Merge pull request #24 from ItaloMedici/feature/ci

Feature/ci

Author: ItaloMedici

.dockerignore

@@ -0,0 +1,10 @@
+Dockerfile
+.dockerignore
+docker-compose.yml
+node_modules
+npm-debug.log
+README.md
+.next
+!.next/static
+!.next/standalone
+.git

.github/workflows/build-lint-test.yml

@@ -7,22 +7,25 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-    
-    - name: Use Node.js
-      uses: actions/setup-node@v3
-      with:
-        node-version: 20
-        cache: 'npm'
-
-    - name: Install dependencies
-      run: npm ci
-
-    - name: Run lint
-      run: npm run lint
-      
-    - name: Setup Environment
-      run: cp .env.example .env
-    
-    - name: Build
-      run: npm run build --if-present
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: "npm"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Sync db
+        run: npm run db:generate
+
+      - name: Run lint
+        run: npm run lint
+
+      - name: Setup Environment
+        run: cp .env.example .env
+
+      - name: Build
+        run: npm run build --if-present

.github/workflows/publish-docker.yml

@@ -0,0 +1,62 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    branches: ['release']
+  workflow_dispatch:
+
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            "NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }}"
+            "NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}"
+            "DATABASE_URL=${{ secrets.DATABASE_URL }}"
+            "NEXT_PUBLIC_SITE_URL=${{ secrets.NEXT_PUBLIC_SITE_URL }}"
+            "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}"
+            "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}"
+            "MAXIMUM_PLAYERS_PER_BOARD=${{ secrets.MAXIMUM_PLAYERS_PER_BOARD }}"
+      
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+      

.github/workflows/release-it.yml

@@ -2,28 +2,28 @@ name: Release It
 
 on: workflow_dispatch
 
-jobs: 
+jobs:
   release:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
-    - name: Use Node.js
-      uses: actions/setup-node@v3
-      with:
-        node-version: 20
-        cache: 'npm'
+      - name: Use Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+          cache: "npm"
 
-    - name: git config
-      run: |
-        git config user.name "${GITHUB_ACTOR}"
-        git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-        
-    - name: Release
-      run: npm install --global release-it @release-it/conventional-changelog && release-it
+      - name: git config
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
 
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Release
+        run: npm install --global release-it @release-it/conventional-changelog && release-it
+
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -0,0 +1,74 @@
+FROM --platform=linux/amd64 node:18-alpine AS base
+
+# Install dependencies only when needed
+FROM base AS deps
+# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Install dependencies based on the preferred package manager
+COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
+RUN \
+  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
+  elif [ -f package-lock.json ]; then npm ci; \
+  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
+  else echo "Lockfile not found." && exit 1; \
+  fi
+
+
+# Rebuild the source code only when needed
+FROM base AS builder
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+RUN --mount=type=secret,id=NEXTAUTH_URL \
+    sed -i "s/NEXTAUTH_URL=/NEXTAUTH_URL=$(cat /run/secrets/NEXTAUTH_URL)/" .env
+
+RUN --mount=type=secret,id=NEXTAUTH_SECRET \
+    sed -i "s/NEXTAUTH_SECRET=/NEXTAUTH_SECRET=$(cat /run/secrets/NEXTAUTH_SECRET)/" .env
+
+RUN --mount=type=secret,id=DATABASE_URL \
+    sed -i "s/DATABASE_URL=/DATABASE_URL=$(cat /run/secrets/DATABASE_URL)/" .env
+
+RUN --mount=type=secret,id=NEXT_PUBLIC_SITE_URL \
+    sed -i "s/NEXT_PUBLIC_SITE_URL=/NEXT_PUBLIC_SITE_URL=$(cat /run/secrets/NEXT_PUBLIC_SITE_URL)/" .env
+
+RUN --mount=type=secret,id=GOOGLE_CLIENT_ID \
+    sed -i "s/GOOGLE_CLIENT_ID=/GOOGLE_CLIENT_ID=$(cat /run/secrets/GOOGLE_CLIENT_ID)/" .env
+
+RUN --mount=type=secret,id=GOOGLE_CLIENT_SECRET \
+    sed -i "s/GOOGLE_CLIENT_SECRET=/GOOGLE_CLIENT_SECRET=$(cat /run/secrets/GOOGLE_CLIENT_SECRET)/" .env
+
+RUN --mount=type=secret,id=MAXIMUM_PLAYERS_PER_BOARD \
+    sed -i "s/MAXIMUM_PLAYERS_PER_BOARD=/MAXIMUM_PLAYERS_PER_BOARD=$(cat /run/secrets/MAXIMUM_PLAYERS_PER_BOARD)/" .env
+
+RUN npm run db:generate
+
+RUN npm run build
+
+FROM base AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+
+# Set the correct permission for prerender cache
+RUN mkdir .next
+RUN chown nextjs:nodejs .next
+
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT=3000
+
+ENV HOSTNAME="0.0.0.0"
+CMD ["node", "server.js"]

next.config.mjs

@@ -1,5 +1,6 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
+  output: "standalone",
   images: {
     remotePatterns: [
       {