Build docker image for privacy center

.github/workflows/publish_to_dockerhub.yml

@@ -12,7 +12,7 @@ env:
   DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
 
 jobs:
-  push-image:
+  push-fidesops-image:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -43,3 +43,30 @@ jobs:
       - name: Push Prod Tags
         if: steps.check-tag.outputs.match == 'true'
         run: nox -s "push(prod)"
+  push-fidesops-privacy-center-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ env.DOCKER_USER }}  # Needs updating for fidesops privacy center
+          password: ${{ env.DOCKER_TOKEN }}  # Needs updating for fidesops privacy center
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@4
+        with:
+          images: ethyca/fidesops-privacy-center
+
+      - name: Change to privacy center directory
+        run: cd clients/ops/privacy-center
+
+      - name: Build and publish
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labes: ${{ steps.metadata.outputs.labesl }}

CHANGELOG.md

@@ -19,13 +19,19 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fidesops/compare/1.7.2...main)
 
+### Developer Experience
+
+* Created a docker image for the privacy center [1165](https://github.com/ethyca/fidesops/pull/1165)
+
 ### Docs
+
 * Fix analytics opt out environment variable name [#1170](https://github.com/ethyca/fidesops/pull/1170)
 * Added how to view a subject request history and reprocess a subject request [#1164](https://github.com/ethyca/fidesops/pull/1164)
 
 ## [1.7.2](https://github.com/ethyca/fidesops/compare/1.7.1...1.7.2)
 
 ### Added
+
 * Adds users and owners configuration for Hubspot connector [#1091](https://github.com/ethyca/fidesops/pull/1091)
 * Foundations for a new email connector type [#1142](https://github.com/ethyca/fidesops/pull/1142)
 

clients/ops/privacy-center/.dockerignore

@@ -0,0 +1,16 @@
+.dockerignore
+.eslingrc.json
+.git
+.gitignore
+.jest.config.js
+.next
+.prettierignore
+.prettierrc.json
+Dockerfile
+LICENSE
+README.md
+__tests__
+jest.config.jest
+node_modules
+npm-debug.log
+**/*__mocks__

clients/ops/privacy-center/Dockerfile

@@ -0,0 +1,50 @@
+# Based on vercel/next.js example https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
+
+FROM node:16-alpine as deps
+
+RUN apk add --no-cache libc6-compat
+
+WORKDIR /app
+
+COPY package.json package-lock.json .
+RUN npm clean-install
+
+
+from node:16-alpine as builder
+
+WORKDIR /app
+
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN npm run build
+
+
+FROM node:16-alpine as runner
+
+WORKDIR /app
+
+ENV NODE_END production
+ENV NEXT_TELEMETRY_DISABLED 1
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# We need to copy everything so we can rebuild with the new configs if needed
+COPY --from=builder --chown=nextjs:nodejs /app .
+
+# The config directory is not needed unless it is mounted as a volume because the next
+# build has already been run. By deleteing it we can check if is was added with a volume
+# and we to rebuild with a custom config.
+RUN rm -r config
+
+COPY ./start.sh . 
+RUN chmod +x start.sh && chown nextjs:nodejs start.sh
+
+USER nextjs
+
+EXPOSE 3000
+
+CMD ["./start.sh"]

clients/ops/privacy-center/start.sh

@@ -0,0 +1,6 @@
+if [ -d config ]; then
+  echo "Recompiling with custom configuration..."
+  npm run build
+fi;
+
+npm run start

docs/fidesops/docs/deployment.md

@@ -10,6 +10,8 @@ Fully deployed, `fidesops` has three individual systems you'll need to run:
 
 ![Deployment Diagram](img/Deployment_Diagram.png)
 
+Optionally the frontend [privacy center](#step-4-setup-privacy-center-\(optional\)) can be deployed as a pre-built way to handle privacy requests.
+
 Let's review each individually.
 
 ## Step 1: Setup Hosted Database
@@ -145,4 +147,30 @@ Note that there's no need for a persistent volume mount for the web server, it's
 
 To test that your server is running, visit `http://{server_url}/health` in your browser (e.g. http://0.0.0.0:8080/health) and you should see `{"webserver": "healthy", "database": "healthy", "cache": "healthy"}`.
 
-You now have a functional `fidesops` server running! Now you can use the API to set up your OAuth clients, connect to databases, configure policies, execute privacy requests, etc. To learn more, head to the [How-To Guides](guides/oauth.md) for details.
+You now have a functional `fidesops` server running! Now you can use the API to set up your OAuth clients, connect to databases, configure policies, execute privacy requests, etc. To learn more, head to the [How-To Guides](guides/oauth.md) for details.
+
+## Step 4: Setup Privacy Center (Optional)
+
+### Install the fidesops privacy center via Docker
+
+First, ensure that Docker is running on your host, with a minimum version of `20.10.8`.
+
+You can `docker pull ethyca/fidesops-privacy-center` to get the latest image from Ethyca's Docker Hub here: [ethyca/fidesops-privacy-center](https://hub.docker.com/r/ethyca/fidesops-privacy-center).
+
+```
+docker pull ethyca/fidesops-privacy-center
+```
+
+Once pulled, you can run `docker run -rm -p 3000:3000 ethyca/fidesops-privacy-center:latest` to start the server.
+
+To configure the privacy center for your environment create a project directory, i.e. `~/custom-privacy-center`, and within
+this directory create a `config` directory. Copy the [config.json](https://github.com/ethyca/fidesops/blob/main/clients/ops/privacy-center/config/config.json)
+and [config.css](https://github.com/ethyca/fidesops/blob/main/clients/ops/privacy-center/config/config.css) into the `config`
+directory and modify to fit your needs. More information about the configuration options can be found [here](https://ethyca.github.io/fidesops/ui/privacy_center/).
+
+After the configuration is updated the docker image can be run using your custom settings. From within the `~/custom-privacy-center` directory (modify this
+directory name to match the name you used) start the docker container:
+
+```
+docker run --rm -v $(pwd)/config:/app/config -p 3000:3000 ethyca/fidesops-privacy-center:latest`.
+```