diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d782f48 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +* +!dist/*.whl diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..5aa3b5a --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,45 @@ +name: Publish to PyPI and GHCR +on: + push: + tags: + - test-v* +jobs: + build-and-publish: + runs-on: ubuntu-latest + environment: + name: pypi + url: 'https://pypi.org/p/pypi-browser-webapp' + permissions: + id-token: write + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: '3.13' + - name: Install dependencies + run: pip install build + - name: Build Python artifacts + run: python -m build --sdist --wheel --outdir dist + - name: Publish to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + skip-existing: true + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Retrieve wheel name + id: wheel + run echo "WHEEL=$(ls dist/*.whl)" >> $GITHUB_OUTPUT + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + build-args: + - WHEEL=${{ steps.wheel.outputs.WHEEL }} + tags: + - 'ghcr.io/chriskuehl/pypi-browser:latest' + - 'ghcr.io/chriskuehl/pypi-browser:${{ github.ref_name }}' + push: true diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c8ff6b3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +FROM public.ecr.aws/docker/library/python:3.13 +RUN apt-get update && apt-get install -y dumb-init && apt-get clean +ARG WHEEL +COPY "$WHEEL" /tmp/ +USER nobody +RUN python -m venv /tmp/venv +RUN /tmp/venv/bin/pip install /tmp/*.whl uvicorn +VOLUME /cache +ENV PYPI_BROWSER_PACKAGE_CACHE_PATH=/cache +CMD ["/usr/bin/dumb-init", "/tmp/venv/bin/uvicorn", "--forwarded-allow-ips=*", "--host", "0.0.0.0", "pypi_browser.app:app"]