mirror of https://github.com/boxyhq/jackson.git
cleanup (#1690)
This commit is contained in:
parent
b2848ea52a
commit
dd1ac59c30
|
@ -1,110 +0,0 @@
|
|||
name: Build PR Image
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened, closed]
|
||||
# Trigger only for PRs that target main branch
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
build-jackson:
|
||||
name: Build and push `jackson`
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
if: ${{ github.event.action != 'closed' }}
|
||||
steps:
|
||||
- name: checkout
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Generate Dockerfile
|
||||
id: generate-dockerfile
|
||||
run: |
|
||||
cd uffizzi
|
||||
./create-dockerfile.sh
|
||||
|
||||
- name: Generate UUID image name
|
||||
id: uuid
|
||||
run: echo "UUID_TAG=$(uuidgen)" >> $GITHUB_ENV
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: registry.uffizzi.com/${{ env.UUID_TAG }}
|
||||
tags: |
|
||||
type=raw,value=60h
|
||||
|
||||
- name: Build Image
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: ./
|
||||
file: ./uffizzi/Dockerfile
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
load: true # makes image available to docker client
|
||||
push: false
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Push Image to Uffizzi
|
||||
run: docker push registry.uffizzi.com/${{ env.UUID_TAG }}:60h
|
||||
|
||||
render-compose-file:
|
||||
name: Render Docker Compose File
|
||||
# Pass output of this workflow to another triggered by `workflow_run` event.
|
||||
runs-on: ubuntu-latest
|
||||
needs:
|
||||
- build-jackson
|
||||
outputs:
|
||||
compose-file-cache-key: ${{ env.COMPOSE_FILE_HASH }}
|
||||
steps:
|
||||
- name: Checkout git repo
|
||||
uses: actions/checkout@v4
|
||||
- name: Render Compose File
|
||||
run: |
|
||||
SAML_JACKSON_IMAGE=$(echo ${{ needs.build-jackson.outputs.tags }})
|
||||
export SAML_JACKSON_IMAGE
|
||||
# Render simple template from environment variables.
|
||||
envsubst < uffizzi/docker-compose.template.yml > docker-compose.rendered.yml
|
||||
cat docker-compose.rendered.yml
|
||||
- name: Upload Rendered Compose File as Artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: preview-spec
|
||||
path: docker-compose.rendered.yml
|
||||
retention-days: 2
|
||||
- name: Serialize PR Event to File
|
||||
run: |
|
||||
cat << EOF > event.json
|
||||
${{ toJSON(github.event) }}
|
||||
|
||||
EOF
|
||||
- name: Upload PR Event as Artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: preview-spec
|
||||
path: event.json
|
||||
retention-days: 2
|
||||
|
||||
delete-preview:
|
||||
name: Call for Preview Deletion
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.action == 'closed' }}
|
||||
steps:
|
||||
# If this PR is closing, we will not render a compose file nor pass it to the next workflow.
|
||||
- name: Serialize PR Event to File
|
||||
run: |
|
||||
cat << EOF > event.json
|
||||
${{ toJSON(github.event) }}
|
||||
|
||||
EOF
|
||||
- name: Upload PR Event as Artifact
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: preview-spec
|
||||
path: event.json
|
||||
retention-days: 2
|
|
@ -1,89 +0,0 @@
|
|||
name: Deploy Uffizzi Preview
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows:
|
||||
- 'Build PR Image'
|
||||
types:
|
||||
- completed
|
||||
|
||||
jobs:
|
||||
cache-compose-file:
|
||||
name: Cache Compose File
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
compose-file-cache-key: ${{ env.COMPOSE_FILE_HASH }}
|
||||
pr-number: ${{ env.PR_NUMBER }}
|
||||
steps:
|
||||
- name: 'Download artifacts'
