Skip to content

Commit 5696e2d

Browse files
MarekSuchanekMarekSuchanek
committed
Add Docker image build
1 parent b454d2b commit 5696e2d

File tree

2 files changed

+122
-0
lines changed

2 files changed

+122
-0
lines changed

.github/workflows/docker.yml

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
name: Docker
2+
3+
on:
4+
push:
5+
6+
jobs:
7+
docker-image:
8+
name: Build Docker Image
9+
runs-on: ubuntu-latest
10+
11+
env:
12+
PUBLIC_IMAGE_PREFIX: 'datastewardshipwizard'
13+
DOCKER_IMAGE_NAME: 'replies-importer-plugin'
14+
DOCKER_META_CONTEXT: '.'
15+
DOCKER_META_FILE: 'Dockerfile'
16+
DOCKER_META_PLATFORMS: 'linux/amd64,linux/arm64'
17+
18+
steps:
19+
- name: '[setup] Check out repository'
20+
uses: actions/checkout@v6
21+
22+
- name: '[setup] Set up QEMU'
23+
uses: docker/setup-qemu-action@v3
24+
25+
- name: '[setup] Set up Docker Buildx'
26+
id: buildx
27+
uses: docker/setup-buildx-action@v3
28+
29+
- name: '[docker] Docker meta'
30+
id: meta-test
31+
uses: docker/metadata-action@v5
32+
with:
33+
images: |
34+
${{ env.PUBLIC_IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}
35+
tags: |
36+
type=sha
37+
38+
- name: '[docker] Docker build'
39+
uses: docker/build-push-action@v6
40+
with:
41+
context: ${{ env.DOCKER_META_CONTEXT }}
42+
file: ${{ env.DOCKER_META_FILE }}
43+
platforms: ${{ env.DOCKER_META_PLATFORMS }}
44+
push: false
45+
tags: ${{ steps.meta-test.outputs.tags }}
46+
labels: ${{ steps.meta-test.outputs.labels }}
47+
48+
- name: '[docker-hub] Docker login'
49+
if: github.event_name != 'pull_request' && github.actor != 'dependabot[bot]'
50+
uses: docker/login-action@v3
51+
with:
52+
username: ${{ secrets.DOCKER_HUB_USERNAME }}
53+
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
54+
55+
- name: '[docker-hub] Docker meta'
56+
id: meta-public
57+
if: github.event_name != 'pull_request' && github.actor != 'dependabot[bot]'
58+
uses: docker/metadata-action@v5
59+
with:
60+
images: |
61+
${{ env.PUBLIC_IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}
62+
tags: |
63+
type=ref,event=branch
64+
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
65+
type=semver,pattern={{version}}
66+
type=semver,pattern={{major}}.{{minor}}
67+
type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }}
68+
69+
- name: '[docker-hub] Docker build+push'
70+
uses: docker/build-push-action@v6
71+
if: github.event_name != 'pull_request' && steps.meta-public.outputs.tags != ''
72+
with:
73+
context: ${{ env.DOCKER_META_CONTEXT }}
74+
file: ${{ env.DOCKER_META_FILE }}
75+
platforms: ${{ env.DOCKER_META_PLATFORMS }}
76+
push: true
77+
tags: ${{ steps.meta-public.outputs.tags }}
78+
labels: ${{ steps.meta-public.outputs.labels }}

Dockerfile

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
# ---------- Builder stage ----------
2+
FROM node:24-alpine AS builder
3+
4+
WORKDIR /app
5+
6+
# Install dependencies
7+
COPY package.json package-lock.json* ./
8+
RUN npm install
9+
10+
# Copy source and build
11+
COPY . .
12+
RUN npm run build
13+
14+
15+
# ---------- Nginx (rootless) stage ----------
16+
FROM nginx:1-alpine
17+
18+
# Create non-root user and group
19+
RUN addgroup -S app && adduser -S app -G app
20+
21+
# Remove default nginx static content
22+
RUN rm -rf /usr/share/nginx/html/*
23+
24+
# Copy build output
25+
COPY --from=builder /app/dist /usr/share/nginx/html
26+
27+
# Custom nginx config (listening on 8080)
28+
COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
29+
30+
# Ensure permissions for non-root user
31+
RUN chown -R nginx:nginx /usr/share/nginx/html \
32+
&& chmod -R 755 /usr/share/nginx/html \
33+
&& chown -R nginx:nginx /var/cache/nginx \
34+
&& chown -R nginx:nginx /var/log/nginx \
35+
&& chown -R nginx:nginx /etc/nginx/conf.d
36+
RUN touch /var/run/nginx.pid \
37+
&& chown -R nginx:nginx /var/run/nginx.pid
38+
39+
# Run as non-root
40+
USER nginx
41+
42+
EXPOSE 8080
43+
44+
CMD ["nginx", "-g", "daemon off;"]

0 commit comments

Comments
 (0)