4nk/lecoffre-back
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refacto Dockerfile

Browse Source
This commit is contained in:
gisele-igore 2023-03-31 17:44:48 +02:00
parent 7ca07d6c69
commit 73060466df
25 changed files with 92 additions and 316 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.circleci.old/config.yml
View File

@ -1,24 +0,0 @@
version: 2.1
orbs:
path-filtering: circleci/path-filtering@0.1.3
setup: true
workflows:
setup-workflow:
jobs:
- path-filtering/filter:
filters:
branches:
only:
- dev
- main
- preprod
base-revision: <<pipeline.git.branch>>
config-path: .circleci/workflows.yml
mapping: |
src/.* src true
devops/.* devops true
.gitleaksignore src true
.gitleaksignore devops true

228
.circleci.old/workflows.yml
View File

@ -1,228 +0,0 @@
version: 2.1
orbs:
kubernetes: circleci/kubernetes@1.0.0
helm: circleci/helm@2.0.1
parameters:
project-name:
type: string
description: Name of the global project, it will be used for the container registry, example -> tezoslink (has frontend and backend modules)
default: tezoslink
project-module:
type: string
description: Name of the app or module of the project, it will be used for the container registry, for example tezoslink has a front and back app, example -> front
default: p1-api
dockerfile-location:
type: string
description: Location of the Dockerfile from the root of the repo
default: .
project-helm-values:
type: string
description: Index of values in the helm chart file, example -> testApp
default: tezosLink
########################################################
################## DO NOT EDIT #########################
########################################################
src:
type: boolean
description: This is the directory of the app, used to trigger app build & deploy
default: false
devops:
type: boolean
description: This is the directory of the devops, used to trigger devops only deploy
default: false
########################################################
###################################################################
################ COMMANDS #######################
###################################################################
commands:
install-yq:
parameters:
version:
type: string
default: v4.27.3
steps:
- run:
name: Install YQ
command: >
curl -L -o ${HOME}/yq
https://github.com/mikefarah/yq/releases/download/<< parameters.version
>>/yq_linux_amd64
chmod +x ${HOME}/yq
${HOME}/yq --version
jobs:
default:
docker:
- image: cimg/base:stable
steps:
- run:
name: Nothing to do
command: echo There is nothing to do
verify-tag:
docker:
- image: cimg/base:stable
steps:
- checkout
- install-yq
- run:
name: Get name of project from repo url
command: echo "export NAMESPACE=$(echo '<<pipeline.project.git_url>>' | sed 's:.*/::')">> $BASH_ENV
- run:
name: Slugify name from repo url
command: echo "export NAMESPACE=$(echo $NAMESPACE | awk '{gsub(/[^0-9a-zA-Z .-]/,""); gsub(/^[ \t\r\n]+/, ""); gsub(/[ \t\r\n]+$/, ""); gsub(/[ ]+/,"-"); print tolower($0);}')">> $BASH_ENV
- run:
name: Extract TAG from Chart.yaml
command: echo "export TAG=$(${HOME}/yq '.appVersion' devops/Chart.yaml )" >> $BASH_ENV
- run:
name: Verify if TAG is in Chart.yaml
command: |
if [ -z "1" ]
then
echo "Tag is either null or missformed (check documentation)"
exit 1
fi
- run:
name: Tag is 1
command: echo 1
- setup_remote_docker:
version: 20.10.12
docker_layer_caching: true
- run:
name: Login to SCW registry
command: docker login rg.fr-par.scw.cloud/$NAMESPACE -u nologin -p $SCW_SECRET_KEY
- run:
name: Check if TAG already exists in registry
command: docker manifest inspect rg.fr-par.scw.cloud/<<pipeline.parameters.project-name>>/<<pipeline.parameters.project-module>>:1 && exit 1 || echo 'TAG is available'
- run:
when: on_fail
command: echo 'Please review your tag'
run-gitleaks:
docker:
- image: zricethezav/gitleaks:v8.15.0
steps:
- checkout
- run:
name: Create scan directory
command: mkdir /tmp/gitleaks
- run:
name: Starting scan
command: gitleaks detect --source . --log-opts "-p -n 1" -r /tmp/gitleaks/scan.json -v
- store_artifacts:
path: /tmp/gitleaks/scan.json
build-docker-image:
machine:
image: ubuntu-2004:202010-01
steps:
- checkout
- install-yq
- run:
name: Create persistent workspace
command: mkdir -p workspace
- run:
name: Extract TAG from Chart.yaml
command: echo "export TAG=$(${HOME}/yq '.appVersion' devops/Chart.yaml )" >> $BASH_ENV
- run:
name: Display Tag
command: echo You are building version 1
- run:
name: Build image
command: >
docker build
--tag rg.fr-par.scw.cloud/<<pipeline.parameters.project-name>>/<<pipeline.parameters.project-module>>:1
<<pipeline.parameters.dockerfile-location>> | while read line; do echo "$(date +%T) > $line"; done;
- run:
name: Save image
command: >
docker save
-o workspace/tezoslink-back.tar
rg.fr-par.scw.cloud/<<pipeline.parameters.project-name>>/<<pipeline.parameters.project-module>>:1
- persist_to_workspace:
root: workspace
paths:
- tezoslink-back.tar
push-docker-image:
docker:
- image: cimg/base:stable
steps:
- checkout
- install-yq
- attach_workspace:
# at: /tmp/workspace
at: /workspace
- run:
name: Extract TAG from Chart.yaml
command: echo "export TAG=$(${HOME}/yq '.appVersion' devops/Chart.yaml )" >> $BASH_ENV
- run:
name: Display Tag
command: echo You are pushing version 1
- setup_remote_docker:
version: 20.10.12
docker_layer_caching: true
- run:
name: Login to SCW registry
command: docker login rg.fr-par.scw.cloud -u nologin -p $SCW_SECRET_KEY
- run:
name: Load docker image from workspace
# command: docker load -i /tmp/workspace/tezoslink-back.tar
command: docker load -i /workspace/tezoslink-back.tar
- run:
name: Push image
command: docker push rg.fr-par.scw.cloud/<<pipeline.parameters.project-name>>/<<pipeline.parameters.project-module>>:1
workflows:
version: 2
build-scan-push-deploy-stg:
when: <<pipeline.parameters.src>>
jobs:
- run-gitleaks:
filters: &filters-stg
branches:
only: application-segmentation-2
- verify-tag:
filters:
<<: *filters-stg
requires:
- run-gitleaks
- build-docker-image:
# requires:
# - verify-tag
context:
- application-segmentation-2
filters:
<<: *filters-stg
- push-docker-image:
context:
- application-segmentation-2
filters:
<<: *filters-stg
default:
when:
and:
# - not: <<pipeline.parameters.devops>>
- not: <<pipeline.parameters.src>>
jobs:
- default:
filters:
branches:
only:
- dev

