Merge pull request #1121 from CalebSLane/develop

Further improve docker builds and add dev dockerfile to OpenELIS

.github/workflows/frontend-qa.yml

@@ -1,9 +1,9 @@
 name: OpenELis Frontend QA framework workflow
 on:
   push:
-    branches: [ develop]
+    branches: [develop]
   pull_request:
-    branches: [develop]  
+    branches: [develop]
   workflow_dispatch:
 jobs:
   build-and-run-qa-tests:
@@ -12,20 +12,21 @@ jobs:
       - name: Checkout OpenELIS-Global2
         uses: actions/checkout@v2
         with:
-         repository: ${{github.repository}} 
-
-      - name: Run OpenELS image 
-        run : docker-compose -f build.docker-compose.yml up -d     
-
-      - name: Sleep for 2 minutes 
+          repository: ${{github.repository}}
+          submodules: recursive
+
+      - name: Run OpenELS image
+        run: docker-compose -f build.docker-compose.yml up -d
+
+      - name: Sleep for 2 minutes
         run: sleep 2m
-        shell: bash   
+        shell: bash
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
         with:
           node-version: 14.x
-           
+
       - name: Install dependencies
         run: npm install
         working-directory: frontend
@@ -37,5 +38,3 @@ jobs:
       - name: Run Frontend Qa Workflow
         run: npx cypress run –headless
         working-directory: frontend
-
-

.github/workflows/publish-and-test.yml

@@ -19,6 +19,90 @@ env:
   DOCKER_TEST_NAME: ${{ vars.DOCKERHUB_USERNAME }}/openelis-global-2-test
 
 jobs:
+  build-and-push-image-backend-dev:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+        # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_NAME }}-dev
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile.dev
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.DOCKER_TEST_NAME }}:buildcache-dev
+          cache-to: type=registry,ref=${{ env.DOCKER_TEST_NAME }}:buildcache-dev,mode=max
+          build-args: SKIP_SPOTLESS=true
+
+  build-and-push-image-frontend-dev:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+        # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_NAME }}-frontend-dev
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: ./frontend
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache-dev
+          cache-to: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache-dev,mode=max
+
   build-and-push-test-image-backend:
     runs-on: ubuntu-latest
     permissions:
@@ -27,6 +111,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
         # Add support for more platforms with QEMU (optional)
         # https://github.com/docker/setup-qemu-action
@@ -79,7 +165,6 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: Log in to the Container registry
-        if: github.event_name == 'push'
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
@@ -93,7 +178,6 @@ jobs:
           images: ${{ env.DOCKER_TEST_NAME }}-frontend
 
       - name: Build and push Docker image
-        if: github.event_name == 'push'
         uses: docker/build-push-action@v5
         with:
           context: ./frontend
@@ -104,14 +188,6 @@ jobs:
           cache-from: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache
           cache-to: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache,mode=max
 
-      - name: Build Docker image
-        if: github.event_name == 'pull_request'
-        uses: docker/build-push-action@v5
-        with:
-          context: ./frontend
-          file: ./frontend/Dockerfile.prod
-          push: false
-
   run-e2e-qa:
     needs:
       [build-and-push-test-image-backend, build-and-push-test-image-frontend]
@@ -143,6 +219,8 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
+        with:
+          submodules: recursive
 
         # Add support for more platforms with QEMU (optional)
         # https://github.com/docker/setup-qemu-action
@@ -218,44 +296,3 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache
           cache-to: type=registry,ref=${{ env.DOCKER_TEST_NAME }}-frontend:buildcache,mode=max
-
-
-  build-and-push-image-frontend-dev:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-        # Add support for more platforms with QEMU (optional)
-        # https://github.com/docker/setup-qemu-action
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.DOCKER_NAME }}-frontend-dev
-
-      - name: Build and push Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: ./frontend
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=registry,ref=${{ env.DOCKER_TEST_NAME }}:buildcache-dev
-          cache-to: type=registry,ref=${{ env.DOCKER_TEST_NAME }}:buildcache-dev,mode=max

Dockerfile

@@ -16,17 +16,10 @@ RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
 ADD ./pom.xml /build/pom.xml
 ADD ./tools /build/tools
 ADD ./src /build/src
-ADD ./dev /build/dev
+ADD ./dataexport /build/dataexport
 
 WORKDIR /build
 
-##
-# Checkout Dependencies
-#
-# this ensures caching isn't used if there's a change in the dataexport
-ADD https://api.github.com/repos/I-TECH-UW/dataexport/git/refs/heads/master version.json 
-RUN git clone https://github.com/I-TECH-UW/dataexport.git /build/dataexport
-
 # OE Default Password
 ARG DEFAULT_PW="adminADMIN!"
 ADD ./install/createDefaultPassword.sh /build/install/createDefaultPassword.sh

