merge master to azure deployment

.github/workflows/prod-deploy.yml

@@ -0,0 +1,82 @@
+name: prod deploy azure
+
+on:
+  push:
+    branches:
+      - containerapp_deploy
+  workflow_dispatch:
+
+env:
+  ACR_NAME: corecontainers
+  IMAGE_NAME: core-frontend-reader
+  RESOURCE_GROUP: core-frontend
+  CONTAINERAPP_NAME: core-frontend-reader
+  NODE_ENV: production
+  SENTRY_DSN: https://[email protected]/1806836
+  PORT: 8080
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    environment: azure
+    outputs:
+      tag: ${{ steps.vars.outputs.tag }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Set Git SHA tag
+        id: vars
+        run: echo "tag=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
+
+      - name: ACR Login
+        run: az acr login --name ${{ env.ACR_NAME }}
+
+      - name: Docker Build and Tag
+        run: |
+          docker build \
+            --build-arg GA_TRACKING_CODE=${{ secrets.GA_TRACKING_CODE }} \
+            --build-arg NPM_TOKEN=${{ secrets.NPM_TOKEN }} \
+            -t ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.tag }} \
+            -t ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:latest \
+            .
+      - name: Docker Push
+        run: |
+          docker push ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.tag }}
+          docker push ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:latest
+  deploy:
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    environment: azure
+
+    steps:
+      - name: Azure Login
+        uses: azure/login@v1
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      - name: Set image tag from build job
+        run: echo "TAG=${{ needs.build-and-push.outputs.tag }}" >> $GITHUB_ENV
+
+      - name: Deploy to Azure Container App
+        run: |
+          az containerapp update \
+            --name ${{ env.CONTAINERAPP_NAME }} \
+            --resource-group ${{ env.RESOURCE_GROUP }} \
+            --image ${{ env.ACR_NAME }}.azurecr.io/${{ env.IMAGE_NAME }}:${{ env.TAG }} \
+            --container-name ${{ env.IMAGE_NAME }} \
+            --set configuration.ingress.targetPort=${{ env.PORT }}

.npmrc

@@ -1,2 +1,9 @@
 //npm.pkg.github.com/:_authToken=${NPM_TOKEN}
 @oacore:registry=https://npm.pkg.github.com
+
+# Configure npm for better native dependency handling
+sharp_binary_host=https://github.com/lovell/sharp/releases/download
+sharp_libvips_binary_host=https://github.com/lovell/sharp-libvips/releases/download
+
+# Ensure native dependencies are properly handled
+legacy-peer-deps=true

csp.config.js

@@ -7,7 +7,12 @@ const PRODUCTION = '*.core.ac.uk core.ac.uk'
 const config = {
   'default-src': [SELF, PRODUCTION],
   // PDF.js worker sadly uses unsafe-eval
-  'script-src': [SELF, '*.google-analytics.com', "'unsafe-eval'", '*.googletagmanager.com'],
+  'script-src': [
+    SELF,
+    '*.google-analytics.com',
+    "'unsafe-eval'",
+    '*.googletagmanager.com',
+  ],
   'style-src': [
     SELF,
     'fonts.googleapis.com',

next.config.js

@@ -23,6 +23,11 @@ const nextConfig = {
   },
   assetPrefix: helpers.getAssetPath('', process.env.BUILD_TARGET),
 
+  // Fix for sharp package in CI
+  experimental: {
+    esmExternals: false,
+  },
+
   async headers() {
     return [
       {
@@ -93,6 +98,16 @@ const nextConfig = {
       'react-dom': path.join(__dirname, 'node_modules', 'react-dom'),
     })
 
+    // Handle native dependencies
+    if (config.externals) {
+      config.externals = config.externals.filter((external) => {
+        if (typeof external === 'function') return true
+
+        // Don't externalize sharp
+        return external !== 'sharp'
+      })
+    }
+
     // TODO: Remove once https://github.com/zeit/next-plugins/blob/master/packages/next-workers/index.js#L20 is released
     config.output.globalObject = 'self'
     return config