mirror of https://github.com/boxyhq/jackson.git
cleanup (#1690)
This commit is contained in:
parent
b2848ea52a
commit
dd1ac59c30
|
@ -1,110 +0,0 @@
|
||||||
name: Build PR Image
|
|
||||||
on:
|
|
||||||
pull_request:
|
|
||||||
types: [opened, synchronize, reopened, closed]
|
|
||||||
# Trigger only for PRs that target main branch
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
build-jackson:
|
|
||||||
name: Build and push `jackson`
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
outputs:
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
if: ${{ github.event.action != 'closed' }}
|
|
||||||
steps:
|
|
||||||
- name: checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
|
|
||||||
- name: Generate Dockerfile
|
|
||||||
id: generate-dockerfile
|
|
||||||
run: |
|
|
||||||
cd uffizzi
|
|
||||||
./create-dockerfile.sh
|
|
||||||
|
|
||||||
- name: Generate UUID image name
|
|
||||||
id: uuid
|
|
||||||
run: echo "UUID_TAG=$(uuidgen)" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
|
||||||
uses: docker/setup-buildx-action@v3
|
|
||||||
|
|
||||||
- name: Docker metadata
|
|
||||||
id: meta
|
|
||||||
uses: docker/metadata-action@v5
|
|
||||||
with:
|
|
||||||
images: registry.uffizzi.com/${{ env.UUID_TAG }}
|
|
||||||
tags: |
|
|
||||||
type=raw,value=60h
|
|
||||||
|
|
||||||
- name: Build Image
|
|
||||||
uses: docker/build-push-action@v5
|
|
||||||
with:
|
|
||||||
context: ./
|
|
||||||
file: ./uffizzi/Dockerfile
|
|
||||||
tags: ${{ steps.meta.outputs.tags }}
|
|
||||||
labels: ${{ steps.meta.outputs.labels }}
|
|
||||||
load: true # makes image available to docker client
|
|
||||||
push: false
|
|
||||||
cache-from: type=gha
|
|
||||||
cache-to: type=gha,mode=max
|
|
||||||
|
|
||||||
- name: Push Image to Uffizzi
|
|
||||||
run: docker push registry.uffizzi.com/${{ env.UUID_TAG }}:60h
|
|
||||||
|
|
||||||
render-compose-file:
|
|
||||||
name: Render Docker Compose File
|
|
||||||
# Pass output of this workflow to another triggered by `workflow_run` event.
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs:
|
|
||||||
- build-jackson
|
|
||||||
outputs:
|
|
||||||
compose-file-cache-key: ${{ env.COMPOSE_FILE_HASH }}
|
|
||||||
steps:
|
|
||||||
- name: Checkout git repo
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
- name: Render Compose File
|
|
||||||
run: |
|
|
||||||
SAML_JACKSON_IMAGE=$(echo ${{ needs.build-jackson.outputs.tags }})
|
|
||||||
export SAML_JACKSON_IMAGE
|
|
||||||
# Render simple template from environment variables.
|
|
||||||
envsubst < uffizzi/docker-compose.template.yml > docker-compose.rendered.yml
|
|
||||||
cat docker-compose.rendered.yml
|
|
||||||
- name: Upload Rendered Compose File as Artifact
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: preview-spec
|
|
||||||
path: docker-compose.rendered.yml
|
|
||||||
retention-days: 2
|
|
||||||
- name: Serialize PR Event to File
|
|
||||||
run: |
|
|
||||||
cat << EOF > event.json
|
|
||||||
${{ toJSON(github.event) }}
|
|
||||||
|
|
||||||
EOF
|
|
||||||
- name: Upload PR Event as Artifact
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: preview-spec
|
|
||||||
path: event.json
|
|
||||||
retention-days: 2
|
|
||||||
|
|
||||||
delete-preview:
|
|
||||||
name: Call for Preview Deletion
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
if: ${{ github.event.action == 'closed' }}
|
|
||||||
steps:
|
|
||||||
# If this PR is closing, we will not render a compose file nor pass it to the next workflow.
|
|
||||||
- name: Serialize PR Event to File
|
|
||||||
run: |
|
|
||||||
cat << EOF > event.json
|
|
||||||
${{ toJSON(github.event) }}
|
|
||||||
|
|
||||||
EOF
|
|
||||||
- name: Upload PR Event as Artifact
|
|
||||||
uses: actions/upload-artifact@v3
|
|
||||||
with:
|
|
||||||
name: preview-spec
|
|
||||||
path: event.json
|
|
||||||
retention-days: 2
|
|
|
@ -1,89 +0,0 @@
|
||||||
name: Deploy Uffizzi Preview
|
|
||||||
|
|
||||||
on:
|
|
||||||
workflow_run:
|
|
||||||
workflows:
|
|
||||||
- 'Build PR Image'
|
|
||||||
types:
|
|
||||||
- completed
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
cache-compose-file:
|
|
||||||
name: Cache Compose File
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
outputs:
|
|
||||||
compose-file-cache-key: ${{ env.COMPOSE_FILE_HASH }}
|
|
||||||
pr-number: ${{ env.PR_NUMBER }}
|
|
||||||
steps:
|
|
||||||
- name: 'Download artifacts'
