From 46d34ff1dbe9a828b13a468f692ab9f37364340d Mon Sep 17 00:00:00 2001 From: Julian Waller Date: Wed, 11 Dec 2024 11:57:57 +0000 Subject: [PATCH 1/3] feat: add more dockerfiles --- apps/package-manager/app/Dockerfile | 51 +++++++++++++++++++++++++++++ apps/workforce/app/Dockerfile | 51 +++++++++++++++++++++++++++++ shared/packages/api/package.json | 1 + yarn.lock | 1 + 4 files changed, 104 insertions(+) create mode 100644 apps/package-manager/app/Dockerfile create mode 100644 apps/workforce/app/Dockerfile diff --git a/apps/package-manager/app/Dockerfile b/apps/package-manager/app/Dockerfile new file mode 100644 index 00000000..17092087 --- /dev/null +++ b/apps/package-manager/app/Dockerfile @@ -0,0 +1,51 @@ +FROM node:18-alpine as builder + +# Note: Build this from the root directory: +# cd package-manager +# docker build -f apps/package-manager/app/Dockerfile -t pm-package-manager . +# docker build -t pm-package-manager ../../../.. + +# Environment + +WORKDIR /src + +# Common + +COPY package.json tsconfig.json tsconfig.build.json yarn.lock lerna.json commonPackage.json .yarnrc.yml ./ +COPY scripts ./scripts +COPY .yarn ./.yarn + +# Shared dependencies +COPY shared ./shared + + +# App dependencies +RUN mkdir -p apps/package-manager +COPY apps/package-manager/packages apps/package-manager/packages + +# App +COPY apps/package-manager/app apps/package-manager/app + +# Install +RUN yarn install + +# Build +RUN yarn build + +# Purge dev-dependencies: +RUN yarn workspaces focus -A --production + +RUN rm -r scripts + + +# Create deploy-image: +FROM node:18-alpine + +COPY --from=builder /src /src + + +WORKDIR /src/apps/package-manager/app +ENV package-manager_PORT=8070 +EXPOSE 8070 + +CMD ["yarn", "start"] diff --git a/apps/workforce/app/Dockerfile b/apps/workforce/app/Dockerfile new file mode 100644 index 00000000..6bf435d0 --- /dev/null +++ b/apps/workforce/app/Dockerfile @@ -0,0 +1,51 @@ +FROM node:18-alpine as builder + +# Note: Build this from the root directory: +# cd package-manager +# docker build -f apps/workforce/app/Dockerfile -t pm-workforce . +# docker build -t pm-workforce ../../../.. + +# Environment + +WORKDIR /src + +# Common + +COPY package.json tsconfig.json tsconfig.build.json yarn.lock lerna.json commonPackage.json .yarnrc.yml ./ +COPY scripts ./scripts +COPY .yarn ./.yarn + +# Shared dependencies +COPY shared ./shared + + +# App dependencies +RUN mkdir -p apps/workforce +COPY apps/workforce/packages apps/workforce/packages + +# App +COPY apps/workforce/app apps/workforce/app + +# Install +RUN yarn install + +# Build +RUN yarn build + +# Purge dev-dependencies: +RUN yarn workspaces focus -A --production + +RUN rm -r scripts + + +# Create deploy-image: +FROM node:18-alpine + +COPY --from=builder /src /src + + +WORKDIR /src/apps/workforce/app +ENV WORKFORCE_PORT=8070 +EXPOSE 8070 + +CMD ["yarn", "start"] diff --git a/shared/packages/api/package.json b/shared/packages/api/package.json index 7b4c6839..6a7ec3f7 100644 --- a/shared/packages/api/package.json +++ b/shared/packages/api/package.json @@ -16,6 +16,7 @@ "@sofie-automation/shared-lib": "*" }, "devDependencies": { + "@types/underscore": "^1.10.24", "@types/winston": "^2.3.9", "@types/ws": "^8.5.4", "jest": "*", diff --git a/yarn.lock b/yarn.lock index 546aa54c..ddc9a5c4 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2143,6 +2143,7 @@ __metadata: version: 0.0.0-use.local resolution: "@sofie-package-manager/api@workspace:shared/packages/api" dependencies: + "@types/underscore": "npm:^1.10.24" "@types/winston": "npm:^2.3.9" "@types/ws": "npm:^8.5.4" jest: "npm:*" From 92c306c06d49e8d5debc423e49123306ee4dfa6b Mon Sep 17 00:00:00 2001 From: Julian Waller Date: Wed, 11 Dec 2024 11:58:15 +0000 Subject: [PATCH 2/3] fix: package manager not following publication rules --- apps/package-manager/packages/generic/src/coreHandler.ts | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/apps/package-manager/packages/generic/src/coreHandler.ts b/apps/package-manager/packages/generic/src/coreHandler.ts index 375990d0..d4b79203 100644 --- a/apps/package-manager/packages/generic/src/coreHandler.ts +++ b/apps/package-manager/packages/generic/src/coreHandler.ts @@ -160,16 +160,11 @@ export class CoreHandler { await Promise.all([ this.core.autoSubscribe(PeripheralDevicePubSub.peripheralDeviceForDevice, this.core.deviceId), this.core.autoSubscribe(PeripheralDevicePubSub.peripheralDeviceCommands, this.core.deviceId), - this.core.autoSubscribe(PeripheralDevicePubSub.packageManagerPlayoutContext, this.core.deviceId, undefined), - this.core.autoSubscribe( - PeripheralDevicePubSub.packageManagerPackageContainers, - this.core.deviceId, - undefined - ), + this.core.autoSubscribe(PeripheralDevicePubSub.packageManagerPlayoutContext, this.core.deviceId), + this.core.autoSubscribe(PeripheralDevicePubSub.packageManagerPackageContainers, this.core.deviceId), this.core.autoSubscribe( PeripheralDevicePubSub.packageManagerExpectedPackages, this.core.deviceId, - undefined, undefined ), ]) From 420bb70c7d9b6b2ce5d4a7a3df63f119578d5b11 Mon Sep 17 00:00:00 2001 From: Julian Waller Date: Mon, 16 Dec 2024 13:03:29 +0000 Subject: [PATCH 3/3] feat: rework ci building to build additional packages and rely on build matrix --- .github/workflows/prune-container-images.yml | 6 +- .../workflows/publish-prerelease-docker.yaml | 140 ++++++------------ 2 files changed, 52 insertions(+), 94 deletions(-) diff --git a/.github/workflows/prune-container-images.yml b/.github/workflows/prune-container-images.yml index dfbefcb4..afd782e3 100644 --- a/.github/workflows/prune-container-images.yml +++ b/.github/workflows/prune-container-images.yml @@ -1,9 +1,9 @@ -name: "Prune container images" +name: 'Prune container images' on: workflow_dispatch: schedule: - - cron: "0 15 * * *" + - cron: '0 15 * * *' jobs: prune-container-images: @@ -11,7 +11,7 @@ jobs: strategy: max-parallel: 1 matrix: - repo: [ http-server, quantel-http-transformer-proxy ] + repo: [package-manager, workforce, http-server, quantel-http-transformer-proxy] with: dry-run: false prune-untagged: true diff --git a/.github/workflows/publish-prerelease-docker.yaml b/.github/workflows/publish-prerelease-docker.yaml index 2746fc63..5c67493d 100644 --- a/.github/workflows/publish-prerelease-docker.yaml +++ b/.github/workflows/publish-prerelease-docker.yaml @@ -7,10 +7,15 @@ on: - 'v*.*.*' jobs: - build: - name: Build and publish docker images + check-build-steps: + name: Check if build and push should be performed runs-on: ubuntu-latest - timeout-minutes: 15 + timeout-minutes: 5 + + outputs: + dockerhub-enable: ${{ steps.dockerhub.outputs.dockerhub-publish }} + ghcr-enable: ${{ steps.check-ghcr.outputs.enable }} + build-and-push-enable: ${{ steps.check-build-and-push.outputs.enable }} steps: - uses: actions/checkout@v4 @@ -48,41 +53,29 @@ jobs: echo "Enable build and push: ${{ env.SECRET_ACCESS != '' }}" echo "enable=${{ env.SECRET_ACCESS != '' }}" >> $GITHUB_OUTPUT - - name: Get the http-server docker tag for GHCR - id: http-server-ghcr-tag - if: steps.check-build-and-push.outputs.enable == 'true' - uses: docker/metadata-action@v5 - with: - images: | - ghcr.io/${{ github.repository }}-http-server - tags: | - type=schedule - type=ref,event=branch - type=ref,event=tag - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=nightly,enable={{is_default_branch}} + build: + name: Build and publish docker image for ${{ matrix.repo }} + runs-on: ubuntu-latest + timeout-minutes: 15 + needs: + - check-build-steps - - name: Get the http-server docker tag for DockerHub - id: http-server-dockerhub-tag - if: steps.check-build-and-push.outputs.enable == 'true' - uses: docker/metadata-action@v5 + strategy: + matrix: + repo: [package-manager, workforce, http-server, quantel-http-transformer-proxy] + + steps: + - uses: actions/checkout@v4 with: - images: | - sofietv/package-manager-http-server - tags: | - type=schedule - type=ref,event=branch - type=ref,event=tag - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=nightly,enable={{is_default_branch}} + persist-credentials: false - - name: Get the quantel-http-transformer-proxy docker tag for GHCR - id: quantel-ghcr-tag - if: steps.check-build-and-push.outputs.enable == 'true' + - name: Get the docker tag for GHCR + id: ghcr-tag + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' uses: docker/metadata-action@v5 with: images: | - ghcr.io/${{ github.repository }}-quantel-http-transformer-proxy + ghcr.io/${{ github.repository }}-${{ matrix.repo}} tags: | type=schedule type=ref,event=branch @@ -90,13 +83,13 @@ jobs: type=raw,value=latest,enable={{is_default_branch}} type=raw,value=nightly,enable={{is_default_branch}} - - name: Get the quantel-http-transformer-proxy docker tag for DockerHub - id: quantel-dockerhub-tag - if: steps.check-build-and-push.outputs.enable == 'true' + - name: Get the docker tag for