Finally make the Docker build work

2025-12-06 16:38:19 +01:00 · 2024-04-06 20:13:09 -10:00 · 2024-04-06 20:13:09 -10:00 · e88c5f3fd0
parent b580d1a24a
commit e88c5f3fd0
5 changed files with 251 additions and 198 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@ -1,96 +1,152 @@
-name: Build and publish Docker image
+name: Docker
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 on:
    schedule:
        - cron: "22 5 * * *"
    push:
        branches: ["main"]
        # Publish semver tags as releases.
        tags: ["v*.*.*"]
    pull_request:
-        branches: ["main"]
+        branches: ["*"]
    workflow_dispatch:
        inputs:
            tag:
                description: "Tag"
                required: false
                default: "v0.0.0"
 env:
    # Use docker.io for Docker Hub if empty
    REGISTRY: ghcr.io
    # github.repository as <account>/<repo>
    IMAGE_NAME: ${{ github.repository }}
 jobs:
    build:
-        runs-on: ubuntu-latest
+        name: Build for ${{ matrix.platform }}
        runs-on: ${{ matrix.os }}
        environment:
            name: Production
        strategy:
            fail-fast: false
            matrix:
                include:
                    - os: [self-hosted]
                      platform: linux/arm64
                    - os: ubuntu-latest
                      platform: linux/amd64
        permissions:
            contents: read
            packages: write
            # This is used to complete the identity challenge
            # with sigstore/fulcio when running outside of PRs.
            id-token: write
        steps:
            - name: Prepare
              run: |
                  platform=${{ matrix.platform }}
                  echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
                  echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}" >> $GITHUB_ENV
            - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@v4
-            # Install the cosign tool except on PR
+            - name: Set up QEMU
-            # https://github.com/sigstore/cosign-installer
+              uses: docker/setup-qemu-action@v3
            - name: Install cosign
              if: github.event_name != 'pull_request'
              uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
              with:
                  cosign-release: "v2.1.1"
-            # Set up BuildKit Docker container builder to be able to build
+            - name: Setup Docker buildx
-            # multi-platform images and export cache
+              uses: docker/setup-buildx-action@v3
            # https://github.com/docker/setup-buildx-action
            - name: Set up Docker Buildx
              uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
            # Login against a Docker registry except on PR
            # https://github.com/docker/login-action
            - name: Log into registry ${{ env.REGISTRY }}
              if: github.event_name != 'pull_request'
-              uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+              uses: docker/login-action@v3
              with:
                  registry: ${{ env.REGISTRY }}
                  username: ${{ github.actor }}
                  password: ${{ secrets.GITHUB_TOKEN }}
            # Extract metadata (tags, labels) for Docker
            # https://github.com/docker/metadata-action
            - name: Extract Docker metadata
              id: meta
-              uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+              uses: docker/metadata-action@v5
              with:
                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
            # Build and push Docker image with Buildx (don't push on PR)
            # https://github.com/docker/build-push-action
            - name: Build and push Docker image
-              id: build-and-push
+              id: build
-              uses: docker/build-push-action@v5.1.0
+              uses: docker/build-push-action@v5
              with:
                  context: .
-                  push: ${{ github.event_name != 'pull_request' }}
+                  file: Dockerfile
                  tags: ${{ steps.meta.outputs.tags }}
                  labels: ${{ steps.meta.outputs.labels }}
                  cache-from: type=gha
                  cache-to: type=gha,mode=max
                  platforms: ${{ matrix.platform }}
                  outputs: type=image,name=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
-            # Sign the resulting Docker image digest except on PRs.
+            - name: Export digest
-            # This will only write to the public Rekor transparency log when the Docker
+              run: |
-            # repository is public to avoid leaking data.  If you would like to publish
+                  mkdir -p /tmp/digests
-            # transparency data even for private images, pass --force to cosign below.
+                  digest="${{ steps.build.outputs.digest }}"
-            # https://github.com/sigstore/cosign
+                  touch "/tmp/digests/${digest#sha256:}"
-            - name: Sign the published Docker image
+            - name: Upload digest
-              if: ${{ github.event_name != 'pull_request' }}
+              uses: actions/upload-artifact@v4
-              env:
+              with:
-                  # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+                  name: digests-${{ env.PLATFORM_PAIR }}
-                  TAGS: ${{ steps.meta.outputs.tags }}
+                  path: /tmp/digests/*
-                  DIGEST: ${{ steps.build-and-push.outputs.digest }}
+                  if-no-files-found: error
-              # This step uses the identity token to provision an ephemeral certificate
+                  retention-days: 1
-              # against the sigstore community Fulcio instance.
