ci(docker): Make AHBesser Prod and Stage ready (#356)

* add pulumi prod config

* add pulumi prod config

* sort pulumi configs

* add shell script for start up

* add more files and folders to .dockerignore

* pulumi add environment to env vars

* set environment variable environment

* wip start.sh

* use single stage dockerfile

* improve start.sh

* use non-root user

* sort pulumi files

Author: hf-krechan

.dockerignore

@@ -15,3 +15,14 @@ node_modules
 .prettierrc
 README.md
 *.tsbuildinfo
+
+
+.DS_Store
+.env
+.example.env
+.github
+.gitmodules
+.idea
+.octopus
+azure-mock
+node_modules

Dockerfile

@@ -1,38 +1,36 @@
-# BUILDER IMAGE
-FROM node:23.5-alpine AS builder
-
-WORKDIR /service
-
-COPY . .
-
-RUN npm ci --no-scripts
-
-RUN npm run ng:build
-RUN npm run server:build
-
-# PRODUCTION IMAGE
+# Single-Stage Dockerfile
 FROM node:23.5-alpine
 
-# Set build arguments
+# Set environment arguments and variables
 ARG BUILD_DATE
 ARG COMMIT_ID
 ARG VERSION
 
-# Set environment variables
-ENV BUILD_DATE=$BUILD_DATE
-ENV COMMIT_ID=$COMMIT_ID
-ENV VERSION=$VERSION
+# Environment variables
+ENV BUILD_DATE=$BUILD_DATE \
+  COMMIT_ID=$COMMIT_ID \
+  VERSION=$VERSION
 
 WORKDIR /service
 
+# Create a non-root user for security
 RUN addgroup --system --gid 1001 nodejs && \
   adduser --system --uid 1001 nodejs
 
-COPY --chown=nodejs:nodejs --from=builder /service/dist dist
-COPY --chown=nodejs:nodejs --from=builder /service/node_modules node_modules
+# Copy all necessary files into the image
+COPY . .
+
+# Change ownership of the service folder and all copied files to the nodejs user
+RUN chown -R nodejs:nodejs /service
+
+# Install dependencies
+RUN npm ci --no-scripts
 
+# Switch to non-root user
 USER nodejs
 
+# Expose port for the server
 EXPOSE 3000
 
-CMD node dist/server/server.js
+# Start the application via start.sh script
+CMD ["sh", "./start.sh"]

pulumi/Pulumi.dev.yaml

@@ -1,14 +1,15 @@
 config:
   ahb-tabellen:ahbBlobContainerName: ahb-tables
   ahb-tabellen:appPath: app
+  ahb-tabellen:bedingungsbaumBaseUrl: https://bedingungsbaum.stage.hochfrequenz.de
   ahb-tabellen:containerPort: "80"
   ahb-tabellen:cpu: "1"
+  ahb-tabellen:environment: stage
   ahb-tabellen:formatVersionContainerName: format-versions
   ahb-tabellen:ghcr_token:
     secure: AAABAEg7fEk2P91sxA8mlsQ5AueGPcKpU5H8jCLGvH82HsWD1NkdQLT69wDwMfdI7Nc+jSdwJC4Wx/ym4m3HUMGxgeK9RJt0
   ahb-tabellen:imageName: ghcr.io/hochfrequenz/ahbesser
   ahb-tabellen:imageTag: v0.0.22
   ahb-tabellen:memory: "2"
-  ahb-tabellen:bedingungsbaumBaseUrl: https://bedingungsbaum.stage.hochfrequenz.de
   azure-native:location: germanywestcentral
   pulumi:template: container-azure-python

pulumi/Pulumi.prod.yaml

@@ -0,0 +1,16 @@
+config:
+  ahb-tabellen:ahbBlobContainerName: ahb-tables
+  ahb-tabellen:appPath: app
+  ahb-tabellen:bedingungsbaumBaseUrl: https://bedingungsbaum.hochfrequenz.de
+  ahb-tabellen:containerPort: "80"
+  ahb-tabellen:cpu: "1"
+  ahb-tabellen:environment: production
+  ahb-tabellen:formatVersionContainerName: format-versions
+  ahb-tabellen:ghcr_token:
+    secure: AAABAKDpxgOPRYBk2KIdX7mlihB3y/nJDFZQsK2/2Mf88W8XnEeC4JbZSsDwPfvq0vZjnHa/x3iU6Kt2V1ww8jO3YiXKAswf
+  ahb-tabellen:imageName: ghcr.io/hochfrequenz/ahbesser
+  ahb-tabellen:imageTag: v0.0.22
+  ahb-tabellen:location: germanywestcentral
+  ahb-tabellen:memory: "2"
+  azure-native:location: germanywestcentral
+  pulumi:template: container-azure-python

pulumi/__main__.py

@@ -29,6 +29,9 @@
 bedingungsbaum_base_url = config.get("bedingungsbaumBaseUrl")
 assert bedingungsbaum_base_url, "bedingungsbaumBaseUrl must be set"
 
+environment = config.get("environment")
+assert environment, "environment must be set"
+
 cpu = config.get_int("cpu", 1)
 memory = config.get_int("memory", 2)
 
@@ -112,6 +115,7 @@
             azure_native.web.NameValuePairArgs(
                 name="BEDINGUNGSBAUM_BASE_URL", value=bedingungsbaum_base_url
             ),
+            azure_native.web.NameValuePairArgs(name="ENVIRONMENT", value=environment),
         ],
         linux_fx_version=f"DOCKER|{image_name_with_tag}",
     ),

start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# Exit immediately if a command exits with a non-zero status
+set -e
+
+echo "Starting application setup with environment: $ENVIRONMENT"
+
+# Build the Angular application using local Angular CLI
+echo "Building Angular application..."
+npm run ng:build --configuration=$ENVIRONMENT
+
+# Build the Express server
+echo "Building Express server..."
+npm run server:build
+
+# Start the server
+node dist/server/server.js