-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(other): major improvement of deployment
Motivation ---------- Kubernetes: * backend becomes a statefulset (exclusive volume mount) See: https://spacelift.io/blog/statefulset-vs-deployment * implement neo4j backup with job Docker: * consistent targets across all dockerfiles * remove redundant labels * remove unnecessary build args * remove obsolete networks * remove development dependencies for production Rebranding: * add image tags for local tagging and pulling * use Github's docker build workflows * use Github container registry * ONBUILD to simplify caller Dockerfiles * docker compose for branding Tooling: * same node --version as in dockerfile Docs: * missing step in README.md
- Loading branch information
1 parent
8df4330
commit 2f9bfce
Showing
181 changed files
with
805 additions
and
6,046 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
name: docker-push | ||
|
||
on: push | ||
|
||
jobs: | ||
build-and-push-images: | ||
strategy: | ||
matrix: | ||
app: | ||
- name: neo4j | ||
context: neo4j | ||
file: neo4j/Dockerfile | ||
target: community | ||
- name: backend-base | ||
context: backend | ||
file: backend/Dockerfile | ||
target: base | ||
- name: backend-build | ||
context: backend | ||
file: backend/Dockerfile | ||
target: build | ||
- name: backend | ||
context: backend | ||
file: backend/Dockerfile | ||
target: production | ||
- name: webapp-base | ||
context: webapp | ||
file: webapp/Dockerfile | ||
target: base | ||
- name: webapp-build | ||
context: webapp | ||
file: webapp/Dockerfile | ||
target: build | ||
- name: webapp | ||
context: webapp | ||
file: webapp/Dockerfile | ||
target: production | ||
- name: maintenance-base | ||
context: webapp | ||
file: webapp/Dockerfile.maintenance | ||
target: base | ||
- name: maintenance-build | ||
context: webapp | ||
file: webapp/Dockerfile.maintenance | ||
target: build | ||
- name: maintenance | ||
context: webapp | ||
file: webapp/Dockerfile.maintenance | ||
target: production | ||
runs-on: ubuntu-latest | ||
env: | ||
REGISTRY: ghcr.io | ||
IMAGE_NAME: ${{ github.repository }}/${{ matrix.app.name }} | ||
permissions: | ||
contents: read | ||
packages: write | ||
attestations: write | ||
id-token: write | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7 | ||
- name: Log in to the Container registry | ||
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
- name: Extract metadata (tags, labels) for Docker | ||
id: meta | ||
uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
tags: | | ||
type=schedule | ||
type=semver,pattern={{version}} | ||
type=semver,pattern={{major}}.{{minor}} | ||
type=semver,pattern={{major}} | ||
type=ref,event=branch | ||
type=ref,event=pr | ||
type=sha | ||
- name: Build and push Docker images | ||
id: push | ||
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 | ||
with: | ||
context: ${{ matrix.app.context }} | ||
target: ${{ matrix.app.target }} | ||
file: ${{ matrix.app.file }} | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
nodejs 20.12.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,103 +1,40 @@ | ||
################################################################################## | ||
# BASE (Is pushed to DockerHub for rebranding) ################################### | ||
################################################################################## | ||
FROM node:20.12.1-alpine3.19 AS base | ||
|
||
# ENVs | ||
## DOCKER_WORKDIR would be a classical ARG, but that is not multi layer persistent - shame | ||
ENV DOCKER_WORKDIR="/app" | ||
## We Cannot do `$(date -u +'%Y-%m-%dT%H:%M:%SZ')` here so we use unix timestamp=0 | ||
ARG BBUILD_DATE="1970-01-01T00:00:00.00Z" | ||
ENV BUILD_DATE=$BBUILD_DATE | ||
## We cannot do $(yarn run version)-${BUILD_NUMBER} here so we default to 0.0.0-0 | ||
ARG BBUILD_VERSION="0.0.0-0" | ||
ENV BUILD_VERSION=$BBUILD_VERSION | ||
## We cannot do `$(git rev-parse --short HEAD)` here so we default to 0000000 | ||
ARG BBUILD_COMMIT="0000000" | ||
ENV BUILD_COMMIT=$BBUILD_COMMIT | ||
## SET NODE_ENV | ||
ENV NODE_ENV="production" | ||
## App relevant Envs | ||
ENV PORT="4000" | ||
|
||
# Labels | ||
LABEL org.label-schema.build-date="${BUILD_DATE}" | ||
LABEL org.label-schema.name="ocelot.social:backend" | ||
LABEL org.label-schema.description="Backend of the Social Network Software ocelot.social" | ||
LABEL org.label-schema.usage="https://github.com/Ocelot-Social-Community/Ocelot-Social/blob/master/README.md" | ||
LABEL org.label-schema.url="https://ocelot.social" | ||
LABEL org.label-schema.vcs-url="https://github.com/Ocelot-Social-Community/Ocelot-Social/tree/master/backend" | ||
