-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #214 from eurofurence/issue-213-docker-build
feat(#213): add latest container build
- Loading branch information
Showing
18 changed files
with
322 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
name: Create and publish Docker image | ||
|
||
on: | ||
push: | ||
branches: | ||
- 'main' | ||
|
||
jobs: | ||
build-and-push-image: | ||
permissions: | ||
contents: read | ||
packages: write | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v3 | ||
|
||
- uses: actions/setup-node@v3 | ||
with: | ||
node-version: '18' | ||
registry-url: 'https://npm.pkg.github.com' | ||
scope: '@eurofurence' | ||
|
||
- run: npm install | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- run: npm run build -- --no-uglify | ||
shell: bash | ||
env: | ||
PATH_PREFIX: '/aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur/app' | ||
GATSBY_API_BASE_URL: '/aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur' | ||
PREFIX_PATHS: 'true' | ||
|
||
- name: Log in to the Container registry | ||
run: 'echo "$REGISTRY_PASS" | docker login "$REGISTRY" -u "$REGISTRY_USER" --password-stdin' | ||
shell: bash | ||
env: | ||
REGISTRY: 'ghcr.io' | ||
REGISTRY_USER: ${{ github.actor }} | ||
REGISTRY_PASS: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Docker build and push image | ||
run: > | ||
TAG_ARGS=$(echo -n "$IMAGE_TAGS" | sed -r "s_([^ :/]+)_ --tag $REGISTRY/$IMAGE_NAME:\1 _g") && | ||
docker build | ||
--label org.opencontainers.image.url="$FULL_REPO_URL" | ||
--label org.opencontainers.image.revision="$COMMIT_HASH" | ||
$TAG_ARGS | ||
--pull | ||
. && | ||
docker push -a "$REGISTRY/$IMAGE_NAME" | ||
shell: bash | ||
env: | ||
REGISTRY: 'ghcr.io' | ||
IMAGE_NAME: ${{ github.repository }} | ||
IMAGE_TAGS: latest | ||
FULL_REPO_URL: "https://github.com/${{ github.repository }}" | ||
COMMIT_HASH: ${{ github.sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
FROM alpine:3 | ||
|
||
RUN apk add --no-cache apache2 apache2-http2 apache2-proxy \ | ||
&& rm -rf /usr/sbin/fcgistarter /usr/sbin/suexec /var/www \ | ||
&& mkdir -p /static-html/htdocs | ||
|
||
COPY ./httpd-container.conf /etc/apache2/regsys.conf | ||
COPY ./public /static-html/regsys/app | ||
|
||
# TODO set up minimal base website under /static-html/ | ||
# (favicon, 404.html, blank white page index.html, ...) | ||
|
||
RUN chmod -R go=rX /static-html /etc/apache2/regsys.conf | ||
|
||
RUN find /static-html | ||
|
||
EXPOSE 8080 | ||
|
||
USER 8877 | ||
|
||
CMD ["/usr/sbin/httpd", "-f", "/etc/apache2/regsys.conf"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
ServerTokens OS | ||
ServerRoot /static-html | ||
Listen 8080 | ||
|
||
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so | ||
LoadModule authn_file_module modules/mod_authn_file.so | ||
LoadModule authn_core_module modules/mod_authn_core.so | ||
LoadModule authz_host_module modules/mod_authz_host.so | ||
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so | ||
LoadModule authz_user_module modules/mod_authz_user.so | ||
LoadModule authz_core_module modules/mod_authz_core.so | ||
LoadModule access_compat_module modules/mod_access_compat.so | ||
LoadModule auth_basic_module modules/mod_auth_basic.so | ||
LoadModule reqtimeout_module modules/mod_reqtimeout.so | ||
LoadModule filter_module modules/mod_filter.so | ||
LoadModule substitute_module modules/mod_substitute.so | ||
LoadModule mime_module modules/mod_mime.so | ||
LoadModule log_config_module modules/mod_log_config.so | ||
LoadModule env_module modules/mod_env.so | ||
LoadModule headers_module modules/mod_headers.so | ||
LoadModule setenvif_module modules/mod_setenvif.so | ||
LoadModule version_module modules/mod_version.so | ||
LoadModule unixd_module modules/mod_unixd.so | ||
LoadModule status_module modules/mod_status.so | ||
LoadModule autoindex_module modules/mod_autoindex.so | ||
LoadModule dir_module modules/mod_dir.so | ||
# LoadModule alias_module modules/mod_alias.so | ||
LoadModule rewrite_module modules/mod_rewrite.so | ||
