Skip to content

Commit

Permalink
chore(github): build a docker image for the website and charts
Browse files Browse the repository at this point in the history 
instead of pushing it to the ssh
  • Loading branch information
@fabienvauchelles
fabienvauchelles committed Nov 27, 2024
1 parent f11d3b9 commit 96836b2
Show file tree
Hide file tree
Showing 8 changed files with 240 additions and 33 deletions.
56 changes: 35 additions & 21 deletions .github/workflows/charts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,25 +12,39 @@ jobs:
- name: Check out repository code
uses: actions/checkout@v4

- name: Install Helm
uses: azure/setup-helm@v3

- name: Build Helm charts
run: |
rm -Rf dist/charts
mkdir -p dist/charts
helm package packages/charts/src/scrapoxy -d dist/charts
helm package packages/charts/src/scrapoxy-simple-cluster -d dist/charts
helm repo index dist/charts --url https://charts.scrapoxy.io
- name: Copy file via SSH
uses: appleboy/scp-action@master
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
host: ${{ secrets.SCRAPOXY_SSH_HOST }}
username: ${{ secrets.SCRAPOXY_SSH_USERNAME }}
port: ${{ secrets.SCRAPOXY_SSH_PORT }}
key: ${{ secrets.SCRAPOXY_SSH_KEY }}
rm: true
strip_components: 2
source: dist/charts
target: ${{ secrets.CHARTS_PATH }}
images: ${{ vars.REGISTRY_URL }}/fabienvauchelles/scrapoxy-charts

- name: Login to Scrapoxy Docker Registry
uses: docker/login-action@v3
with:
registry: ${{ vars.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}

- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: packages/charts/docker/Dockerfile
tags: ${{ vars.REGISTRY_URL }}/fabienvauchelles/scrapoxy-charts:latest
push: true

- name: Setup Kubernetes
uses: azure/k8s-set-context@v4
with:
method: service-account
k8s-url: ${{ vars.KUBE_URL }}
k8s-secret: "${{ secrets.KUBE_SECRET }}"

- name: Rollout restart
run: kubectl rollout restart deployment "${{ vars.KUBE_NAME }}-charts" --namespace="${{ vars.KUBE_NAMESPACE }}"
50 changes: 38 additions & 12 deletions .github/workflows/website.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,22 +16,48 @@ jobs:
uses: actions/setup-node@v3
with:
node-version: '20.x'
registry-url: 'https://registry.npmjs.org'
cache: 'npm'

- name: Install dependencies
run: npm ci

- name: Build Website
run: npx nx build website
- name: Build website
run: npx nx build website --skip-nx-cache --configuration production

- name: Copy file via SSH
uses: appleboy/scp-action@master
- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
host: ${{ secrets.SCRAPOXY_SSH_HOST }}
username: ${{ secrets.SCRAPOXY_SSH_USERNAME }}
port: ${{ secrets.SCRAPOXY_SSH_PORT }}
key: ${{ secrets.SCRAPOXY_SSH_KEY }}
rm: true
strip_components: 2
source: dist/website
target: ${{ secrets.WWW_PATH }}
images: ${{ vars.REGISTRY_URL }}/fabienvauchelles/scrapoxy-website

- name: Login to Scrapoxy Docker Registry
uses: docker/login-action@v3
with:
registry: ${{ vars.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}

- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: packages/website/docker/Dockerfile
tags: ${{ vars.REGISTRY_URL }}/fabienvauchelles/scrapoxy-website:latest
push: true

- name: Setup Kubernetes
uses: azure/k8s-set-context@v4
with:
method: service-account
k8s-url: ${{ vars.KUBE_URL }}
k8s-secret: "${{ secrets.KUBE_SECRET }}"

- name: Rollout restart
run: kubectl rollout restart deployment "${{ vars.KUBE_NAME }}-website" --namespace="${{ vars.KUBE_NAMESPACE }}"
21 changes: 21 additions & 0 deletions packages/charts/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
### BUILD STAGE ###
FROM alpine/helm:3.16.3 as build

WORKDIR /build

RUN mkdir charts

COPY packages/charts/src .

RUN helm package scrapoxy -d charts
RUN helm package scrapoxy-simple-cluster -d charts
RUN helm repo index charts --url https://charts.scrapoxy.io


### RUN STAGE ###
FROM nginx:1.27.2-alpine

COPY --from=build /build/charts /usr/share/nginx/charts

COPY packages/charts/docker/nginx.conf /etc/nginx/nginx.conf
COPY packages/charts/docker/default.conf /etc/nginx/conf.d/default.conf
30 changes: 30 additions & 0 deletions packages/charts/docker/default.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
server {
listen 80;
listen [::]:80;

http2 on;
server_name localhost;

index index.yaml;
rewrite ^(.+)/$ $1 permanent;

if ($request_uri ~ ^/(.*)index\.yaml(\?|$)) {
return 301 /$1;
}

if ($request_uri ~ ^/(.*)\.yaml(\?|$)) {
return 301 /$1;
}

location / {
root /usr/share/nginx/charts;
try_files $uri $uri/ =404;

add_header Content-Security-Policy "default-src 'none';";
}

location /healthz {
add_header Content-Type "text/plain";
return 200 'OK';
}
}
39 changes: 39 additions & 0 deletions packages/charts/docker/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
gzip on;
gzip_disable "msie6";
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security max-age=15768000;
add_header Content-Security-Policy "script-src 'self'; object-src 'self'";

include /etc/nginx/conf.d/*.conf;
}
6 changes: 6 additions & 0 deletions packages/website/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM nginx:1.27.2-alpine

COPY dist/website /usr/share/nginx/website

COPY packages/website/docker/nginx.conf /etc/nginx/nginx.conf
COPY packages/website/docker/default.conf /etc/nginx/conf.d/default.conf
32 changes: 32 additions & 0 deletions packages/website/docker/default.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
server {
listen 80;
listen [::]:80;

http2 on;
server_name localhost;

index index.html;
rewrite ^(.+)/$ $1 permanent;

if ($request_uri ~ ^/(.*)index\.html(\?|$)) {
return 301 /$1;
}

if ($request_uri ~ ^/(.*)\.html(\?|$)) {
return 301 /$1;
}

location / {
root /usr/share/nginx/website;

error_page 404 /404.html;
try_files $uri $uri.html $uri/ =404;

add_header Content-Security-Policy "default-src 'none'; img-src 'self' data: https://img.shields.io https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; object-src 'self'; media-src 'self'; frame-src 'self' https://*.youtube.com";
}

location /healthz {
add_header Content-Type "text/plain";
return 200 'OK';
}
}
39 changes: 39 additions & 0 deletions packages/website/docker/nginx.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
gzip on;
gzip_disable "msie6";
client_header_buffer_size 1k;
large_client_header_buffers 2 1k;
client_body_timeout 10;
client_header_timeout 10;
send_timeout 10;

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security max-age=15768000;
add_header Content-Security-Policy "script-src 'self'; object-src 'self'";

include /etc/nginx/conf.d/*.conf;
}

0 comments on commit 96836b2

Please sign in to comment.