Use a registry for storing docker frontend image

jolicode · Jul 1, 2023 · 475ea08 · 475ea08
1 parent 66167bd
commit 475ea08
Show file tree

Hide file tree

Showing 15 changed files with 115 additions and 30 deletions.
diff --git a/.castor/infra.php b/.castor/infra.php
@@ -79,32 +79,44 @@ function destroy(
 
     docker_compose(['down', '--remove-orphans', '--volumes', '--rmi=local'], withBuilder: true);
     $files = finder()
-        ->in(variable('root_dir') . '/infrastructure/docker/services/router/etc/ssl/certs/')
+        ->in(variable('root_dir') . '/infrastructure/docker/services/router/certs/')
         ->name('*.pem')
         ->files()
     ;
     fs()->remove($files);
 }
 
+#[AsTask(description: 'Push images to the registry')]
+function push(): void
+{
+    docker_compose(['push'], withBuilder: true);
+}
+
+#[AsTask(description: 'Pull images from the registry')]
+function pull(): void
+{
+    docker_compose(['pull'], withBuilder: true);
+}
+
 #[AsTask(description: 'Generates SSL certificates (with mkcert if available or self-signed if not)')]
 function generate_certificates(
     #[AsOption(description: 'Force the certificates re-generation without confirmation', shortcut: 'f')]
     bool $force = false,
 ): void {
-    if (file_exists(variable('root_dir') . '/infrastructure/docker/services/router/etc/ssl/certs/cert.pem') && !$force) {
+    if (file_exists(variable('root_dir') . '/infrastructure/docker/services/router/certs/cert.pem') && !$force) {
         io()->comment('SSL certificates already exists.');
         io()->note('Run "castor infra:generate-certificates --force" to generate new certificates.');
 
         return;
     }
 
     if ($force) {
-        if (file_exists($f = variable('root_dir') . '/infrastructure/docker/services/router/etc/ssl/certs/cert.pem')) {
-            io()->comment('Removing existing certificates in infrastructure/docker/services/router/etc/ssl/certs/*.pem.');
+        if (file_exists($f = variable('root_dir') . '/infrastructure/docker/services/router/certs/cert.pem')) {
+            io()->comment('Removing existing certificates in infrastructure/docker/services/router/certs/*.pem.');
             unlink($f);
         }
 
-        if (file_exists($f = variable('root_dir') . '/infrastructure/docker/services/router/etc/ssl/certs/key.pem')) {
+        if (file_exists($f = variable('root_dir') . '/infrastructure/docker/services/router/certs/key.pem')) {
             unlink($f);
         }
     }
@@ -125,8 +137,8 @@ function generate_certificates(
 
         run([
             'mkcert',
-            '-cert-file', 'infrastructure/docker/services/router/etc/ssl/certs/cert.pem',
-            '-key-file', 'infrastructure/docker/services/router/etc/ssl/certs/key.pem',
+            '-cert-file', 'infrastructure/docker/services/router/certs/cert.pem',
+            '-key-file', 'infrastructure/docker/services/router/certs/key.pem',
             $rootDomain,
             "*.{$rootDomain}",
             ...variable('extra_domains'),
@@ -141,9 +153,9 @@ function generate_certificates(
         return;
     }
 
-    run(['infrastructure/docker/services/router/generate-ssl.sh']);
+    run(['infrastructure/docker/services/router/generate-ssl.sh'], quiet: true);
 
-    io()->success('Successfully generated self-signed SSL certificates in infrastructure/docker/services/router/etc/ssl/certs/*.pem.');
+    io()->success('Successfully generated self-signed SSL certificates in infrastructure/docker/services/router/certs/*.pem.');
     io()->comment('Consider installing mkcert to generate locally trusted SSL certificates and run "castor infra:generate-certificates --force".');
 
     if ($force) {

diff --git a/.castor/utils.php b/.castor/utils.php
@@ -98,8 +98,12 @@ function create_default_context(): Context
         $data['user_id'] = 1000;
     }
 
-    // @phpstan-ignore-next-line
-    return new Context($data, pty: 'dev' === $data['env']);
+    return new Context(
+        // @phpstan-ignore-next-line
+        $data,
+        pty: 'dev' === $data['env'],
+        environment: create_default_environment(),
+    );
 }
 
 function docker_compose_run(
@@ -158,7 +162,7 @@ function docker_compose(array $subCommand, Context $c = null, bool $withBuilder
             'PROJECT_DOMAINS' => $domains,
             'COMPOSER_CACHE_DIR' => variable('composer_cache_dir'),
             'PHP_VERSION' => variable('php_version'),
-        ], false)
+        ], true)
     ;
 
