From b66b6f953ae803f161c2ee2febbc885766534621 Mon Sep 17 00:00:00 2001 From: richardrobertreitz Date: Sat, 15 Mar 2025 12:11:11 +0000 Subject: [PATCH] Update .github/workflows/build-and-push.yaml --- .github/workflows/build-and-push.yaml | 150 +++++++++----------------- 1 file changed, 48 insertions(+), 102 deletions(-) diff --git a/.github/workflows/build-and-push.yaml b/.github/workflows/build-and-push.yaml index bb64a6a..9bb12b8 100644 --- a/.github/workflows/build-and-push.yaml +++ b/.github/workflows/build-and-push.yaml @@ -1,105 +1,51 @@ -# Stage 1 - Create yarn install skeleton layer -FROM node:20.18.1 AS packages +name: ci -WORKDIR /app -COPY package.json yarn.lock ./ +on: push -COPY packages packages +jobs: + build: + runs-on: ubuntu-22.04 -# Comment this out if you don't have any internal plugins -COPY plugins plugins - -RUN find packages \! -name "package.json" -mindepth 2 -maxdepth 2 -exec rm -rf {} \+ - -# Stage 2 - Install dependencies and build packages -FROM node:20.18.1 AS build - -# Required for arm64 -RUN apt update -y -RUN apt install -y python3 make gcc build-essential bash - -USER node -WORKDIR /app - -COPY --from=packages --chown=node:node /app . - -RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \ - yarn install --frozen-lockfile --network-timeout 600000 - -COPY --chown=node:node . . - -RUN yarn tsc -RUN yarn --cwd packages/backend build -# If you have not yet migrated to package roles, use the following command instead: -# RUN yarn --cwd packages/backend backstage-cli backend:bundle --build-dependencies - -RUN mkdir packages/backend/dist/skeleton packages/backend/dist/bundle \ - && tar xzf packages/backend/dist/skeleton.tar.gz -C packages/backend/dist/skeleton \ - && tar xzf packages/backend/dist/bundle.tar.gz -C packages/backend/dist/bundle - -# Stage 3 - Build the actual backend image and install production dependencies -FROM node:20.18.1 - -# Install isolate-vm dependencies, these are needed by the @backstage/plugin-scaffolder-backend. -# Install packages needed to get utility binaries -RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ - --mount=type=cache,target=/var/lib/apt,sharing=locked \ - apt-get update && \ - apt-get install -y --no-install-recommends python3 python3-pip python3-venv g++ build-essential ca-certificates curl - -RUN yarn config set python /usr/bin/python3 - -# Add kubectl for the kube apply plugin. -# Add cnoe-cli -# Add mkdocs for the TechDocs plugin. -RUN if test "$(uname -m)" = "x86_64"; \ - then \ - curl -L -o /usr/local/bin/kubectl https://dl.k8s.io/release/v1.29.9/bin/linux/amd64/kubectl; \ - fi -RUN if test "$(uname -m)" != "x86_64"; \ - then \ - curl -L -o /usr/local/bin/kubectl https://dl.k8s.io/release/v1.29.9/bin/linux/arm64/kubectl; \ - fi -RUN chmod +x /usr/local/bin/kubectl - -RUN curl -L -O https://github.com/cnoe-io/cnoe-cli/releases/download/v0.1.0/cnoe_Linux_x86_64.tar.gz && \ - curl -L -O https://github.com/cnoe-io/cnoe-cli/releases/download/v0.1.0/checksums.txt && \ - sha256sum -c --strict --status --ignore-missing checksums.txt && \ - tar -xzf cnoe_Linux_x86_64.tar.gz && \ - mv cnoe /usr/bin/cnoe-cli && \ - chmod +x /usr/bin/cnoe-cli && \ - rm checksums.txt cnoe_Linux_x86_64.tar.gz -COPY ./cnoe-wrapper.sh /usr/bin/cnoe -RUN chmod +x /usr/bin/cnoe - -ENV VIRTUAL_ENV=/opt/venv -RUN python3 -m venv $VIRTUAL_ENV -ENV PATH="$VIRTUAL_ENV/bin:$PATH" -RUN pip3 install 'mkdocs-techdocs-core==1.4.2' - -# From here on we use the least-privileged `node` user to run the backend. -USER node - -# This should create the app dir as `node`. -# If it is instead created as `root` then the `tar` command below will -# fail: `can't create directory 'packages/': Permission denied`. -# If this occurs, then ensure BuildKit is enabled (`DOCKER_BUILDKIT=1`) -# so the app dir is correctly created as `node`. -WORKDIR /app - -# Copy the install dependencies from the build stage and context -COPY --from=build --chown=node:node /app/yarn.lock /app/package.json /app/packages/backend/dist/skeleton/ ./ - -RUN --mount=type=cache,target=/home/node/.cache/yarn,sharing=locked,uid=1000,gid=1000 \ - yarn install --frozen-lockfile --production --network-timeout 600000 - -# Copy the built packages from the build stage -COPY --from=build --chown=node:node /app/packages/backend/dist/bundle/ ./ - -# Copy any other files that we need at runtime -COPY --chown=node:node app-config.yaml ./ - -# This switches many Node.js dependencies to production mode. -ENV NODE_ENV production - -CMD ["node", "packages/backend", "--config", "app-config.yaml"] + steps: + - + name: Repository meta + id: repository + run: | + registry=${{ github.server_url }} + registry=${registry##http*://} + echo "registry=${registry}" >> "$GITHUB_OUTPUT" + echo "registry=${registry}" + repository="$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')" + echo "repository=${repository}" >> "$GITHUB_OUTPUT" + echo "repository=${repository}" + - + name: Docker meta + uses: docker/metadata-action@v5 + id: docker + with: + images: ${{ steps.repository.outputs.registry }}/${{ steps.repository.outputs.repository }} + - + name: Login to registry + uses: docker/login-action@v3 + with: + registry: ${{ steps.repository.outputs.registry }} + username: ${{ secrets.PACKAGES_USER }} + password: ${{ secrets.PACKAGES_TOKEN }} + - + name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + buildkitd-flags: '--allow-insecure-entitlement network.host' + driver-opts: network=host + - + name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + allow: network.host + network: host + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.docker.outputs.tags }}