24
.circleci/config.yml
View File

@ -4,7 +4,6 @@ orbs:
kubernetes: circleci/kubernetes@1.0.0
helm: circleci/helm@2.0.1
jobs:
build-push-docker-image:
docker:
@ -16,15 +15,10 @@ jobs:
- setup_remote_docker:
version: 20.10.12
docker_layer_caching: true
- run: docker login rg.fr-par.scw.cloud/tezoslink -u nologin -p $SCW_SECRET_KEY
- run: docker build --tag rg.fr-par.scw.cloud/tezoslink/p1-api:$TAG -f Dockerfiles/Dockerfile.api .
- run: docker push rg.fr-par.scw.cloud/tezoslink/p1-api:$TAG
- run: docker login rg.fr-par.scw.cloud/tezoslink -u nologin -p $SCW_SECRET_KEY
- run: docker build --tag rg.fr-par.scw.cloud/tezoslink/p1-frontend:$TAG -f Dockerfiles/Dockerfile.front .
- run: docker push rg.fr-par.scw.cloud/tezoslink/p1-frontend:$TAG
- run: docker login rg.fr-par.scw.cloud/tezoslink -u nologin -p $SCW_SECRET_KEY
- run: docker build --tag rg.fr-par.scw.cloud/tezoslink/p1-proxy:$TAG -f Dockerfiles/Dockerfile.proxy .
- run: docker push rg.fr-par.scw.cloud/tezoslink/p1-proxy:$TAG
- run: docker login rg.fr-par.scw.cloud/lecoffre -u nologin -p $SCW_SECRET_KEY
- run: docker build --tag rg.fr-par.scw.cloud/lecoffre/api:$TAG devops/ .
- run: docker push rg.fr-par.scw.cloud/lecoffre/api:$TAG
deploy-docker-image:
docker:
@ -40,15 +34,11 @@ jobs:
name: Deploy
command: >
helm upgrade
tezos-link helm-charts-p2 -i -f helm-charts-p2/values.yaml
-n tezos-link
lecoffre-back devops/charts -i -f devops/charts/values.yaml
-n lecoffre-back
--create-namespace
--set api.image.tag=$TAG
--set api.image.repository='rg.fr-par.scw.cloud/tezoslink/p1-api'
--set front.image.tag=$TAG
--set front.image.repository='rg.fr-par.scw.cloud/tezoslink/p1-frontend'
--set proxy.image.tag=$TAG
--set proxy.image.repository='rg.fr-par.scw.cloud/tezoslink/p1-proxy'
--set api.image.repository='rg.fr-par.scw.cloud/lecoffre/api'
workflows:

47
Dockerfiles/Dockerfile.api
View File

@ -1,47 +0,0 @@
# Install dependencies only when needed
FROM node:19-alpine AS deps
WORKDIR leCoffre
RUN npm install -D prisma@4.11.0
COPY package.json ./
COPY src/common/databases/schema.prisma ./src/common/databases/schema.prisma
RUN npx prisma generate
RUN npm install --frozen-lockfile
# Rebuild the source code only when needed
FROM node:19-alpine AS builder
WORKDIR leCoffre
COPY . .
RUN apk update && apk add openssh-client git
COPY id_ed25519 /root/.ssh/id_ed25519
RUN chmod 600 ~/.ssh/id_ed25519
RUN eval "$(ssh-agent -s)" && ssh-add /root/.ssh/id_ed25519
RUN ssh-keyscan github.com smart-chain-fr/leCoffre-resources.git >> /root/.ssh/known_hosts
COPY node_modules ./node_modules
RUN npx prisma generate
RUN npm run build
# Production image, copy all the files and run next
FROM node:19-alpine AS production
WORKDIR leCoffre
RUN adduser -D lecoffreuser --uid 10000 && chown -R lecoffreuser .
COPY --from=builder --chown=lecoffreuser leCoffre/node_modules ./node_modules
COPY --from=builder --chown=lecoffreuser leCoffre/dist/api ./dist/api
COPY --from=builder --chown=lecoffreuser leCoffre/dist/entries ./dist/entries
COPY --from=builder --chown=lecoffreuser leCoffre/dist/common ./dist/common
COPY --from=builder --chown=lecoffreuser leCoffre/src/common/databases/ ./src/common/databases/
COPY --from=builder --chown=lecoffreuser leCoffre/package.json ./package.json
USER lecoffreuser
CMD ["npm", "run", "api:start"]
EXPOSE 3001

51
devops/Dockerfile Normal file
View File

@ -0,0 +1,51 @@
# Install dependencies only when needed
FROM node:19-alpine AS deps
WORKDIR leCoffre-back
RUN npm install -D prisma@4.11.0
COPY package.json ./
COPY src/common/databases/schema.prisma ./src/common/databases/schema.prisma
RUN npx prisma generate
ARG FINGERPRINT
ENV FINGERPRINT=$FINGERPRINT
COPY id_rsa_${FINGERPRINT} /root/.ssh/id_ed25519
RUN chmod 600 ~/.ssh/id_ed25519
RUN eval "$(ssh-agent -s)" && ssh-add /root/.ssh/id_ed25519
RUN ssh-keyscan github.com smart-chain-fr/leCoffre-back-resources.git >> /root/.ssh/known_hosts
RUN npm cache clean --force
RUN npm install --frozen-lockfile -g npm-cache
# Rebuild the source code only when needed
FROM node:19-alpine AS builder
WORKDIR leCoffre-back
COPY . .
RUN apk update && apk add openssh-client git
COPY node_modules ./node_modules
RUN npx prisma generate
RUN npm run build
# Production image, copy all the files and run next
FROM node:19-alpine AS production
WORKDIR leCoffre-back
RUN unset FINGERPRINT
RUN adduser -D lecoffre-back-user --uid 10000 && chown -R lecoffre-back-user .
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/node_modules ./node_modules
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/dist/app/api ./dist/api
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/dist/entries ./dist/entries
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/dist/common ./dist/common
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/src/common/databases/ ./src/common/databases/
COPY --from=builder --chown=lecoffre-back-user leCoffre-back/package.json ./package.json
USER lecoffre-back-user
CMD ["npm", "run", "api:start"]
EXPOSE 3001

0
helm-charts-p2/.helmignore → devops/charts/.helmignore
View File

0
helm-charts-p2/Chart.yaml → devops/charts/Chart.yaml
View File

0
helm-charts-p2/templates/NOTES.txt → devops/charts/templates/NOTES.txt
View File

0
helm-charts-p2/templates/_helpers.tpl → devops/charts/templates/_helpers.tpl
View File

0
helm-charts-p2/templates/testnet/api.deployment.yaml → devops/charts/templates/testnet/api.deployment.yaml
View File