     $command = [

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,15 +10,25 @@ name: Continuous Integration
 
 permissions:
     contents: read
+    packages: write # Required for fetching docker images from a PR!
 
 jobs:
     ci:
         name: Continuous Integration
         runs-on: ubuntu-latest
         env:
             BUILDKIT_PROGRESS: plain
+            DOCKER_BUILDKIT: 1
             CI: 1
         steps:
+            -
+                name: Log in to the Container registry
+                uses: docker/login-action@v2
+                with:
+                    registry: 'ghcr.io'
+                    username: ${{ github.actor }}
+                    password: ${{ secrets.GITHUB_TOKEN }}
+
             -
                 uses: actions/checkout@v3
 
@@ -31,7 +41,7 @@ jobs:
 
             -
                 name: 'Build and start the infrastructure'
-                run: castor start
+                run: castor start -vvv
 
             -
                 name: 'Run PHP-CS-Fixer'

diff --git a/.gitignore b/.gitignore
@@ -26,4 +26,4 @@
 /.castor.stub.php
 /infrastructure/docker/.env
 /infrastructure/docker/docker-compose.override.yml
-/infrastructure/docker/services/router/etc/ssl/certs/*
+/infrastructure/docker/services/router/certs/*
diff --git a/castor.php b/castor.php
@@ -24,11 +24,27 @@ function create_default_variables(): array
     ];
 }
 
+/**
+ * @return array<string, mixed>
+ */
+function create_default_environment(): array
+{
+    return [
+        'BUILDER_VERSION' => 'latest',
+        'FRONTEND_VERSION' => 'latest',
+        'ROUTER_VERSION' => 'latest',
+    ];
+}
+
 #[AsTask(description: 'Builds and starts the infrastructure, then install the application (composer, yarn, ...)')]
-function start(): void
+function start($build = false): void
 {
     infra\generate_certificates(false);
-    infra\build();
+    if ($build) {
+        infra\build();
+    } else {
+        infra\pull();
+    }
     infra\up();
     cache_clear();
     install();

diff --git a/infrastructure/docker/docker-compose.builder.yml b/infrastructure/docker/docker-compose.builder.yml
@@ -5,19 +5,19 @@ volumes:
 
 services:
     builder:
+        image: "ghcr.io/jolicode/monologue/builder:${BUILDER_VERSION:-latest}"
         build:
             context: services/php
             target: builder
+            # cache_to:
+            #     - "ghcr.io/jolicode/monologue/builder:${BUILDER_VERSION:-latest}"
+            # cache_from:
+            #     - "ghcr.io/jolicode/monologue/builder:${BUILDER_VERSION:-latest}"
         depends_on:
             - postgres
         environment:
             - COMPOSER_MEMORY_LIMIT=-1
-            # The following list contains the common environment variables exposed by CI platforms
             - GITHUB_ACTIONS
-            - CI # Travis CI, CircleCI, Cirrus CI, Gitlab CI, Appveyor, CodeShip, dsari
-            - CONTINUOUS_INTEGRATION # Travis CI, Cirrus CI
-            - BUILD_NUMBER # Jenkins, TeamCity
-            - RUN_ID # TaskCluster, dsari
         volumes:
             - "../../${PROJECT_DIRECTORY}:/home/app/application:cached"
             - "${COMPOSER_CACHE_DIR}:/home/app/.composer/cache"

diff --git a/infrastructure/docker/docker-compose.yml b/infrastructure/docker/docker-compose.yml
@@ -5,15 +5,27 @@ volumes:
 
 services:
     router:
-        build: services/router
+        image: "ghcr.io/jolicode/monologue/router:${ROUTER_VERSION:-latest}"
+        build:
+            context: services/router
+            # cache_to:
+            #     - "ghcr.io/jolicode/monologue/router:${ROUTER__VERSION:-latest}"
+            # cache_from:
+            #     - "ghcr.io/jolicode/monologue/router:${ROUTER__VERSION:-latest}"
         volumes:
             - "/var/run/docker.sock:/var/run/docker.sock"
+            - "./services/router/certs:/etc/ssl/certs"
         network_mode: host
 
