Update .github/workflows/build-and-push.yaml

2025-03-15 12:09:46 +00:00 · 2025-03-15 12:09:46 +00:00 · b09f1fd853
commit b09f1fd853
parent 8c27f2f322
1 changed files with 102 additions and 48 deletions
--- a/.github/workflows/build-and-push.yaml
+++ b/.github/workflows/build-and-push.yaml
@ -1,51 +1,105 @@
-name: ci
+# Stage 1 - Create yarn install skeleton layer
+FROM node:20.18.1 AS packages

-on: push
+WORKDIR /app
+COPY package.json yarn.lock ./

-jobs:
-  build:
-    runs-on: ubuntu-22.04
+COPY packages packages

-    steps:
-      -
-        name: Repository meta
-        id: repository
-        run: |
-          registry=${{ github.server_url }}
-          registry=${registry##http*://}
-          echo "registry=${registry}" >> "$GITHUB_OUTPUT"
-          echo "registry=${registry}"
-          repository="$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')"
-          echo "repository=${repository}" >> "$GITHUB_OUTPUT"
-          echo "repository=${repository}"
-      -
-        name: Docker meta
-        uses: docker/metadata-action@v5
-        id: docker
-        with:
-          images: ${{ steps.repository.outputs.registry }}/${{ steps.repository.outputs.repository }}
-      -
-        name: Login to registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ steps.repository.outputs.registry }}
-          username: ${{ secrets.PACKAGES_USER }}
-          password: ${{ secrets.PACKAGES_TOKEN }}
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          buildkitd-flags: '--allow-insecure-entitlement network.host'
-          driver-opts: network=host
-      -
-        name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          push: true
-          allow: network.host
-          network: host
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.docker.outputs.tags }}
+# Comment this out if you don't have any internal plugins
+COPY plugins plugins
+
+RUN find packages \! -name "package.json" -mindepth 2 -maxdepth 2 -exec rm -rf {} \+
+
+# Stage 2 - Install dependencies and build packages
+FROM node:20.18.1  AS build
+
+# Required for arm64
+RUN apt update -y
+RUN apt install -y python3 make gcc build-essential bash
+
+USER node
+WORKDIR /app
+
+COPY --from=packages --chown=node:node /app .
+
+RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \
+    yarn install --frozen-lockfile --network-timeout 600000
+
+COPY --chown=node:node . .
+
+RUN yarn tsc
+RUN yarn --cwd packages/backend build
+# If you have not yet migrated to package roles, use the following command instead:
+# RUN yarn --cwd packages/backend backstage-cli backend:bundle --build-dependencies
+
+RUN mkdir packages/backend/dist/skeleton packages/backend/dist/bundle \
+    && tar xzf packages/backend/dist/skeleton.tar.gz -C packages/backend/dist/skeleton \
+    && tar xzf packages/backend/dist/bundle.tar.gz -C packages/backend/dist/bundle
+
+# Stage 3 - Build the actual backend image and install production dependencies
+FROM node:20.18.1 
+
+# Install isolate-vm dependencies, these are needed by the @backstage/plugin-scaffolder-backend.
+# Install packages needed to get utility binaries
+RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
+    --mount=type=cache,target=/var/lib/apt,sharing=locked \
+    apt-get update && \
+    apt-get install -y --no-install-recommends python3 python3-pip python3-venv g++ build-essential ca-certificates curl
+
+RUN yarn config set python /usr/bin/python3
+
+# Add kubectl for the kube apply plugin.
+# Add cnoe-cli
+# Add mkdocs for the TechDocs plugin.
+RUN if test "$(uname -m)" = "x86_64"; \
+    then \
+      curl -L -o /usr/local/bin/kubectl https://dl.k8s.io/release/v1.29.9/bin/linux/amd64/kubectl; \
+    fi
+RUN if test "$(uname -m)" != "x86_64"; \
+    then \
+      curl -L -o /usr/local/bin/kubectl https://dl.k8s.io/release/v1.29.9/bin/linux/arm64/kubectl; \
+    fi
+RUN chmod +x /usr/local/bin/kubectl
+
+RUN curl -L -O https://github.com/cnoe-io/cnoe-cli/releases/download/v0.1.0/cnoe_Linux_x86_64.tar.gz && \
+    curl -L -O https://github.com/cnoe-io/cnoe-cli/releases/download/v0.1.0/checksums.txt && \
+    sha256sum -c --strict --status --ignore-missing checksums.txt && \
+    tar -xzf cnoe_Linux_x86_64.tar.gz && \
+    mv cnoe /usr/bin/cnoe-cli && \
+    chmod +x /usr/bin/cnoe-cli && \
+    rm checksums.txt cnoe_Linux_x86_64.tar.gz
+COPY ./cnoe-wrapper.sh /usr/bin/cnoe
+RUN chmod +x /usr/bin/cnoe
+
+ENV VIRTUAL_ENV=/opt/venv
+RUN python3 -m venv $VIRTUAL_ENV
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+RUN pip3 install 'mkdocs-techdocs-core==1.4.2'
+
+# From here on we use the least-privileged `node` user to run the backend.
+USER node
+
+# This should create the app dir as `node`.
+# If it is instead created as `root` then the `tar` command below will
+# fail: `can't create directory 'packages/': Permission denied`.
+# If this occurs, then ensure BuildKit is enabled (`DOCKER_BUILDKIT=1`)
+# so the app dir is correctly created as `node`.
+WORKDIR /app
+
+# Copy the install dependencies from the build stage and context
+COPY --from=build --chown=node:node /app/yarn.lock /app/package.json /app/packages/backend/dist/skeleton/ ./
+
+RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \
+    yarn install --frozen-lockfile --production --network-timeout 600000
+
+# Copy the built packages from the build stage
+COPY --from=build --chown=node:node /app/packages/backend/dist/bundle/ ./
+
+# Copy any other files that we need at runtime
+COPY --chown=node:node app-config.yaml ./
+
+# This switches many Node.js dependencies to production mode.
+ENV NODE_ENV production
+
+CMD ["node", "packages/backend", "--config", "app-config.yaml"]