Build and Push Docker Image Workflow

.github/workflows/build-and-push-docker.yml

@@ -0,0 +1,88 @@
+name: Build and Push Docker Images
+
+on:
+  pull_request:
+    paths-ignore:
+    - 'README.md'
+    - 'CODE_OF_CONDUCT.md'
+    - 'CONTRIBUTING.md'
+    - 'LICENSE'
+    - 'SECURITY.md'
+    - 'docs/**'
+    - 'keycloakify/**'
+    - '.github/**'
+    - '!.github/workflows/build-and-push-docker-image.yml'
+    - '!.github/workflows/dev.yml'
+  push:
+    branches:
+      - develop
+
+jobs:
+  build:
+    name: ${{ matrix.path }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./webapp/Dockerfile
+            image: ls1intum/Hephaestus/webapp
+            context: ./webapp
+            path: webapp
+          - dockerfile: ./server/intelligence-service/Dockerfile
+            image: ls1intum/Hephaestus/intelligence-service
+            context: ./server/intelligence-service
+            path: intelligence-service
+          - dockerfile: ./server/webhook-ingest/Dockerfile
+            image: ls1intum/Hephaestus/webhook-ingest
+            context: ./server/webhook-ingest
+            path: webhook-ingest
+          - dockerfile: ./server/application-server/Dockerfile
+            image: ls1intum/Hephaestus/application-server
+            context: ./server/application-server
+            path: application-server
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+
+      - name: Install Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=sha,prefix=,format=long
+
+      - name: Build and push Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          cache-from: type=gha,scope=${{ matrix.image }}
+          cache-to: type=gha,scope=${{ matrix.image }},mode=max

compose.yaml

@@ -1,6 +1,31 @@
 services:
+  webapp:
+    build:
+      context: ./webapp
+    ports:
+      - '80'
+    environment:
+      - APPLICATION_CLIENT_URL
+      - APPLICATION_SERVER_URL
+      - SENTRY_DNS
+      - KEYCLOAK_URL
+      - KEYCLOAK_REALM
+      - KEYCLOAK_CLIENT_ID
+      - KEYCLOAK_SKIP_LOGIN
+      - LEGAL_IMPRINT_HTML
+      - LEGAL_PRIVACY_HTML
+      - UMAMI_ENABLED
+      - UMAMI_SCRIPT_URL
+      - UMAMI_WEBSITE_ID
+      - UMAMI_DOMAINS
+    depends_on:
+      - application-server
+    networks:
+      - app-network
+
   application-server:
-    image: hephaestus-application-server
+    build:
+      context: ./server/application-server
     ports:
       - '8080'
     environment:
@@ -66,4 +91,7 @@ services:
 
 networks:
   app-network:
-    driver: bridge`
+    driver: bridge
+
+volumes:
+  postgresql-data:

package.json

@@ -1,4 +1,5 @@
 {
+  "version": "0.0.1",
   "name": "hephaestus",
   "workspaces": [
     "webapp/*"

server/application-server/Dockerfile

@@ -0,0 +1,26 @@
+FROM maven:3.9.8-eclipse-temurin-21 AS build
+
+WORKDIR /app
+
+COPY pom.xml .
+
+# This step is to cache dependencies, avoiding re-downloading them every time
+RUN mvn dependency:go-offline
+
+COPY src ./src
+
+RUN mvn clean package -DskipTests
+
+FROM eclipse-temurin:21
+
+WORKDIR /app
+
+COPY --from=build /app/target/*.jar /app/server.jar
+
+RUN addgroup --system spring && adduser --system spring --ingroup spring
+
+USER spring:spring
+
+EXPOSE 8080
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/server.jar"]

server/application-server/src/main/resources/application-prod.yml

@@ -14,7 +14,7 @@ spring:
           issuer-uri: ${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}
 
 hephaestus:
-    host-url: ${APPLICATION_HOST_URL}
+    host-url: ${APPLICATION_CLIENT_URL}
 
     leaderboard:
       schedule:
@@ -33,8 +33,8 @@ hephaestus:
 keycloak:
     url: ${KEYCLOAK_URL}
     realm: ${KEYCLOAK_REALM}
-    client-id: ${KEYCLOAK_CLIENT_ID}
-    client-secret: ${KEYCLOAK_CLIENT_SECRET}
+    client-id: ${KEYCLOAK_CONFIDENTIAL_CLIENT_ID}
+    client-secret: ${KEYCLOAK_CONFIDENTIAL_CLIENT_SECRET}
 
