Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating base image #10

Open
wants to merge 8 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .env
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Base URL path for the enviroment
PUBLIC_URL = '/dev/'

REACT_APP_KBASE_ENV=ci-europa
# Domain of enviroment for build
REACT_APP_KBASE_DOMAIN=ci-europa.kbase.us
# The following must be a subdomain of REACT_APP_KBASE_DOMAIN
REACT_APP_KBASE_LEGACY_DOMAIN=legacy.ci-europa.kbase.us
Expand Down
1 change: 1 addition & 0 deletions .eslintignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
build
coverage
node_modules
deploy
192 changes: 32 additions & 160 deletions .github/workflows/build_and_push.yml
Original file line number Diff line number Diff line change
@@ -1,176 +1,48 @@
name: Build and Push Images
# This is a basic workflow to help you get started with Actions

name: Build and Push to static-content

# Controls when the workflow will run
on:
pull_request:
branches:
- develop
- main
- master
types:
- opened
- reopened
- synchronize
- closed
inputs:
name:
description: The image name
required: true
type: string
tags:
description: The image tags
required: true
type: string
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [main]
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build-artifacts:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: Checkout Repository
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Checkout Repo
uses: actions/checkout@v2
- name: Set up Node.js

- name: Install proper Node
uses: actions/setup-node@v2
with:
node-version: '16'
- name: Get current date
id: date
run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT

- name: Run build
env:
PUBLIC_URL: '/'
REACT_APP_AUTH_SERIVCE_URL: 'https://ci-europa.kbase.us/services/auth'
run: npm install && npm run build
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
# note that the calling workflow must set `secrets: inherit`
username: '${{ secrets.GHCR_USERNAME }}'
password: '${{ secrets.GHCR_TOKEN }}'
- name: Create github action tags from image tags
id: tags
uses: actions/github-script@v6
with:
result-encoding: string
script: |
const tags = '${{ inputs.tags }}'.split(',');
const username = '${{ github.event.repository.owner.login }}';
const repoName = '${{ inputs.name }}';
return tags.map((tag) => {
return `ghcr.io/kbase/static-ui:${tag}`;
}).join(',');
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
file: ./Dockerfile
pull: true
push: true
build-args: |
BUILD_DATE=${{ steps.date.outputs.date }}
VCS_REF=${{ github.sha }}
BRANCH='${{ github.ref }}'
TAG='${{ github.ref }}'
tags: '${{ steps.tags.outputs.result }}'

### Cruft
#
# - name: Upload Artifact
# uses: actions/upload-artifact@v3
# with:
# name: static-ui-build
# path: build/
# build-develop-open:
# if: github.base_ref == 'develop' && github.event.pull_request.merged == false
# runs-on: ubuntu-latest
# needs: build-artifacts
# steps:
# - name: Download Artifact
# uses: actions/download-artifact@v3
# with:
# name: static-ui-build
# path: build
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v2
# - name: Show build directory contents
# run: |
# ls -la ./
# - name: Show parent directory contents
# run: |
# ls -la ../
# - name: Build without push
# uses: docker/build-push-action@v2
# with:
# context: .
# dockerfile: ./Dockerfile # Specify the path to your Dockerfile
# push: false
# build-develop-merge:
# if: github.base_ref == 'develop' && github.event.pull_request.merged == true
# runs-on: ubuntu-latest
# needs: build-artifacts
# steps:
# - name: Download Artifact
# uses: actions/download-artifact@v3
# with:
# name: static-ui-build
# path: build
# - name: Get current date
# id: date
# run: echo "date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
# - name: Set up Docker Buildx
# uses: docker/setup-buildx-action@v1
# - name: Login to GHCR
# uses: docker/login-action@v2
# with:
# registry: ghcr.io
# # note that the calling workflow must set `secrets: inherit`
# username: '${{ secrets.GHCR_USERNAME }}'
# password: '${{ secrets.GHCR_TOKEN }}'
# - name: Create github action tags from image tags
# id: tags
# uses: actions/github-script@v6
# with:
# result-encoding: string
# script: |
# const tags = '${{ inputs.tags }}'.split(',');
# const username = '${{ github.event.repository.owner.login }}';
# const repoName = '${{ inputs.name }}';
# return tags.map((tag) => {
# return `ghcr.io/${username}/${repoName}:${tag}`;
# }).join(',');
# - name: Build and push
# uses: docker/build-push-action@v3
# with:
# context: .
# file: ./Dockerfile
# pull: true
# push: true
# build-args: |
# BUILD_DATE=${{ steps.date.outputs.date }}
# VCS_REF=${{ github.sha }}
# BRANCH='${{ github.ref }}'
# TAG='${{ github.ref }}'
# tags: '${{ steps.tags.outputs.result }}'
#
#
#
# build-main-open:
# if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false
# uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
# with:
# name: '${{ github.event.repository.name }}'
# tags: pr-${{ github.event.number }}
# secrets: inherit
# build-main-merge:
# if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true
# uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
# with:
# name: '${{ github.event.repository.name }}'
# tags: pr-${{ github.event.number }},latest-rc
# secrets: inherit
# trivy-scans:
# if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false
# uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main
# secrets: inherit