+
-              run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+    merge:
        name: Merge digests
        runs-on: ubuntu-latest
        environment:
            name: Production
        needs:
            - build
        steps:
            - name: Prepare
              run: |
                  echo "IMAGE_NAME=${GITHUB_REPOSITORY@L}" >> $GITHUB_ENV
            - name: Download digests
              uses: actions/download-artifact@v4
              with:
                  path: /tmp/digests
                  pattern: digests-*
                  merge-multiple: true
            - name: Set up Docker Buildx
              uses: docker/setup-buildx-action@v3
            - name: Docker meta
              id: meta
              uses: docker/metadata-action@v5
              with:
                  images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
            - name: Login to Docker Hub
              uses: docker/login-action@v3
              with:
                  registry: ${{ env.REGISTRY }}
                  username: ${{ github.actor }}
                  password: ${{ secrets.GITHUB_TOKEN }}
            - name: Create manifest list and push
              working-directory: /tmp/digests
              run: |
                  docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
                    $(printf '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@sha256:%s ' *)
            - name: Inspect image
              run: |
                  docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
 #    deploy:
 #        name: Deploy
 #        runs-on: ubuntu-latest
 #        environment:
 #            name: Production
 #        needs:
 #            - merge
 #        steps:
 #            - name: Pull and restart container
 #              uses: appleboy/ssh-action@v1.0.3
 #              with:
 #                 host: ${{ secrets.HOST }}
 #                 username: ${{ secrets.USERNAME }}
 #                 key: ${{ secrets.KEY }}
 #                 passphrase: ${{ secrets.PASSPHRASE }}
 #                 script: docker compose -f /home/jessew/docker/lysand/docker-compose.yml pull && docker compose -f /home/jessew/docker/lysand/docker-compose.yml down && docker compose -f /home/jessew/docker/lysand/docker-compose.yml up -d
--- a/40
+++ b/40
@ -1,37 +1,39 @@
-# use the official Bun image
+# Use the official Bun image (Bun doesn't run well on Musl but this seems to work)
-# see all versions at https://hub.docker.com/r/oven/bun/tags
+# See all versions at https://hub.docker.com/r/oven/bun/tags
-FROM oven/bun:1.0.30-alpine as base
+FROM oven/bun:1.1.2-alpine as base
-WORKDIR /usr/src/app
+
 # Install dependencies into temp directory
 # This will cache them and speed up future builds
 FROM base AS install
 # Install with --production (exclude devDependencies)
 RUN mkdir -p /temp
 COPY . /temp
 WORKDIR /temp
 RUN bun install --frozen-lockfile
 FROM base as build
 # Required for Prisma to work
 # COPY --from=node:18-alpine /usr/local/bin/node /usr/local/bin/node
-# install dependencies into temp directory
+# Copy the project
 # this will cache them and speed up future builds
 FROM base AS install
 # install with --production (exclude devDependencies)
 RUN mkdir -p /temp
 COPY . /temp
-WORKDIR /temp
+# Copy dependencies
-RUN bun install --frozen-lockfile --production
+COPY --from=install /temp/node_modules /temp/node_modules
 # Build Vite in pages
 RUN bunx --bun vite build pages
 # Build the project
-RUN bun run build.ts
+WORKDIR /temp
-WORKDIR /temp/dist
+RUN bun run prod-build
 # copy production dependencies and source code into final image
 FROM base AS release
 # Create app directory
 RUN mkdir -p /app
-COPY --from=install /temp/dist /app/dist
+COPY --from=build /temp/dist /app/dist
 COPY entrypoint.sh /app
 LABEL org.opencontainers.image.authors "Gaspard Wierzbinski (https://cpluspatch.dev)"
 LABEL org.opencontainers.image.source "https://github.com/lysand-org/lysand"
 LABEL org.opencontainers.image.vendor "Lysand Org"
--- a/bun.lockb
+++ b/bun.lockb
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,22 +1,17 @@
 ---
 # Run `docker network create lysand-net` before running docker-compose up
 version: "3"
 services:
    lysand:
        image: ghcr.io/lysand-org/lysand:main
        volumes:
-            #- ./logs:/app/logs
+            - ./logs:/app/logs
            - ./config:/app/config
            - ./.env:/app/.env
            - ./uploads:/app/uploads
        restart: unless-stopped
        container_name: lysand
        networks:
            - lysand-net
    db:
-        build:
+        image: ghcr.io/lysand-org/postgres:main
            context: .
            dockerfile: Postgres.Dockerfile
        container_name: lysand-db
        restart: unless-stopped
        environment:
@ -28,7 +23,7 @@ services:
        volumes:
            - ./db-data:/var/lib/postgresql/data
    redis:
-        image: "redis:latest"
+        image: redis:latest
        container_name: lysand-redis
        volumes:
            - ./redis-data:/data
@ -50,4 +45,4 @@ services:
 networks:
    lysand-net:
-        external: true
+        internal: true
--- a/package.json
+++ b/package.json
@ -67,7 +67,7 @@
    "typescript": "latest",
    "unocss": "latest",
    "untyped": "^1.4.2",
-        "vite": "latest",
+    "vite": "^5.2.8",
    "vite-ssr": "^0.17.1",
    "vue": "^3.3.9",
    "vue-router": "^4.2.5",