Changes to Dockerfile and Gunicorn config, adding Github Actions

BoxingOctopusCreative · Apr 5, 2023 · aacce6a · aacce6a
1 parent 3f27be7
commit aacce6a
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 3 deletions.
diff --git a/.github/workflows/docker-build-and-publish.yaml b/.github/workflows/docker-build-and-publish.yaml
@@ -0,0 +1,29 @@
+name: Build and publish a Docker image to ghcr.io
+on:
+
+  # publish on releases, e.g. v2.1.13 (image tagged as "2.1.13" - "v" prefix is removed)
+  release:
+    types: [ published ]
+
+  # publish on pushes to the main branch (image tagged as "latest")
+  push:
+    branches:
+      - master
+
+jobs:
+  docker_publish:
+    runs-on: "ubuntu-20.04"
+
+    steps:
+      - uses: actions/checkout@v2
+
+      # https://github.com/marketplace/actions/push-to-ghcr
+      - name: Build and publish a Docker image for ${{ github.repository }}
+        uses: macbre/push-to-ghcr@master
+        with:
+          image_name: ${{ github.repository }}  # it will be lowercased internally
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          # optionally push to the Docker Hub (docker.io)
+          # docker_io_token: ${{ secrets.DOCKER_IO_ACCESS_TOKEN }}  # see https://hub.docker.com/settings/security
+          # customize the username to be used when pushing to the Docker Hub
+          # docker_io_user: foobar  # see https://github.com/macbre/push-to-ghcr/issues/14
diff --git a/.github/workflows/tag-main.yaml b/.github/workflows/tag-main.yaml
@@ -0,0 +1,21 @@
+name: Bump version
+on:
+  push:
+    branches:
+      - main
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: Release ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
diff --git a/.github/workflows/trufflehog.yaml b/.github/workflows/trufflehog.yaml
@@ -0,0 +1,18 @@
+name: Leaked Secrets Scan
+on: [push]
+jobs:
+  TruffleHog:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@v3.31.3
+        with:
+          path: ./
+          base: ""
+          head: ${{ github.ref_name}}
+          extra_args: --debug --only-verified
diff --git a/Dockerfile b/Dockerfile
@@ -7,4 +7,4 @@ COPY . /app
 WORKDIR /app
 RUN pip install -r requirements.txt
 
-CMD ["gunicorn", "app:app"]
+#CMD ["gunicorn", "app:app"]
diff --git a/gunicorn.conf.py b/gunicorn.conf.py
@@ -10,15 +10,16 @@
     find_dotenv()
 
 if os.environ.get('DOCKER') == 'True':
+    listen    = '0.0.0.0'
     accesslog = '-' # Log to stdout
     errorlog  = '-' # Log to stdout
     port      = 5000
 else:
+    listen    = os.environ.get('LISTEN')
+    port      = os.environ.get('PORT')
     accesslog = './log/gunicorn.access.log'
     errorlog  = './log/gunicorn.error.log'
-    port      = os.environ.get('PORT')
 
-listen          = os.environ.get('LISTEN')
 bind            = f'{listen}:{port}'
 reload          = True
 #worker_tmp_dir  = '/dev/shm'