 nats:
     enabled: ${NATS_ENABLED:false}

webapp/Dockerfile

@@ -1,60 +1,46 @@
-FROM node:latest as build
+FROM node:22 AS build
 
 WORKDIR /app
 
-COPY ./ /app/
-
-# Ensure .env file exists
-RUN mv .env* .env || true
-RUN touch .env
-RUN cat .env
-
-# Fix buggy replacement of COOLIFY_URL in .env
-RUN COOLIFY_URL_VALUE=$(grep '^COOLIFY_URL=' .env | cut -d '=' -f2) && \
-    sed -i "s|\$COOLIFY_URL|$COOLIFY_URL_VALUE|g" .env
-
-# Export environment variables from .env
-# This assumes that .env contains lines like VARIABLE=value
-# and does not contain spaces around the '='
-RUN set -a && \
-    . /app/.env && \
-    set +a && \
-    echo "Generating environment.prod.ts" && \
-    cat > src/environments/environment.prod.ts <<EOF
-export const environment = {
-  clientUrl: '${APPLICATION_CLIENT_URL}',
-  serverUrl: '${APPLICATION_SERVER_URL}',
-  version: '${APPLICATION_VERSION}',
-  sentry: {
-    dsn: '${SENTRY_DSN}',
-    environment: 'prod',
-  },
-  keycloak: {
-    url: '${KEYCLOAK_URL}',
-    realm: '${KEYCLOAK_REALM}',
-    clientId: '${KEYCLOAK_CLIENT_ID}',
-    skipLoginPage: ${KEYCLOAK_SKIP_LOGIN}
-  },
-  umami: {
-    enabled: '${UMAMI_ENABLED}',
-    scriptUrl: '${UMAMI_SCRIPT_URL}',
-    websiteId: '${UMAMI_WEBSITE_ID}',
-    domains: '${UMAMI_DOMAINS}'
-  },
-  legal: {
-    imprintHtml: '${LEGAL_IMPRINT_HTML}',
-    privacyHtml: '${LEGAL_PRIVACY_HTML}'
-  }
-};
-EOF
+COPY package.json package-lock.json ./
 
 RUN npm install
+
+COPY . ./
+
 RUN npm run build
 
-FROM nginx:latest
+# Extract version from package.json and save to version.txt
+RUN node -e "console.log(require('./package.json').version)" > /app/version.txt
+
+FROM nginx:stable-alpine
+
+ENV APPLICATION_CLIENT_URL=https://default-client.url
+ENV APPLICATION_SERVER_URL=https://default-server.url
+
+ENV SENTRY_DNS=https://[email protected]/3
+
+ENV KEYCLOAK_URL=https://default-keycloak.url
+ENV KEYCLOAK_REALM=default-realm
+ENV KEYCLOAK_CLIENT_ID=default-client-id
+ENV KEYCLOAK_SKIP_LOGIN=false
+
+ENV LEGAL_IMPRINT_HTML="<p>Default Imprint</p>"
+ENV LEGAL_PRIVACY_HTML="<p>Default Privacy</p>"
+
+ENV UMAMI_ENABLED=false
+ENV UMAMI_SCRIPT_URL=""
+ENV UMAMI_WEBSITE_ID=""
+ENV UMAMI_DOMAINS=""
 
 COPY --from=build /app/dist/webapp/browser /usr/share/nginx/html
 
+COPY generate_config.sh /usr/local/bin/generate_config.sh
+RUN chmod +x /usr/local/bin/generate_config.sh
+
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
+
+ENTRYPOINT ["/usr/local/bin/generate_config.sh"]
+CMD ["nginx", "-g", "daemon off;"]

webapp/angular.json

@@ -60,12 +60,6 @@
           },
           "configurations": {
             "production": {
-              "fileReplacements": [
-                {
-                  "replace": "src/environments/environment.ts",
-                  "with": "src/environments/environment.prod.ts"
-                }
-              ],
               "budgets": [
                 {
                   "type": "initial",

webapp/generate_config.sh

@@ -0,0 +1,34 @@
+#!/bin/sh
+# This script generates the environment.json file for the webapp based on the environment variables during the docker container startup.
+
+APP_VERSION=$(cat /version.txt)
+
+cat <<EOF > /usr/share/nginx/html/environment.json
+{
+  "version": "{$APP_VERSION}",
+  "clientUrl": "${APPLICATION_CLIENT_URL}",
+  "serverUrl": "${APPLICATION_SERVER_URL}",
+  "sentry": {
+    "dsn": "${SENTRY_DNS}",
+    "environment": "prod"
+  },
+  "keycloak": {
+    "url": "${KEYCLOAK_URL}",
+    "realm": "${KEYCLOAK_REALM}",
+    "clientId": "${KEYCLOAK_CLIENT_ID}",
+    "skipLoginPage": ${KEYCLOAK_SKIP_LOGIN}
+  },
+  "umami": {
+    "enabled": ${UMAMI_ENABLED},
+    "scriptUrl": "${UMAMI_SCRIPT_URL}",
+    "websiteId": "${UMAMI_WEBSITE_ID}",
+    "domains": "${UMAMI_DOMAINS}"
+  },
+  "legal": {
+    "imprintHtml": "$(echo "${LEGAL_IMPRINT_HTML}" | sed 's/"/\\"/g')",
+    "privacyHtml": "$(echo "${LEGAL_PRIVACY_HTML}" | sed 's/"/\\"/g')"
+  }
+}
+EOF
+
+exec "$@"