|
||
LoadModule negotiation_module modules/mod_negotiation.so | ||
|
||
LoadModule proxy_module modules/mod_proxy.so | ||
LoadModule proxy_http_module modules/mod_proxy_http.so | ||
LoadModule proxy_http2_module modules/mod_proxy_http2.so | ||
|
||
ServerAdmin ${HTTPD_CONF_SERVER_ADMIN_EMAIL} | ||
ServerSignature Off | ||
|
||
<Directory /> | ||
AllowOverride none | ||
Require all denied | ||
</Directory> | ||
|
||
DocumentRoot "/static-html/htdocs" | ||
|
||
<Directory "/var/www/localhost/htdocs"> | ||
Options Indexes FollowSymLinks | ||
AllowOverride None | ||
Require all granted | ||
</Directory> | ||
|
||
<IfModule dir_module> | ||
DirectoryIndex index.html | ||
</IfModule> | ||
|
||
<Files ".ht*"> | ||
Require all denied | ||
</Files> | ||
|
||
ErrorLog /dev/stdout | ||
CustomLog /dev/stdout combined | ||
LogLevel warn | ||
|
||
<IfModule mime_module> | ||
TypesConfig /etc/apache2/mime.types | ||
AddType application/x-compress .Z | ||
AddType application/x-gzip .gz .tgz | ||
</IfModule> | ||
|
||
<VirtualHost *:8080> | ||
ServerName ${HTTPD_CONF_SERVER_NAME} | ||
ServerAdmin ${HTTPD_CONF_SERVER_ADMIN_EMAIL} | ||
DocumentRoot /static-html/reg-frontend | ||
|
||
Header always set Content-Security-Policy "default-src 'self' 'unsafe-inline'; img-src 'self' data: ; font-src 'self' data: ;" | ||
|
||
<Directory /static-html/reg-frontend/> | ||
Require all granted | ||
Options FollowSymLinks MultiViews | ||
</Directory> | ||
|
||
# This is a security measure in the event that our Api Key ever leaks | ||
RequestHeader unset X-Api-Key | ||
|
||
# This is a temporary security measure until 2FA arrives | ||
RequestHeader unset X-Admin-Request | ||
|
||
ProxyRequests Off | ||
<Proxy *> | ||
Order deny,allow | ||
Allow from all | ||
</Proxy> | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/regsys http://reg-regsys-classic:8080 | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/regsys http://reg-regsys-classic:8080 | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/attsrv/ http://reg-attendee-service:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/attsrv/ http://reg-attendee-service:8080/ | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/roomsrv/ http://reg-room-service:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/roomsrv/ http://reg-room-service:8080/ | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/authsrv/ http://reg-auth-service:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/authsrv/ http://reg-auth-service:8080/ | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/paysrv/ http://reg-payment-service:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/paysrv/ http://reg-payment-service:8080/ | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/cncrdsrv/ http://reg-payment-cncrd-adapter:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/cncrdsrv/ http://reg-payment-cncrd-adapter:8080/ | ||
|
||
# ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/expsrv/ http://reg-export-service:8080/ | ||
# ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/expsrv/ http://reg-export-service:8080/ | ||
|
||
ProxyPass /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/mailsrv/ http://reg-mail-service:8080/ | ||
ProxyPassReverse /${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/mailsrv/ http://reg-mail-service:8080/ | ||
|
||
# configuration for reg-frontend | ||
|
||
RewriteEngine on | ||
RewriteRule "^/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register/[a-z-]+/.*$" "/${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}/app/register/index.html" | ||
|
||
# we have built the gatsby static app with this context base path, so we use inline content substitution | ||
Substitute "s|aN3nNFwFoi5QkyPaVJ54dDTDc6HrrCYGAL6U6GUuyV2uvvekgOxqYe6K2hur|${HTTPD_CONF_PATH_PREFIX_NO_SLASHES}|n" | ||
|
||
ErrorLog /dev/stdout | ||
CustomLog /dev/stdout combined | ||
LogLevel warn | ||
ServerSignature Off | ||
|
||
ErrorDocument 404 /404.html | ||
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.