From 61c1cf967b2d439600bd6a03f8c8236563e6c56b Mon Sep 17 00:00:00 2001 From: lazos Date: Fri, 7 Nov 2025 23:11:35 +0100 Subject: [PATCH 1/6] [FEAT] Docker image --- .dockerignore | 4 ++ .github/workflows/publish-image.yml | 50 +++++++++++++++++++ Dockerfile | 77 +++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 .dockerignore create mode 100644 .github/workflows/publish-image.yml create mode 100644 Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..5e0660ec --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +.github/ +.husky/ +.idea/ +.vscode/ diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml new file mode 100644 index 00000000..a1f15a17 --- /dev/null +++ b/.github/workflows/publish-image.yml @@ -0,0 +1,50 @@ +name: Publish Image + +on: + push: + branches: ['release'] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + id: push + uses: docker/build-push-action@v6 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v3 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..efcad33f --- /dev/null +++ b/Dockerfile @@ -0,0 +1,77 @@ +ARG BRANCH=master +ARG DEBIAN_CODE=trixie +ARG NODE_VERSION=24 +ARG PYTHON_VERSION=3.13 +ARG USER_NAME=spacebar +ARG USER_GROUP=$USER_NAME +ARG USER_UID=1000 +ARG USER_GID=1000 +ARG WORKDIR=/spacebar + + +FROM python:${PYTHON_VERSION}-slim-${DEBIAN_CODE} AS base_python + + +FROM node:${NODE_VERSION}-${DEBIAN_CODE}-slim AS base + +COPY --from=base_python /usr/local/bin/python* /usr/local/bin/ +COPY --from=base_python /usr/local/bin/pip* /usr/local/bin/ +COPY --from=base_python /usr/local/lib/python* /usr/local/lib/ +COPY --from=base_python /usr/local/lib/libpython* /usr/local/lib/ + + +FROM base AS builder + +ARG BRANCH + +WORKDIR /build + +RUN apt-get update && \ + apt-get install -y --no-install-recommends build-essential pkg-config && \ + rm -rf /var/lib/apt/lists/* + +WORKDIR /build/server + +COPY . . + +RUN npm i \ + && npm run setup + + +FROM base AS final + +ARG USER_NAME +ARG USER_GROUP +ARG USER_UID +ARG USER_GID +ARG WORKDIR + +RUN mkdir -p "${WORKDIR}/server" \ + && chown -R "${USER_UID}:${USER_GID}" "${WORKDIR}" + +RUN deluser node 2>/dev/null || true \ + && delgroup node 2>/dev/null || true \ + && rm -fr /home/node \ + && addgroup --gid "$USER_GID" "$USER_GROUP" \ + && adduser \ + --disabled-password \ + --gecos "" \ + --uid "$USER_UID" \ + --gid "$USER_GID" \ + --home "$WORKDIR" \ + --no-create-home \ + "$USER_NAME" + +USER ${USER_NAME} + +#@todo: only bring what we need +COPY --chown=${USER_NAME}:${USER_GROUP} --from=builder /build/server "${WORKDIR}/server" + +ENV PORT="8080" +ENV CONFIG_PATH="${WORKDIR}/config.json" +ENV DATABASE="${WORKDIR}/database.db" + +WORKDIR "${WORKDIR}/server" + +ENTRYPOINT [ "npm", "run" ] +CMD [ "start" ] From 7367870ecfdcda9d67470d2db0666b6f4ae1728b Mon Sep 17 00:00:00 2001 From: lazos Date: Fri, 7 Nov 2025 23:20:47 +0100 Subject: [PATCH 2/6] github action publish image --- .github/workflows/publish-image.