Dockerfile.dev

@@ -0,0 +1,115 @@
+##
+# Build Stage
+#
+FROM maven:3-jdk-11 as build
+
+RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked \
+    --mount=target=/var/cache/apt,type=cache,sharing=locked \
+    rm -f /etc/apt/apt.conf.d/docker-clean \
+    && apt-get -y update \
+    && apt-get -y --no-install-recommends install \
+    git apache2-utils 
+
+##
+# Copy Source Code
+#
+ADD ./pom.xml /build/pom.xml
+ADD ./tools /build/tools
+ADD ./src /build/src
+ADD ./dataexport /build/dataexport
+
+WORKDIR /build
+
+# OE Default Password
+ARG DEFAULT_PW="adminADMIN!"
+ADD ./install/createDefaultPassword.sh /build/install/createDefaultPassword.sh
+RUN ./install/createDefaultPassword.sh -c -p ${DEFAULT_PW}
+
+##
+# Build DataExport
+#
+WORKDIR /build/dataexport/dataexport-core
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn dependency:go-offline 
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn clean install -DskipTests
+WORKDIR /build/dataexport/
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn dependency:go-offline 
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn clean install -DskipTests
+
+WORKDIR /build
+
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn dependency:go-offline 
+
+RUN --mount=type=cache,target=/root/.m2,sharing=locked \
+    mvn clean install -DskipTests -Dspotless.check.skip=true
+
+##
+# Run Stage
+#
+FROM tomcat:8.5-jdk11
+
+ADD install/createDefaultPassword.sh ./
+
+
+#Clean out unneccessary files from tomcat (especially pre-existing applications) 
+RUN rm -rf /usr/local/tomcat/webapps/* \ 
+    /usr/local/tomcat/conf/Catalina/localhost/manager.xml
+
+#Deploy the war into tomcat image and point root to it
+ADD install/tomcat-resources/ROOT.war /usr/local/tomcat/webapps/ROOT.war
+COPY --from=build /build/target/OpenELIS-Global.war /usr/local/tomcat/webapps/OpenELIS-Global.war
+
+#rewrite cataline.properties with our catalina.properties so it contains:
+#    org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
+#    org.apache.catalina.connector.RECYCLE_FACADES=true
+#    org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=false
+#    org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=false
+#    org.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=false
+ADD install/tomcat-resources/catalina.properties /usr/local/tomcat/conf/catalina.properties
+ADD install/tomcat-resources/logging.properties /usr/local/tomcat/conf/logging.properties
+
+#replace ServerInfo.properties with a less informative one
+RUN mkdir -p /usr/local/tomcat/lib/org/apache/catalina/util
+ADD install/tomcat-resources/ServerInfo.properties /usr/local/tomcat/lib/org/apache/catalina/util/ServerInfo.properties 
+
+#restrict files
+#GID AND UID must be kept the same as setupTomcat.sh (if using default certificate group)
+RUN groupadd tomcat; \
+    groupadd tomcat-ssl-cert -g 8443; \ 
+    useradd -M -s /bin/bash -u 8443 tomcat_admin; \
+    usermod -a -G tomcat,tomcat-ssl-cert tomcat_admin; \
+    chown -R tomcat_admin:tomcat $CATALINA_HOME; \
+    chmod g-w,o-rwx $CATALINA_HOME; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf; \
+    chmod o-rwx $CATALINA_HOME/logs; \
+    chmod o-rwx $CATALINA_HOME/temp; \
+    chmod g-w,o-rwx $CATALINA_HOME/bin; \
+    chmod g-w,o-rwx $CATALINA_HOME/webapps; \
+    chmod 770 $CATALINA_HOME/conf/catalina.policy; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/catalina.properties; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/context.xml; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/logging.properties; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/server.xml; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/tomcat-users.xml; \
+    chmod g-w,o-rwx $CATALINA_HOME/conf/web.xml
+
+ADD install/openelis_healthcheck.sh /healthcheck.sh
+RUN chown tomcat_admin:tomcat /healthcheck.sh; \
+    chmod 770 /healthcheck.sh;  
+
+ADD install/docker-entrypoint.sh /docker-entrypoint.sh
+RUN chown tomcat_admin:tomcat /docker-entrypoint.sh; \
+    chmod 770 /docker-entrypoint.sh;
+
+RUN mkdir -p /var/lib/lucene_index; \
+    chown -R tomcat_admin:tomcat /var/lib/lucene_index; \
+    chmod -R 770 /var/lib/lucene_index;
+
+USER tomcat_admin
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+