|
||||
# Fetch output (zip archive) from the workflow run that triggered this workflow.
|
||||
uses: actions/github-script@v6
|
||||
with:
|
||||
script: |
|
||||
let allArtifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: context.payload.workflow_run.id,
|
||||
});
|
||||
let matchArtifact = allArtifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "preview-spec"
|
||||
})[0];
|
||||
let download = await github.rest.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
let fs = require('fs');
|
||||
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/preview-spec.zip`, Buffer.from(download.data));
|
||||
|
||||
- name: 'Unzip artifact'
|
||||
run: unzip preview-spec.zip
|
||||
|
||||
- name: Read Event into ENV
|
||||
run: |
|
||||
echo 'EVENT_JSON<<EOF' >> $GITHUB_ENV
|
||||
cat event.json >> $GITHUB_ENV
|
||||
echo 'EOF' >> $GITHUB_ENV
|
||||
|
||||
- name: Hash Rendered Compose File
|
||||
id: hash
|
||||
# If the previous workflow was triggered by a PR close event, we will not have a compose file artifact.
|
||||
if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
|
||||
run: echo "COMPOSE_FILE_HASH=$(md5sum docker-compose.rendered.yml | awk '{ print $1 }')" >> $GITHUB_ENV
|
||||
|
||||
- name: Cache Rendered Compose File
|
||||
if: ${{ fromJSON(env.EVENT_JSON).action != 'closed' }}
|
||||
uses: actions/cache@v3
|
||||
with:
|
||||
path: docker-compose.rendered.yml
|
||||
key: ${{ env.COMPOSE_FILE_HASH }}
|
||||
|
||||
- name: Read PR Number From Event Object
|
||||
id: pr
|
||||
run: echo "PR_NUMBER=${{ fromJSON(env.EVENT_JSON).number }}" >> $GITHUB_ENV
|
||||
|
||||
- name: DEBUG - Print Job Outputs
|
||||
if: ${{ runner.debug }}
|
||||
run: |
|
||||
echo "PR number: ${{ env.PR_NUMBER }}"
|
||||
echo "Compose file hash: ${{ env.COMPOSE_FILE_HASH }}"
|
||||
cat event.json
|
||||
|
||||
deploy-uffizzi-preview:
|
||||
name: Use Remote Workflow to Preview on Uffizzi
|
||||
needs:
|
||||
- cache-compose-file
|
||||
uses: UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2.6.4
|
||||
with:
|
||||
# If this workflow was triggered by a PR close event, cache-key will be an empty string
|
||||
# and this reusable workflow will delete the preview deployment.
|
||||
compose-file-cache-key: ${{ needs.cache-compose-file.outputs.compose-file-cache-key }}
|
||||
compose-file-cache-path: docker-compose.rendered.yml
|
||||
server: https://app.uffizzi.com
|
||||
pr-number: ${{ needs.cache-compose-file.outputs.pr-number }}
|
||||
healthcheck-url-path: '/api/health'
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
id-token: write
|
|
@ -17,8 +17,8 @@
|
|||
"dev-dbs-destroy": "docker-compose -f ./_dev/docker-compose.yml down --volumes --remove-orphans",
|
||||
"lint": "next lint && eslint -c .eslintrc.js --ext .ts ./",
|
||||
"mongo": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mongo DB_URL=mongodb://localhost:27017/jackson npm run dev",
|
||||
"pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONNECTION='./uffizzi/saml_config' npm run dev",
|
||||
"pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONNECTION='./uffizzi/saml_config' npm run dev",
|
||||
"pre-loaded": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=mem PRE_LOADED_CONNECTION='./_dev/saml_config' npm run dev",
|
||||
"pre-loaded-db": "cross-env JACKSON_API_KEYS=secret PRE_LOADED_CONNECTION='./_dev/saml_config' npm run dev",
|
||||
"sort": "npx sort-package-json",
|
||||
"postgres": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=postgres DB_URL=postgres://postgres:postgres@localhost:5432/postgres npm run dev",
|
||||
"mysql": "cross-env JACKSON_API_KEYS=secret DB_ENGINE=sql DB_TYPE=mysql DB_URL=mysql://root:mysql@localhost:3307/mysql npm run dev",