|
|
||||||
# Fetch output (zip archive) from the workflow run that triggered this workflow.
|
|
||||||
uses: actions/github-script@v6
|
|
||||||
with:
|
|
||||||
script: |
|
|
||||||
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
run_id: context.payload.workflow_run.id,
|
|
||||||
});
|
|
||||||
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
|
|
||||||
return artifact.name == "preview-spec"
|
|
||||||
})[0];
|
|
||||||
let download = await github.rest.actions.downloadArtifact({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
artifact_id: matchArtifact.id,
|
|
||||||
archive_format: 'zip',
|
|
||||||
});
|
|
||||||
let fs = require('fs');
|
|
||||||
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-spec.zip`, Buffer.from(download.data));
|
|
||||||
|
|
||||||
- name: 'Unzip artifact'
|
|
||||||
run: unzip preview-spec.zip
|
|
||||||
|
|
||||||
- name: Read Event into ENV
|
|
||||||
run: |
|
|
||||||
echo 'EVENT_JSON<<EOF' >> $GITHUB_ENV
|
|
||||||
cat event.json >> $GITHUB_ENV
|
|
||||||
echo 'EOF' >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Hash Rendered Compose File
|
|
||||||
id: hash
|
|
||||||
# If the previous workflow was triggered by a PR close event, we will not have a compose file artifact.
|
|
||||||
if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
|
|
||||||
run: echo "COMPOSE_FILE_HASH=$(md5sum docker-compose.rendered.yml | awk '{ print $1 }')" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: Cache Rendered Compose File
|
|
||||||
if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
|
|
||||||
uses: actions/cache@v3
|
|
||||||
with:
|
|
||||||
path: docker-compose.rendered.yml
|
|
||||||
key: ${{ env.COMPOSE_FILE_HASH }}
|
|
||||||
|
|
||||||
- name: Read PR Number From Event Object
|
|
||||||
id: pr
|
|
||||||
run: echo "PR_NUMBER=${{ fromJSON(env.EVENT_JSON).number }}" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
- name: DEBUG - Print Job Outputs
|
|
||||||
if: ${{ runner.debug }}
|
|
||||||
run: |
|
|
||||||
echo "PR number: ${{ env.PR_NUMBER }}"
|
|
||||||
echo "Compose file hash: ${{ env.COMPOSE_FILE_HASH }}"
|
|
||||||
cat event.json
|
|
||||||
|
|
||||||
deploy-uffizzi-preview:
|
|
||||||
name: Use Remote Workflow to Preview on Uffizzi
|
|
||||||
needs:
|
|
||||||
- cache-compose-file
|
|
||||||
uses: UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2.6.4
|
|
||||||
with:
|
|
||||||
# If this workflow was triggered by a PR close event, cache-key will be an empty string
|
|
||||||
# and this reusable workflow will delete the preview deployment.
|
|
||||||
compose-file-cache-key: ${{ needs.cache-compose-file.outputs.compose-file-cache-key }}
|
|
||||||
compose-file-cache-path: docker-compose.rendered.yml
|
|
||||||
server: https://app.uffizzi.com
|
|
||||||
pr-number: ${{ needs.cache-compose-file.outputs.pr-number }}
|
|
||||||
healthcheck-url-path: '/api/health'
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: write
|
|
||||||
id-token: write
|
|
|
@ -17,8 +17,8 @@
|
||||||
"dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans",
|
"dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans",
|
||||||
"lint": "next lint && eslint -c .eslintrc.js --ext .ts ./",
|
"lint": "next lint && eslint -c .eslintrc.js --ext .ts ./",
|
||||||
"mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson npm run dev",
|
"mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson npm run dev",
|
||||||
"pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONNECTION='./uffizzi/saml_config' npm run dev",
|
"pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONNECTION='./_dev/saml_config' npm run dev",
|
||||||
"pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONNECTION='./uffizzi/saml_config' npm run dev",
|
"pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONNECTION='./_dev/saml_config' npm run dev",
|
||||||
"sort": "npx sort-package-json",
|
"sort": "npx sort-package-json",
|
||||||
"postgres": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/postgres npm run dev",
|
"postgres": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/postgres npm run dev",
|
||||||
"mysql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql npm run dev",
|
"mysql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql npm run dev",
|
||||||
|
@ -110,4 +110,4 @@
|
||||||
"node": ">=18.14.2",
|
"node": ">=18.14.2",
|
||||||
"npm": ">=8"
|
"npm": ">=8"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
ARG NODEJS_IMAGE=node:18.18.0-alpine3.18
|
|
||||||
FROM --platform=$BUILDPLATFORM $NODEJS_IMAGE AS base
|
|
||||||
|
|
||||||
# Install dependencies only when needed
|
|
||||||
FROM base AS deps
|
|
||||||
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
|
|
||||||
RUN apk add --no-cache libc6-compat
|
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
# Install dependencies based on the preferred package manager
|
|
||||||
COPY package.json package-lock.json ./
|
|
||||||
COPY npm npm
|
|
||||||
RUN npm run custom-install
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Rebuild the source code only when needed
|
|
||||||
FROM base AS builder
|
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
COPY --from=deps /app/npm ./npm
|
|
||||||
COPY --from=deps /app/node_modules ./node_modules
|
|
||||||
COPY . .