     frontend:
+        image: "ghcr.io/jolicode/monologue/frontend:${FRONTEND_VERSION:-latest}"
         build:
             context: services/php
             target: frontend
+            # cache_to:
+            #     - "ghcr.io/jolicode/monologue/frontend:${FRONTEND_VERSION:-latest}"
+            # cache_from:
+            #     - "ghcr.io/jolicode/monologue/frontend:${FRONTEND_VERSION:-latest}"
         depends_on:
             - postgres
         volumes:
@@ -29,7 +41,7 @@ services:
             - "traefik.http.routers.${PROJECT_NAME}-frontend-unsecure.middlewares=redirect-to-https@file"
 
     postgres:
-        build: services/postgres
+        image: postgres:15.2
         environment:
             POSTGRES_PASSWORD: monologue
             POSTGRES_USER: monologue

diff --git a/infrastructure/docker/services/php/Dockerfile b/infrastructure/docker/services/php/Dockerfile
@@ -1,5 +1,7 @@
 FROM debian:11.7-slim as php-base
 
+LABEL org.opencontainers.image.source https://github.com/jolicode/monologue
+
 RUN apt-get update \
     && apt install -y --no-install-recommends \
         curl \
@@ -33,14 +35,19 @@ RUN apt-get update \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /usr/share/doc/*
 
 # Fake user to maps with the one on the host
+COPY entrypoint /
 ARG USER_ID
 RUN addgroup --gid 1000 app && \
-    adduser --system --uid $USER_ID --home /home/app --shell /bin/bash app
+    adduser --system --uid $USER_ID --home /home/app --shell /bin/bash app && \
+    wget -O- https://github.com/tianon/gosu/releases/download/1.12/gosu-amd64 | \
+        install /dev/stdin /usr/local/bin/gosu && \
+    sed "s/{{ application_user_id }}/$USER_ID/g" -i /entrypoint
 
 # Configuration
 COPY base/php-configuration /etc/php/${PHP_VERSION}
 
 WORKDIR /home/app/application
+ENTRYPOINT [ "/entrypoint" ]
 
 FROM php-base as frontend
 

diff --git a/infrastructure/docker/services/php/entrypoint b/infrastructure/docker/services/php/entrypoint
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+set -e
+set -u
+
+: "${UID:=0}"
+: "${GID:=${UID}}"
+
+if [ "$#" = 0 ]; then
+    echo "A"
+    set -- "$(command -v bash 2>/dev/null || command -v sh)" -l
+fi
+
+if [ "$UID" != 0 ]; then
+    usermod -u "$UID" "{{ application_user_id }}" 2>/dev/null && {
+        groupmod -g "$GID" "{{ application_user_id }}" 2>/dev/null ||
+        usermod -a -G "$GID" "{{ application_user_id }}"
+    }
+    set -- gosu "${UID}:${GID}" "${@}"
+fi
+
+exec "$@"
diff --git a/infrastructure/docker/services/postgres/Dockerfile b/infrastructure/docker/services/postgres/Dockerfile
diff --git a/infrastructure/docker/services/router/Dockerfile b/infrastructure/docker/services/router/Dockerfile
@@ -1,3 +1,7 @@
 FROM traefik:v2.7
 
-COPY etc/. /etc/
+LABEL org.opencontainers.image.source https://github.com/jolicode/monologue
+
+COPY traefik /etc/traefik
+
+VOLUME [ "/etc/ssl/certs" ]
diff --git a/infrastructure/docker/services/router/certs/.gitignore b/infrastructure/docker/services/router/certs/.gitignore
diff --git a/infrastructure/docker/services/router/generate-ssl.sh b/infrastructure/docker/services/router/generate-ssl.sh
@@ -4,9 +4,10 @@
 
 BASE=$(dirname $0)
 
-rm -rf mkdir $BASE/certs/
 
-CERTS_DIR=$BASE/etc/ssl/certs
+CERTS_DIR=$BASE/certs
+
+rm -rf mkdir $CERTS_DIR
 
 mkdir -p $CERTS_DIR
 

diff --git a/...ices/router/etc/traefik/dynamic_conf.yaml → ...services/router/traefik/dynamic_conf.yaml b/...ices/router/etc/traefik/dynamic_conf.yaml → ...services/router/traefik/dynamic_conf.yaml
diff --git a/.../services/router/etc/traefik/traefik.yaml → ...cker/services/router/traefik/traefik.yaml b/.../services/router/etc/traefik/traefik.yaml → ...cker/services/router/traefik/traefik.yaml