Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(docker): setup github stuff to be parity with efs #1067

Merged
merged 4 commits into from
Dec 20, 2023
+70 −23
Merged

feat(docker): setup github stuff to be parity with efs #1067

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
12fe043
feat(docker): setup github stuff to be parity wtih efs
seaerchin Dec 19, 2023
522ef09
fix(dockerfile): uncomment npm ci
seaerchin Dec 19, 2023
f821453
fix(ci): update ci
seaerchin Dec 19, 2023
ce3e28a
fix(env): separate test env from dev env
seaerchin Dec 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ jobs:
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
- run: npm ci
- run: npm run dev:services
- run: docker compose -f docker-compose.test.yml up
- run: . .env.test && npx jest --runInBand
- run: docker compose down

Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ build/
.step-functions-local/
.serverless/
.cache_ggshield
.ssh/
8 changes: 0 additions & 8 deletions Dockerfile
View file
Open in desktop

This file was deleted.

22 changes: 22 additions & 0 deletions Dockerfile.develop
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
FROM node:18-alpine AS base
WORKDIR /opt/isomercms-backend
RUN mkdir /root/.ssh
COPY . .
COPY ./.ssh /root/.ssh
RUN chmod 600 /root/.ssh/github.pub
RUN chmod 600 /root/.ssh/github
RUN apk update
RUN apk add git
RUN apk add openssh-client
RUN npm ci
RUN cat <<EOF >/root/.ssh/config
Host github.com
IdentityFile /root/.ssh/github
User git
EOF

RUN chmod +x ./scripts/04_add_github_to_known_hosts.sh
RUN sh ./scripts/04_add_github_to_known_hosts.sh

EXPOSE "8081"
CMD ["npm", "run", "dev:server"]
17 changes: 4 additions & 13 deletions docker-compose.yml → docker-compose.dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
version: "3"
services:
web:
build: .
build:
context: .
dockerfile: Dockerfile.develop
ports:
- "8081:8081"
depends_on:
- postgres
env_file:
- .env
environment:
# postgres://user:pass@hostname:port/database
- DB_URI=postgres://isomer:password@postgres:5432/isomercms_dev
volumes:
- ./:/opt/isomercms-backend
- /opt/isomercms-backend/node_modules
- ${EFS_VOL_PATH}:${EFS_VOL_PATH}
- "~/.gitconfig:/etc/gitconfig"

postgres:
image: "postgres:13-alpine"
Expand All @@ -27,14 +27,5 @@ services:
volumes:
- isomercms_data:/var/lib/postgresql/data

postgres_test:
image: "postgres:13-alpine"
environment:
POSTGRES_USER: isomer
POSTGRES_PASSWORD: password
POSTGRES_DB: isomercms_test
ports:
# use a different port to avoid blocking dev environment when running tests
- "54321:5432"
volumes:
isomercms_data:
13 changes: 13 additions & 0 deletions docker-compose.test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
version: "3"
services:
postgres_test:
image: "postgres:13-alpine"
environment:
POSTGRES_USER: isomer
POSTGRES_PASSWORD: password
POSTGRES_DB: isomercms_test
ports:
# use a different port to avoid blocking dev environment when running tests
- "54321:5432"
volumes:
isomercms_data:
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
"build": "tsc -p tsconfig.build.json",
"start": "node --unhandled-rejections=warn -r ts-node/register/transpile-only -r tsconfig-paths/register -r dotenv/config build/server.js dotenv_config_path=/efs/isomer/.isomer.env",
"dev:server": "source .env && ts-node-dev --unhandled-rejections=warn --respawn src/server.js",
"dev": "docker compose up",
"dev": "docker compose -f docker-compose.dev.yml up",
"test": "source .env.test && jest --runInBand",
"release": "npm version $npm_config_isomer_update && git push --tags",
"lint": "npx eslint .",
Expand Down
28 changes: 28 additions & 0 deletions scripts/04_add_github_to_known_hosts.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/bin/bash

# Get the server's public key
ssh-keyscan -t rsa github.com >github_rsa.pub

# Generate the key's fingerprint
SERVER_FINGERPRINT=$(ssh-keygen -lf github_rsa.pub | awk '{print $2}')
echo "SERVER_FINGERPRINT: $SERVER_FINGERPRINT" >/tmp/setup-github-known-hosts.txt

# The official GitHub RSA fingerprint
# https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
OFFICIAL_FINGERPRINT="SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s"

# Check if the server's fingerprint matches the official fingerprint
# Note: This check is important to prevent any MITM attacks
if [ "$SERVER_FINGERPRINT" = "$OFFICIAL_FINGERPRINT" ]; then
# If the fingerprints match, add the public key to the known_hosts file
cat github_rsa.pub >/root/.ssh/known_hosts
echo "GitHub's public key added to known_hosts." >>/tmp/setup-github-known-hosts.txt
else
# If the fingerprints don't match, output a warning and exit with an error
echo "WARNING: The server's SSH key fingerprint doesn't match the official GitHub fingerprint." >>/tmp/setup-github-known-hosts.txt
rm github_rsa.pub
exit 1
fi

# Remove the temporary public key file
rm github_rsa.pub
Loading