Build and Push to ghcr and use prebuilt images

.github/workflows/docker-build-and-push.yml

@@ -0,0 +1,57 @@
+name: Build and Push Docker Images
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout Repository
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0  # Ensure all history and tags are fetched
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Get git version
+      run: echo "VERSION=$(git describe --tags --always)" >> $GITHUB_ENV
+
+    - name: Build and Push Backend Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        file: ./backend/Dockerfile
+        push: true
+        tags: |
+          ghcr.io/${{ github.repository }}/backend:${{ env.VERSION }}
+          ghcr.io/${{ github.repository }}/backend:latest
+        platforms: linux/amd64,linux/arm64,linux/arm64/v8
+
+    - name: Build and Push Frontend Docker Image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./frontend
+        file: ./frontend/Dockerfile
+        push: true
+        tags: |
+          ghcr.io/${{ github.repository }}/frontend:${{ env.VERSION }}
+          ghcr.io/${{ github.repository }}/frontend:latest
+        platforms: linux/amd64,linux/arm64,linux/arm64/v8

README.md

@@ -51,13 +51,20 @@ The decoupling allows you to save a considerable amount of time:
 > The easiest way to get started is through the [free trial of cloud instance available here](https://intuitem.com/trial).
 
 
-Alternatively, make sure you have *Docker* and *Docker-compose* installed, on your workstation or server, clone the repo and run:
+Alternatively, once you have *Docker* and *Docker-compose* installed, on your workstation or server, *clone* the repo and run:
 
 ```sh
 ./docker-compose.sh
 ```
 
-## Documentation
+> [!NOTE]
+> The docker-compose script uses prebuilt Docker images supporting most of the standard hardware architecture.
+> If you're using **Windows**, Make sure to have [WSL](https://learn.microsoft.com/en-us/windows/wsl/install) installed and trigger the script within a WSL command line. It will feed Docker Desktop on your behalf.
+
+> [!WARNING]
+If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture.
+
+## End-user Documentation
 
 Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant.
 
@@ -131,19 +138,26 @@ git clone [email protected]:intuitem/ciso-assistant-community.git
 cd ciso-assistant-community
 ```
 
-2. Launch docker-compose script
+2. Launch docker-compose script for prebuilt images:
 
 ```sh
 ./docker-compose.sh
 ```
 
+*Alternatively*, you can use this variant to build the docker images for your specific architecture:
+
+```sh
+./docker-compose-build.sh
+```
+
 When asked for, enter your email and password for your superuser.
 
 You can then reach CISO Assistant using your web brower at [https://localhost:8443/](https://localhost:8443/)
 
 For the following executions, use "docker compose up" directly.
 
-If you want to restart a fresh install, simply delete the db directory, where the database is stored.
+> [!TIP]
+> If you want a fresh install, simply delete the `db` directory, (default: backend/db) where the database is stored.
 
 
 ## Setting up CISO Assistant for development
@@ -152,6 +166,7 @@ If you want to restart a fresh install, simply delete the db directory, where th
 
 - Python 3.11+
 - pip 20.3+
+- node 18+
 - npm 10.2+
 
 ### Running the backend

docker-compose-build.sh

@@ -0,0 +1,14 @@
+#! /usr/bin/env bash
+
+if [ -f db/ciso-assistant.sqlite3 ] ; then
+    echo "the database seems already created"
+    echo "you should launch docker compose up -d"
+else
+    docker compose -f docker-compose-build.yml build 
+    docker compose -f docker-compose-build.yml up -d
+    docker compose exec backend python manage.py migrate
+    echo "initialize your superuser account..."
+    docker compose exec backend python manage.py createsuperuser
+    echo "connect to ciso assistant on https://localhost:8443"
+    echo "for successive runs you can now use docker compose up"
+fi

docker-compose-build.yml

@@ -0,0 +1,40 @@
+version: "3.9"
+
+services:
+  backend:
+    container_name: backend
+    build: ./backend
+    restart: always
+    environment:
+      - ALLOWED_HOSTS=backend
+      - CISO_ASSISTANT_URL=https://localhost:8443
+      - DJANGO_DEBUG=True
+    volumes:
+      - ./db:/code/db
+
+  frontend:
+    container_name: frontend
+    environment:
+      - PUBLIC_BACKEND_API_URL=http://backend:8000/api
+      - PROTOCOL_HEADER=x-forwarded-proto
+      - HOST_HEADER=x-forwarded-host
+
+    build: ./frontend
+    depends_on:
+      - backend
+
+  caddy:
+    container_name: caddy
+    image: caddy:2.7.6
+    restart: unless-stopped
+    ports:
+      - 8443:8443
+    command:
+      - caddy
+      - reverse-proxy
+      - --from
+      - https://localhost:8443
+      - --to
+      - frontend:3000
+    volumes:
+      - ./db:/data

docker-compose.sh

@@ -4,7 +4,6 @@ if [ -f db/ciso-assistant.sqlite3 ] ; then
     echo "the database seems already created"
     echo "you should launch docker compose up -d"
 else
-    docker compose build
     docker compose up -d
     docker compose exec backend python manage.py migrate
     echo "initialize your superuser account..."

docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.9"
 services:
   backend:
     container_name: backend
-    build: ./backend
+    image: ghcr.io/intuitem/ciso-assistant-community/backend:latest
     restart: always
     environment:
       - ALLOWED_HOSTS=backend
@@ -19,7 +19,7 @@ services:
       - PROTOCOL_HEADER=x-forwarded-proto
       - HOST_HEADER=x-forwarded-host
 
-    build: ./frontend
+    image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest
     depends_on:
       - backend