From 5f3cff9a62553b9e819365f4b65362296b448675 Mon Sep 17 00:00:00 2001 From: yutod Date: Fri, 5 Sep 2025 14:45:19 +0100 Subject: [PATCH 1/3] ci: 1. added Dockerfile 2. added a workflow on PR --- .dockerignore | 66 +++++++++++++++++++++++++++++++++++++ .github/workflows/ci-pr.yml | 52 +++++++++++++++++++++++++++++ Dockerfile | 53 +++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/ci-pr.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..1db749f --- /dev/null +++ b/.dockerignore @@ -0,0 +1,66 @@ +# Dependencies +node_modules +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# Optional npm cache directory +.npm + +# Output of 'npm pack' +*.tgz + +# dotenv environment variables file +.env +.env.test +.env.local +.env.production + +# Git +.git +.gitignore + +# Docker +Dockerfile* +.dockerignore + +# Documentation +README.md +*.md + +# IDE +.vscode/ +.idea/ + +# OS generated files +.DS_Store +.DS_Store? +._* +.Spotlight-V100 +.Trashes +ehthumbs.db +Thumbs.db + +# Test files +**/*.test.* +**/*.spec.* +test/ +tests/ +__tests__/ + +# Development only files +.eslintrc* +.prettierrc* +vitest.config.* +tsconfig.json + +# CI/CD +.github/ + +# Build artifacts +build/ +dist/ + +# Logs +logs +*.log diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml new file mode 100644 index 0000000..bdf9ed3 --- /dev/null +++ b/.github/workflows/ci-pr.yml @@ -0,0 +1,52 @@ +name: CI for Pull Requests + +on: + pull_request: + branches: + - main + types: + - opened + - synchronize + - reopened + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + # build: + build-image: + name: Build Image + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + + - name: set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 + with: + platforms: linux/amd64,linux/arm64 + + - name: Login Container Registry + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + users: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + + - name: Build image + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: false + cache-from: type=gha + cache-to: type=gha,mode=max + build-args: | + VERSION=XXX + COMMIT_ID=${{ github.sha }} + secrets: | + NPM_TOKEN=${{ secrets.NPM_TOKEN }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..83695cf --- /dev/null +++ b/Dockerfile @@ -0,0 +1,53 @@ +# syntax=docker/dockerfile:1 + +################## +# Stage 1: Base image with system dependencies +################## +FROM node:22-slim AS base + +# Set working directory +WORKDIR /app + +# # Install build dependencies for native modules if needed +# RUN apt-get update && apt-get install -y \ +# python3 \ +# make \ +# g++ \ +# && rm -rf /var/lib/apt/lists/* + +################## +# Stage 2: Dependencies installation +################## +FROM base AS build + +# Copy package files for dependency installation +COPY package.json package-lock.json ./ + +# Install all dependencies +RUN --mount=type=cache,target=/root/.npm \ + npm ci --ignore-scripts + +# Copy source code +COPY . . + +# Build the application +RUN npm run build + +################## +# Stage 3: Production stage with distroless +################## +FROM gcr.io/distroless/nodejs22-debian12:nonroot AS production + +# Set working directory +WORKDIR /app + +# Copy only the production dependencies +COPY --from=build /app/dist /app/dist +COPY --from=build /app/package.json /app/package.json +COPY --from=build /app/package-lock.json /app/package-lock.json + +# Set environment variables +ENV NODE_ENV=production + +# Default command for production +CMD ["/nodejs/bin/node", "/app/dist/app.js"] From b64256c2410163bf7ef1c17724e860b5e523dffb Mon Sep 17 00:00:00 2001 From: yutod Date: Mon, 8 Sep 2025 11:07:28 +0100 Subject: [PATCH 2/3] fix: 1. removed tsconfig.json from .dockerignore --- .dockerignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 1db749f..0a9f64f 100644 --- a/.dockerignore +++ b/.dockerignore @@ -52,7 +52,6 @@ __tests__/ .eslintrc* .prettierrc* vitest.config.* -tsconfig.json # CI/CD .github/ From 5ecdabb27687a75181b11d83b1a48c7795e4f500 Mon Sep 17 00:00:00 2001 From: yutod Date: Mon, 8 Sep 2025 11:08:32 +0100 Subject: [PATCH 3/3] fix: 1. fixed typo 2. added permissions in the workflow --- .github/workflows/ci-pr.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml index bdf9ed3..69b3976 100644 --- a/.github/workflows/ci-pr.yml +++ b/.github/workflows/ci-pr.yml @@ -9,6 +9,11 @@ on: - synchronize - reopened +# Restrict permissions to minimum required +permissions: + contents: read + packages: read + concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -35,7 +40,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - users: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Build image uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0