LABEL org.label-schema.vcs-ref="${BUILD_COMMIT}" | ||
LABEL org.label-schema.vendor="ocelot.social Community" | ||
LABEL org.label-schema.version="${BUILD_VERSION}" | ||
LABEL org.label-schema.schema-version="1.0" | ||
LABEL maintainer="[email protected]" | ||
|
||
# Install Additional Software | ||
## install: git | ||
RUN apk --no-cache add git python3 make g++ | ||
|
||
# Settings | ||
## Expose Container Port | ||
ENV NODE_ENV="production" | ||
ENV PORT="4000" | ||
EXPOSE ${PORT} | ||
RUN apk --no-cache add git python3 make g++ bash | ||
RUN mkdir -p /app | ||
WORKDIR /app | ||
CMD ["/bin/bash", "-c", "yarn run start"] | ||
|
||
## Workdir | ||
RUN mkdir -p ${DOCKER_WORKDIR} | ||
WORKDIR ${DOCKER_WORKDIR} | ||
|
||
################################################################################## | ||
# DEVELOPMENT (Connected to the local environment, to reload on demand) ########## | ||
################################################################################## | ||
FROM base AS development | ||
CMD ["/bin/sh", "-c", "yarn install && yarn run dev"] | ||
|
||
# We don't need to copy or build anything since we gonna bind to the | ||
# local filesystem which will need a rebuild anyway | ||
|
||
# Run command | ||
# (for development we need to execute yarn install since the | ||
# node_modules are on another volume and need updating) | ||
CMD /bin/sh -c "yarn install && yarn run dev" | ||
|
||
################################################################################## | ||
# CODE (Does contain all code files and is pushed to DockerHub for rebranding) ### | ||
################################################################################## | ||
FROM base AS code | ||
|
||
# copy everything, but do not build. | ||
FROM base AS build | ||
COPY . . | ||
ONBUILD COPY ./branding/constants/ src/config/tmp | ||
ONBUILD RUN tools/replace-constants.sh | ||
ONBUILD COPY ./branding/email/ src/middleware/helpers/email/ | ||
ONBUILD RUN yarn install --production=false --frozen-lockfile --non-interactive | ||
ONBUILD RUN yarn run build | ||
ONBUILD RUN mkdir /build | ||
ONBUILD RUN cp -r ./build /build | ||
ONBUILD RUN cp -r ./public /build/build | ||
ONBUILD RUN cp -r ./package.json yarn.lock /build | ||
ONBUILD RUN cd /build && yarn install --production=true --frozen-lockfile --non-interactive | ||
|
||
################################################################################## | ||
# BUILD (Does contain all files and the compilate and is therefore bloated) ###### | ||
################################################################################## | ||
FROM code AS build | ||
|
||
# yarn install | ||
RUN yarn install --production=false --frozen-lockfile --non-interactive | ||
# yarn build | ||
RUN /bin/sh -c "yarn run build" | ||
|
||
################################################################################## | ||
# TEST ########################################################################### | ||
################################################################################## | ||
FROM build AS test | ||
CMD ["/bin/bash", "-c", "yarn run dev"] | ||
|
||
# Run command | ||
CMD /bin/sh -c "yarn run dev" | ||
FROM build AS production_build | ||
|
||
################################################################################## | ||
# PRODUCTION (Does contain only "binary"- and static-files to reduce image size) # | ||
################################################################################## | ||
FROM base AS production | ||
|
||
# Copy "binary"-files from build image | ||
COPY --from=build ${DOCKER_WORKDIR}/build ./build | ||
COPY --from=build ${DOCKER_WORKDIR}/node_modules ./node_modules | ||
# Copy static files | ||
# TODO - externalize the uploads so we can copy the whole folder | ||
COPY --from=build ${DOCKER_WORKDIR}/public/img/ ./public/img/ | ||
COPY --from=build ${DOCKER_WORKDIR}/public/providers.json ./public/providers.json | ||
# Copy package.json for script definitions (lock file should not be needed) | ||
COPY --from=build ${DOCKER_WORKDIR}/package.json ./package.json | ||
|
||
# Run command | ||
CMD /bin/sh -c "yarn run start" | ||
COPY --from=production_build /build . |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
#!/bin/bash | ||
|
||
# TODO: this is a hack, we should find a better way to share files between backend and webapp | ||
[ -f src/config/tmp/emails.js ] && mv src/config/tmp/emails.js src/config/emails.ts | ||
[ -f src/config/tmp/logos.js ] && mv src/config/tmp/logos.js src/config/logos.ts | ||
[ -f src/config/tmp/metadata.js ] && mv src/config/tmp/metadata.js src/config/metadata.ts | ||
exit 0 |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.