|
||||
|
@ -110,4 +110,4 @@
|
|||
"node": ">=18.14.2",
|
||||
"npm": ">=8"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,73 +0,0 @@
|
|||
ARG NODEJS_IMAGE=node:18.18.0-alpine3.18
|
||||
FROM --platform=$BUILDPLATFORM $NODEJS_IMAGE AS base
|
||||
|
||||
# Install dependencies only when needed
|
||||
FROM base AS deps
|
||||
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
|
||||
RUN apk add --no-cache libc6-compat
|
||||
WORKDIR /app
|
||||
|
||||
# Install dependencies based on the preferred package manager
|
||||
COPY package.json package-lock.json ./
|
||||
COPY npm npm
|
||||
RUN npm run custom-install
|
||||
|
||||
|
||||
|
||||
# Rebuild the source code only when needed
|
||||
FROM base AS builder
|
||||
WORKDIR /app
|
||||
|
||||
COPY --from=deps /app/npm ./npm
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
|
||||
|
||||
# Next.js collects completely anonymous telemetry data about general usage.
|
||||
# Learn more here: https://nextjs.org/telemetry
|
||||
# Uncomment the following line in case you want to disable telemetry during the build.
|
||||
ENV NEXT_TELEMETRY_DISABLED 1
|
||||
|
||||
RUN npm run build
|
||||
|
||||
|
||||
# Production image, copy all the files and run next
|
||||
FROM $NODEJS_IMAGE AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_OPTIONS="--max-http-header-size=81920 --dns-result-order=ipv4first"
|
||||
|
||||
|
||||
ENV NODE_ENV production
|
||||
# Uncomment the following line in case you want to disable telemetry during runtime.
|
||||
ENV NEXT_TELEMETRY_DISABLED 1
|
||||
|
||||
RUN addgroup --system --gid 1001 nodejs
|
||||
RUN adduser --system --uid 1001 nextjs
|
||||
|
||||
|
||||
COPY --from=builder /app/public ./public
|
||||
|
||||
# Automatically leverage output traces to reduce image size
|
||||
# https://nextjs.org/docs/advanced-features/output-file-tracing
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||
|
||||
|
||||
USER nextjs
|
||||
|
||||
EXPOSE 5225
|
||||
|
||||
ENV PORT 5225
|
||||
|
||||
CMD ["node", "server.js"]
|
||||
FROM runner AS uffizzi
|
||||
USER root
|
||||
COPY --from=builder /app/uffizzi/saml_config ./uffizzi/saml_config
|
||||
|
||||
COPY ./uffizzi/docker-entrypoint.sh .
|
||||
RUN chmod +x docker-entrypoint.sh
|
||||
|
||||
USER nextjs
|
||||
|
||||
CMD ["./docker-entrypoint.sh"]
|
|
@ -1,10 +0,0 @@
|
|||
FROM runner AS uffizzi
|
||||
USER root
|
||||
COPY --from=builder /app/uffizzi/saml_config ./uffizzi/saml_config
|
||||
|
||||
COPY ./uffizzi/docker-entrypoint.sh .
|
||||
RUN chmod +x docker-entrypoint.sh
|
||||
|
||||
USER nextjs
|
||||
|
||||
CMD ["./docker-entrypoint.sh"]
|
|
@ -1 +0,0 @@
|
|||
cat ../Dockerfile Dockerfile.tmpl > Dockerfile
|
|
@ -1,40 +0,0 @@
|
|||
version: '3'
|
||||
|
||||
x-uffizzi:
|
||||
ingress:
|
||||
service: saml-jackson
|
||||
port: 5225
|
||||
|
||||
services:
|
||||
db:
|
||||
image: postgres:13
|
||||
ports:
|
||||
- '5432:5432'
|
||||
restart: always
|
||||
environment:
|
||||
POSTGRES_PASSWORD: ''
|
||||
POSTGRES_HOST_AUTH_METHOD: trust
|
||||
|
||||
saml-jackson:
|
||||
image: '${SAML_JACKSON_IMAGE}'
|
||||
depends_on:
|
||||
- db
|
||||
environment:
|
||||
SAML_AUDIENCE: https://saml.boxyhq.com
|
||||
JACKSON_API_KEYS: 'secret'
|
||||
IDP_ENABLED: true
|
||||
DB_ENGINE: sql
|
||||
DB_URL: postgres://postgres:postgres@localhost:5432/postgres
|
||||
DB_TYPE: postgres
|
||||
DB_TTL: 300
|
||||
DB_CLEANUP_LIMIT: 1000
|
||||
DB_PAGE_LIMIT: 50
|
||||
PRE_LOADED_CONNECTION: /app/uffizzi/saml_config
|
||||
NEXTAUTH_SECRET: 'secret'
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- '5225:5225'
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
memory: 500M
|
|
@ -1 +0,0 @@
|
|||
NEXTAUTH_URL=$UFFIZZI_URL EXTERNAL_URL=$UFFIZZI_URL npm start
|
Loading…
Reference in New Issue