/null
+++ b/.github/workflows/publish_privacy_center_to_dockerhub.yaml
@@ -0,0 +1,43 @@
+name: Docker Build & Push Privacy Center
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "clients/ops/privacy-center
+    tags:
+      - "*"
+
+env:
+  DOCKER_USER: ethycaci
+  DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+
+jobs:
+  push-fidesops-privacy-center-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ env.DOCKER_USER }}  # Needs updating for fidesops privacy center
+          password: ${{ env.DOCKER_TOKEN }}  # Needs updating for fidesops privacy center
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@4
+        with:
+          images: ethyca/fidesops-privacy-center
+
+      - name: Change to privacy center directory
+        run: cd clients/ops/privacy-center
+
+      - name: Build and publish
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labes: ${{ steps.metadata.outputs.labesl }}
diff --git a/.github/workflows/publish_to_dockerhub.yml b/.github/workflows/publish_to_dockerhub.yml
index d62de10fa..88ae49502 100644
--- a/.github/workflows/publish_to_dockerhub.yml
+++ b/.github/workflows/publish_to_dockerhub.yml
@@ -43,30 +43,3 @@ jobs:
       - name: Push Prod Tags
         if: steps.check-tag.outputs.match == 'true'
         run: nox -s "push(prod)"
-  push-fidesops-privacy-center-image:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ env.DOCKER_USER }}  # Needs updating for fidesops privacy center
-          password: ${{ env.DOCKER_TOKEN }}  # Needs updating for fidesops privacy center
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@4
-        with:
-          images: ethyca/fidesops-privacy-center
-
-      - name: Change to privacy center directory
-        run: cd clients/ops/privacy-center
-
-      - name: Build and publish
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labes: ${{ steps.metadata.outputs.labesl }}