DockerHub + id: dockerhub-tag + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' uses: docker/metadata-action@v5 with: images: | - sofietv/package-manager-quantel-http-transformer-proxy + sofietv/package-manager-${{ matrix.repo}} tags: | type=schedule type=ref,event=branch @@ -105,97 +98,62 @@ jobs: type=raw,value=nightly,enable={{is_default_branch}} - name: Set up Docker Buildx - if: steps.check-build-and-push.outputs.enable == 'true' + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' uses: docker/setup-buildx-action@v3 - name: Login to DockerHub - if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' && needs.check-build-steps.outputs.dockerhub-enable == '1' uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GitHub Container Registry - if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' && needs.check-build-steps.outputs.ghcr-enable == 'true' uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push http-server to GHCR - if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' + - name: Build and push to GHCR + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' && needs.check-build-steps.outputs.ghcr-enable == 'true' uses: docker/build-push-action@v6 with: context: . - file: apps/http-server/app/Dockerfile + file: apps/${{ matrix.repo}}/app/Dockerfile push: true provenance: false - labels: ${{ steps.http-server-ghcr-tag.outputs.labels }} - tags: "${{ steps.http-server-ghcr-tag.outputs.tags }}" + labels: ${{ steps.ghcr-tag.outputs.labels }} + tags: '${{ steps.ghcr-tag.outputs.tags }}' - - name: Build and push http-server to DockerHub - if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' + - name: Build and push to DockerHub + if: needs.check-build-steps.outputs.build-and-push-enable == 'true' && needs.check-build-steps.outputs.dockerhub-enable == '1' uses: docker/build-push-action@v6 with: context: . - file: apps/http-server/app/Dockerfile + file: apps/${{ matrix.repo}}/app/Dockerfile push: true provenance: false - labels: ${{ steps.http-server-dockerhub-tag.outputs.labels }} - tags: "${{ steps.http-server-dockerhub-tag.outputs.tags }}" - - - name: Build and push quantel-http-transformer-proxy to GHCR - if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' - uses: docker/build-push-action@v6 - with: - context: . - file: apps/quantel-http-transformer-proxy/app/Dockerfile - push: true - provenance: false - labels: ${{ steps.quantel-ghcr-tag.outputs.labels }} - tags: "${{ steps.quantel-ghcr-tag.outputs.tags }}" - - - name: Build and push quantel-http-transformer-proxy to DockerHub - if: steps.check-build-and-push.outputs.enable == 'true' && steps.dockerhub.outputs.dockerhub-publish == '1' - uses: docker/build-push-action@v6 - with: - context: . - file: apps/quantel-http-transformer-proxy/app/Dockerfile - push: true - provenance: false - labels: ${{ steps.quantel-dockerhub-tag.outputs.labels }} - tags: "${{ steps.quantel-dockerhub-tag.outputs.tags }}" - - trivy-scanning-http-server: - uses: nrkno/github-workflow-docker-build-push/.github/workflows/workflow.yaml@v4.1.1 - with: - runs-on: "['ubuntu-latest']" - registry-url: ghcr.io - name: nrkno/sofie-package-manager - # Don't actually push any images, this is just for trivy scanning for now - push: false - trivy-severity: "CRITICAL" - trivy-summary-enabled: true - trivy-sbom-enabled: true - dockerfile: apps/http-server/app/Dockerfile - secrets: - registry-username: ${{ github.repository_owner }} - registry-password: ${{ secrets.GITHUB_TOKEN }} - token: ${{ secrets.GITHUB_TOKEN }} + labels: ${{ steps.dockerhub-tag.outputs.labels }} + tags: '${{ steps.dockerhub-tag.outputs.tags }}' - trivy-scanning-quantel-http-transformer-proxy: + trivy-scanning: + name: Run Trivy scan for ${{ matrix.repo }} uses: nrkno/github-workflow-docker-build-push/.github/workflows/workflow.yaml@v4.1.1 + strategy: + matrix: + repo: [package-manager, workforce, http-server, quantel-http-transformer-proxy] with: runs-on: "['ubuntu-latest']" registry-url: ghcr.io name: nrkno/sofie-package-manager # Don't actually push any images, this is just for trivy scanning for now push: false - trivy-severity: "CRITICAL" + trivy-severity: 'CRITICAL' trivy-summary-enabled: true trivy-sbom-enabled: true - dockerfile: apps/quantel-http-transformer-proxy/app/Dockerfile + dockerfile: apps/${{ matrix.repo }}/app/Dockerfile secrets: registry-username: ${{ github.repository_owner }} registry-password: ${{ secrets.GITHUB_TOKEN }}