0
helm-charts-p2/templates/testnet/api.ingress.yaml → devops/charts/templates/testnet/api.ingress.yaml
View File

0
helm-charts-p2/templates/testnet/api.service.yaml → devops/charts/templates/testnet/api.service.yaml
View File

0
helm-charts-p2/templates/testnet/api.serviceaccount.yaml → devops/charts/templates/testnet/api.serviceaccount.yaml
View File

0
helm-charts-p2/templates/testnet/configmap.yaml → devops/charts/templates/testnet/configmap.yaml
View File

0
helm-charts-p2/templates/testnet/front.deployment.yaml → devops/charts/templates/testnet/front.deployment.yaml
View File

0
helm-charts-p2/templates/testnet/front.ingress.yaml → devops/charts/templates/testnet/front.ingress.yaml
View File

0
helm-charts-p2/templates/testnet/front.service.yaml → devops/charts/templates/testnet/front.service.yaml
View File

0
helm-charts-p2/templates/testnet/front.serviceaccount.yaml → devops/charts/templates/testnet/front.serviceaccount.yaml
View File

0
helm-charts-p2/templates/testnet/proxy.deployment.yaml → devops/charts/templates/testnet/proxy.deployment.yaml
View File

0
helm-charts-p2/templates/testnet/proxy.ingress.yaml → devops/charts/templates/testnet/proxy.ingress.yaml
View File

0
helm-charts-p2/templates/testnet/proxy.service.yaml → devops/charts/templates/testnet/proxy.service.yaml
View File

0
helm-charts-p2/templates/testnet/proxy.serviceaccount.yaml → devops/charts/templates/testnet/proxy.serviceaccount.yaml
View File

0
helm-charts-p2/values.yaml → devops/charts/values.yaml
View File

33
package-lock.json generated
View File

@ -20,6 +20,7 @@
"le-coffre-ressources": "github.com:smart-chain-fr/leCoffre-resources.git",
"module-alias": "^2.2.2",
"next": "^13.1.5",
"node-cache": "^5.1.2",
"node-schedule": "^2.1.1",
"prisma-query": "^2.0.0",
"reflect-metadata": "^0.1.13",
@ -431,6 +432,14 @@
"version": "0.0.1",
"license": "MIT"
},
"node_modules/clone": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz",
"integrity": "sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w==",
"engines": {
"node": ">=0.8"
}
},
"node_modules/combined-stream": {
"version": "1.0.8",
"license": "MIT",
@ -994,6 +1003,17 @@
}
}
},
"node_modules/node-cache": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/node-cache/-/node-cache-5.1.2.tgz",
"integrity": "sha512-t1QzWwnk4sjLWaQAS8CHgOJ+RAfmHpxFWmc36IWTiWHQfs0w5JDMBS1b1ZxQteo0vVVuWJvIUKHDkkeK7vIGCg==",
"dependencies": {
"clone": "2.x"
},
"engines": {
"node": ">= 8.0.0"
}
},
"node_modules/node-schedule": {
"version": "2.1.1",
"license": "MIT",
@ -1838,6 +1858,11 @@
"client-only": {
"version": "0.0.1"
},
"clone": {
"version": "2.1.2",
"resolved": "https://registry.npmjs.org/clone/-/clone-2.1.2.tgz",
"integrity": "sha512-3Pe/CF1Nn94hyhIYpjtiLhdCoEoz0DqQ+988E9gmeEdQZlojxnOb74wctFyuwWQHzqyf9X7C7MG8juUpqBJT8w=="
},
"combined-stream": {
"version": "1.0.8",
"requires": {
@ -2157,6 +2182,14 @@
"styled-jsx": "5.1.1"
}
},
"node-cache": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/node-cache/-/node-cache-5.1.2.tgz",
"integrity": "sha512-t1QzWwnk4sjLWaQAS8CHgOJ+RAfmHpxFWmc36IWTiWHQfs0w5JDMBS1b1ZxQteo0vVVuWJvIUKHDkkeK7vIGCg==",
"requires": {
"clone": "2.x"
}
},
"node-schedule": {
"version": "2.1.1",
"requires": {

1
package.json
View File

@ -47,6 +47,7 @@
"le-coffre-ressources": "github.com:smart-chain-fr/leCoffre-resources.git",
"module-alias": "^2.2.2",
"next": "^13.1.5",
"node-cache": "^5.1.2",
"node-schedule": "^2.1.1",
"prisma-query": "^2.0.0",
"reflect-metadata": "^0.1.13",