From 691aed559eb40778fdda20956c8cf7b3f9c11d01 Mon Sep 17 00:00:00 2001 From: NickOvt Date: Mon, 16 Sep 2024 19:34:03 +0300 Subject: [PATCH] fix(cicd-pipeline): Docker setup release (#43) * given private network default to SPF neutral * change neutral to softfail, add custom message * fix comment * Add workflow to build and push the docker image to GHCR on repo release * github action version fix. Dockerfile fixes * github actions. Add qemu, add tags (semver), add platforms --- .github/workflows/docker-release.yaml | 69 +++++++++++++++++++++++++++ Dockerfile | 22 +++++++++ 2 files changed, 91 insertions(+) create mode 100644 .github/workflows/docker-release.yaml create mode 100644 Dockerfile diff --git a/.github/workflows/docker-release.yaml b/.github/workflows/docker-release.yaml new file mode 100644 index 0000000..309401f --- /dev/null +++ b/.github/workflows/docker-release.yaml @@ -0,0 +1,69 @@ +name: Create and publish a Docker image + +on: + release: + types: [published] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + attestations: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: 'arm64,arm' + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/arm64,linux/amd64,linux/arm/v7 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=tag + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + push: true + platforms: ${{ steps.buildx.outputs.platforms }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..d25a4fd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,22 @@ +FROM node:lts-alpine as builder + +RUN apk add --no-cache git python3 py3-pip make g++ + +WORKDIR /app + +RUN git clone https://github.com/haraka/Haraka.git ./ --branch master +RUN npm install --production +RUN npm install haraka-plugin-wildduck + +FROM node:lts-alpine as app + +ENV NODE_ENV production + +RUN apk add --no-cache tini +RUN apk add --no-cache openssl + +WORKDIR /app +COPY --from=builder /app /app + +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["node", "index.js"]