Skip to content

Commit

Permalink
Add dockerfile & github action
Browse files Browse the repository at this point in the history
  • Loading branch information
s-a-tanjim committed Feb 13, 2024
1 parent 6ff9853 commit 81aeb76
Show file tree
Hide file tree
Showing 5 changed files with 205 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
.git
.env
.github
81 changes: 81 additions & 0 deletions .github/workflows/ecr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# This workflow will be triggered by an external file.
# This workflow is used to upload the build image to ECR
name: No, Not this one.

on:
workflow_call:
inputs:
IMAGE_TAG:
description: Tag of build image
required: true
type: string
build_env:
description: Build Environment
required: true
type: string
AWS_REGION:
description: AWS Region where image will be pushed
type: string
required: true
ROLE_ARN:
description: AWS Role ARN
required: true
type: string
REPOSITORY:
description: ECR Repository name where image will be pushed
required: true
type: string


jobs:
build:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read

steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: ${{ inputs.IMAGE_TAG }}
path: /tmp

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ inputs.ROLE_ARN }}
aws-region: ${{ inputs.AWS_REGION }}

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Load & Re-Tag Docker Image
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.REPOSITORY }}
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
run: |
docker load --input /tmp/$IMAGE_TAG.tar
docker tag $IMAGE_TAG $REGISTRY/$REPOSITORY:$IMAGE_TAG
- name: Push docker image to Amazon ECR
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: ${{ inputs.REPOSITORY }}
IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
run: |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
- name: Scan Docker image
id: docker-scan
continue-on-error: true
uses: alexjurkiewicz/[email protected]
with:
repository: ${{ inputs.REPOSITORY }}
tag: ${{ inputs.IMAGE_TAG }}
fail_threshold: high

- name: Show Scan Result
run: echo "${{ steps.docker-scan.outputs.total }} total vulnerabilities."
91 changes: 91 additions & 0 deletions .github/workflows/publish-image.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
name: Build & Publish CAXE to ECR

on:
push:
# branches: [ "main" ]
tags:
- "v*"
workflow_dispatch:
inputs:
branch_name:
description: Branch to build from
default: main
required: true

env:
ECR_REPO: caxe

jobs:
build_image:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.branch_name }}

- name: Set tag as release version
if: startsWith(github.ref, 'refs/tags/v')
run: echo $GITHUB_REF | grep -oP 'refs/tags/\K.*' | sed 's/^/RELEASE_VERSION=/' >> $GITHUB_ENV

- name: Set git hash as release version
if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
run: |
GIT_HASH=$(git rev-parse HEAD)
echo RELEASE_VERSION=${GIT_HASH:0:7} >> $GITHUB_ENV
- name: Set Output
id: build_job_output
run: |
echo "RELEASE_VERSION=${{ env.RELEASE_VERSION }}" >> $GITHUB_OUTPUT
echo "ECR_REPO=${{ env.ECR_REPO }}" >> $GITHUB_OUTPUT
- name: Build Docker Image
env:
IMAGE_TAG: ${{ env.RELEASE_VERSION }}
run: |
docker build --file Dockerfile -t $IMAGE_TAG .
docker save -o /tmp/$IMAGE_TAG.tar $IMAGE_TAG
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ env.RELEASE_VERSION }}
path: /tmp/${{ env.RELEASE_VERSION }}.tar
retention-days: 1
outputs:
ECR_REPO: ${{ steps.build_job_output.outputs.ECR_REPO }}
RELEASE_VERSION: ${{ steps.build_job_output.outputs.RELEASE_VERSION }}


dev_ecr_publish:
needs: build_image
# if: github.event_name == 'workflow_dispatch'
uses: ./.github/workflows/ecr.yml
with:
build_env: dev
AWS_REGION: ${{ vars.DEV_AWS_REGION }}
ROLE_ARN: ${{ vars.DEV_ROLE_ARN }}
IMAGE_TAG: ${{ needs.build_image.outputs.RELEASE_VERSION }}
REPOSITORY: ${{ needs.build_image.outputs.ECR_REPO }}

stage_ecr_publish:
needs: build_image
if: ${{ (startsWith(github.ref, 'refs/tags/v')) && (vars.STAGE_ROLE_ARN != '') }}
uses: ./.github/workflows/ecr.yml
with:
build_env: stage
AWS_REGION: ${{ vars.STAGE_AWS_REGION }}
ROLE_ARN: ${{ vars.STAGE_ROLE_ARN }}
IMAGE_TAG: ${{ needs.build_image.outputs.RELEASE_VERSION }}
REPOSITORY: ${{ needs.build_image.outputs.ECR_REPO }}

prod_ecr_publish:
needs: build_image
if: ${{ (startsWith(github.ref, 'refs/tags/v')) && (vars.PROD_ROLE_ARN != '') }}
uses: ./.github/workflows/ecr.yml
with:
build_env: prod
AWS_REGION: ${{ vars.PROD_AWS_REGION }}
ROLE_ARN: ${{ vars.PROD_ROLE_ARN }}
IMAGE_TAG: ${{ needs.build_image.outputs.RELEASE_VERSION }}
REPOSITORY: ${{ needs.build_image.outputs.ECR_REPO }}
29 changes: 29 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
FROM python:3.10.13-alpine3.18 as base-image
FROM base-image as builder

RUN apk add bash patch libsodium-dev linux-headers git gcc musl-dev rustup
RUN rustup-init -y && source $HOME/.cargo/env
ENV PATH="/root/.cargo/bin:${PATH}"
RUN python -m pip install --upgrade pip

WORKDIR /app
COPY . .
RUN pip install -r requirements.txt



FROM base-image
RUN apk update && apk upgrade && apk add bash patch libsodium-dev jq linux-headers
ENV PYTHONUNBUFFERED=1
ENV PYTHONIOENCODING=UTF-8

COPY --from=builder /usr /usr

RUN addgroup --system --gid 1001 caxe \
&& adduser --system --uid 1001 --disabled-password --shell /bin/false -G caxe caxe
USER caxe

COPY --from=builder --chown=caxe:caxe /app /app
RUN chmod +x /app/scripts/start.sh

CMD /app/scripts/start.sh
2 changes: 1 addition & 1 deletion setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
],
python_requires='>=3.10.3',
install_requires=[
'keri @ git+https://[email protected]/provenant-dev/keripy.git@prod',
'keri @ git+https://[email protected]/provenant-dev/keripy.git@main',
'hio>=0.6.8',
'multicommand>=1.0.0',
'arelle-release>=1.0.0',
Expand Down

0 comments on commit 81aeb76

Please sign in to comment.