- name: Push to repository
uses: cpina/github-action-push-to-another-repository@main
env:
USERNAME: '${{ secrets.GHCR_USERNAME }}'
API_TOKEN_GITHUB: '${{ secrets.GHCR_TOKEN }}'
with:
source-directory: 'build'
destination-github-username: 'kbase'
destination-repository-name: 'static-content'
user-email: '[email protected]'
target-branch: main

- name: Call Static Server to Deploy Update
run: curl --fail -XGET 'https://ci-europa.kbase.us/services/static-server'
98 changes: 98 additions & 0 deletions .github/workflows/build_image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
name: Build Static Nginx Docker Image

on:
push:
branches: [ "main" ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ]
pull_request:
branches: [ "main" ]
workflow_dispatch:

env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}


jobs:
build:

runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v3

# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: 'v1.13.1'


# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf

# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Install proper Node
uses: actions/setup-node@v2
with:
node-version: '16'

- name: Run multi-enviroment build
run: npm install && ./scripts/build_deploy.sh

# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max


# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
COSIGN_EXPERIMENTAL: "true"
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
36 changes: 36 additions & 0 deletions .github/workflows/pull-request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
name: PR Checks

on:
pull_request:
workflow_dispatch:

jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v2
with:
node-version: '16'
- uses: actions/checkout@v2
- run: npm install
- run: npm run test

build:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v2
with:
node-version: '16'
- uses: actions/checkout@v2
- run: npm install
- run: npm run build

lint:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v2
with:
node-version: '16'
- uses: actions/checkout@v2
- run: npm install
- run: npm run lint:strict
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

# production
/build
/deploy

# misc
.DS_Store
Expand Down
14 changes: 12 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,2 +1,12 @@
FROM nginx
COPY build /usr/share/nginx/html
FROM bitnami/nginx:latest
USER root

# Copy built static files for all enviroments to image
COPY ./deploy /deploy/

# Copy nginx config template to image
COPY ./scripts/nginx.conf.tmpl /nginx.conf.tmpl

COPY ./scripts/docker_entrypoint.sh /entrypoint.sh
USER 1001
ENTRYPOINT ["/entrypoint.sh"]
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# UI
# UI Refresh Test Repo

This project was bootstrapped with [Create React App](https://github.com/facebook/create-react-app) (`npx create-react-app ui-refresh-test --template typescript`). It also includes the following:

Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,8 @@
"^d3-(.*)$": "d3-$1/dist/d3-$1"
}
},
"name": "@jsfillman/ui",
"private": false,
"name": "ui-refresh-test",
"private": true,
"proxy": "https://ci-europa.kbase.us",
"remarkConfig": {
"plugins": {
Expand Down
Loading