|
|
||||||
|
|
||||||
|
|
||||||
# Next.js collects completely anonymous telemetry data about general usage.
|
|
||||||
# Learn more here: https://nextjs.org/telemetry
|
|
||||||
# Uncomment the following line in case you want to disable telemetry during the build.
|
|
||||||
ENV NEXT_TELEMETRY_DISABLED 1
|
|
||||||
|
|
||||||
RUN npm run build
|
|
||||||
|
|
||||||
|
|
||||||
# Production image, copy all the files and run next
|
|
||||||
FROM $NODEJS_IMAGE AS runner
|
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
ENV NODE_OPTIONS="--max-http-header-size=81920 --dns-result-order=ipv4first"
|
|
||||||
|
|
||||||
|
|
||||||
ENV NODE_ENV production
|
|
||||||
# Uncomment the following line in case you want to disable telemetry during runtime.
|
|
||||||
ENV NEXT_TELEMETRY_DISABLED 1
|
|
||||||
|
|
||||||
RUN addgroup --system --gid 1001 nodejs
|
|
||||||
RUN adduser --system --uid 1001 nextjs
|
|
||||||
|
|
||||||
|
|
||||||
COPY --from=builder /app/public ./public
|
|
||||||
|
|
||||||
# Automatically leverage output traces to reduce image size
|
|
||||||
# https://nextjs.org/docs/advanced-features/output-file-tracing
|
|
||||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
|
||||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
|
||||||
|
|
||||||
|
|
||||||
USER nextjs
|
|
||||||
|
|
||||||
EXPOSE 5225
|
|
||||||
|
|
||||||
ENV PORT 5225
|
|
||||||
|
|
||||||
CMD ["node", "server.js"]
|
|
||||||
FROM runner AS uffizzi
|
|
||||||
USER root
|
|
||||||
COPY --from=builder /app/uffizzi/saml_config ./uffizzi/saml_config
|
|
||||||
|
|
||||||
COPY ./uffizzi/docker-entrypoint.sh .
|
|
||||||
RUN chmod +x docker-entrypoint.sh
|
|
||||||
|
|
||||||
USER nextjs
|
|
||||||
|
|
||||||
CMD ["./docker-entrypoint.sh"]
|
|
|
@ -1,10 +0,0 @@
|
||||||
FROM runner AS uffizzi
|
|
||||||
USER root
|
|
||||||
COPY --from=builder /app/uffizzi/saml_config ./uffizzi/saml_config
|
|
||||||
|
|
||||||
COPY ./uffizzi/docker-entrypoint.sh .
|
|
||||||
RUN chmod +x docker-entrypoint.sh
|
|
||||||
|
|
||||||
USER nextjs
|
|
||||||
|
|
||||||
CMD ["./docker-entrypoint.sh"]
|
|
|
@ -1 +0,0 @@
|
||||||
cat ../Dockerfile Dockerfile.tmpl > Dockerfile
|
|
|
@ -1,40 +0,0 @@
|
||||||
version: '3'
|
|
||||||
|
|
||||||
x-uffizzi:
|
|
||||||
ingress:
|
|
||||||
service: saml-jackson
|
|
||||||
port: 5225
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: postgres:13
|
|
||||||
ports:
|
|
||||||
- '5432:5432'
|
|
||||||
restart: always
|
|
||||||
environment:
|
|
||||||
POSTGRES_PASSWORD: ''
|
|
||||||
POSTGRES_HOST_AUTH_METHOD: trust
|
|
||||||
|
|
||||||
saml-jackson:
|
|
||||||
image: '${SAML_JACKSON_IMAGE}'
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
environment:
|
|
||||||
SAML_AUDIENCE: https://saml.boxyhq.com
|
|
||||||
JACKSON_API_KEYS: 'secret'
|
|
||||||
IDP_ENABLED: true
|
|
||||||
DB_ENGINE: sql
|
|
||||||
DB_URL: postgres://postgres:postgres@localhost:5432/postgres
|
|
||||||
DB_TYPE: postgres
|
|
||||||
DB_TTL: 300
|
|
||||||
DB_CLEANUP_LIMIT: 1000
|
|
||||||
DB_PAGE_LIMIT: 50
|
|
||||||
PRE_LOADED_CONNECTION: /app/uffizzi/saml_config
|
|
||||||
NEXTAUTH_SECRET: 'secret'
|
|
||||||
restart: unless-stopped
|
|
||||||
ports:
|
|
||||||
- '5225:5225'
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
memory: 500M
|
|
|
@ -1 +0,0 @@
|
||||||
NEXTAUTH_URL=$UFFIZZI_URL EXTERNAL_URL=$UFFIZZI_URL npm start
|
|
Loading…
Reference in New Issue