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-image.yml b/.github/workflows/publish-image.yml index a1f15a17..ed1ff734 100644 --- a/.github/workflows/publish-image.yml +++ b/.github/workflows/publish-image.yml @@ -1,8 +1,8 @@ name: Publish Image on: - push: - branches: ['release'] + release: + types: [published] env: REGISTRY: ghcr.io From ac62d44d414412ea0c2c36d43d773a2bd281b2b3 Mon Sep 17 00:00:00 2001 From: lazos Date: Fri, 7 Nov 2025 23:34:29 +0100 Subject: [PATCH 3/6] update dockerignore --- .dockerignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.dockerignore b/.dockerignore index 5e0660ec..05356c09 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,3 +2,7 @@ .husky/ .idea/ .vscode/ + +node_modules/ +dist/ +files/ From 11a1d54c3563c8ac89bda8ef55db2393e5304aea Mon Sep 17 00:00:00 2001 From: lazos Date: Fri, 7 Nov 2025 23:50:13 +0100 Subject: [PATCH 4/6] fixup --- Dockerfile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index efcad33f..9258fc41 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,3 @@ -ARG BRANCH=master ARG DEBIAN_CODE=trixie ARG NODE_VERSION=24 ARG PYTHON_VERSION=3.13 @@ -6,7 +5,7 @@ ARG USER_NAME=spacebar ARG USER_GROUP=$USER_NAME ARG USER_UID=1000 ARG USER_GID=1000 -ARG WORKDIR=/spacebar +ARG BASEDIR=/spacebar FROM python:${PYTHON_VERSION}-slim-${DEBIAN_CODE} AS base_python @@ -44,10 +43,10 @@ ARG USER_NAME ARG USER_GROUP ARG USER_UID ARG USER_GID -ARG WORKDIR +ARG BASEDIR -RUN mkdir -p "${WORKDIR}/server" \ - && chown -R "${USER_UID}:${USER_GID}" "${WORKDIR}" +RUN mkdir -p "${BASEDIR}/server" \ + && chown -R "${USER_UID}:${USER_GID}" "${BASEDIR}" RUN deluser node 2>/dev/null || true \ && delgroup node 2>/dev/null || true \ @@ -65,13 +64,13 @@ RUN deluser node 2>/dev/null || true \ USER ${USER_NAME} #@todo: only bring what we need -COPY --chown=${USER_NAME}:${USER_GROUP} --from=builder /build/server "${WORKDIR}/server" +COPY --chown=${USER_NAME}:${USER_GROUP} --from=builder /build/server "${BASEDIR}/server" ENV PORT="8080" -ENV CONFIG_PATH="${WORKDIR}/config.json" -ENV DATABASE="${WORKDIR}/database.db" +ENV CONFIG_PATH="${BASEDIR}/config.json" +ENV DATABASE="${BASEDIR}/database.db" -WORKDIR "${WORKDIR}/server" +WORKDIR "${BASEDIR}/server" ENTRYPOINT [ "npm", "run" ] CMD [ "start" ] From 1e281b851c0ee35e0ef593bbe1cca13d0c9f9352 Mon Sep 17 00:00:00 2001 From: lazos Date: Sat, 8 Nov 2025 11:06:53 +0100 Subject: [PATCH 5/6] default port --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9258fc41..ffeef473 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,7 +66,7 @@ USER ${USER_NAME} #@todo: only bring what we need COPY --chown=${USER_NAME}:${USER_GROUP} --from=builder /build/server "${BASEDIR}/server" -ENV PORT="8080" +ENV PORT="3001" ENV CONFIG_PATH="${BASEDIR}/config.json" ENV DATABASE="${BASEDIR}/database.db" From f869e5e0030de615614716703034db3d373f9829 Mon Sep 17 00:00:00 2001 From: lazos Date: Sat, 8 Nov 2025 11:54:46 +0100 Subject: [PATCH 6/6] fixup --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ffeef473..611a009e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,14 +50,13 @@ RUN mkdir -p "${BASEDIR}/server" \ RUN deluser node 2>/dev/null || true \ && delgroup node 2>/dev/null || true \ - && rm -fr /home/node \ + && rm -fr /home/node 2>/dev/null || true \ && addgroup --gid "$USER_GID" "$USER_GROUP" \ && adduser \ --disabled-password \ --gecos "" \ --uid "$USER_UID" \ --gid "$USER_GID" \ - --home "$WORKDIR" \ --no-create-home \ "$USER_NAME"