Merge pull request #182 from Librecov/feat/docker-build

feat: docker build

Author: yknx4

.dockerignore

@@ -1,6 +1,19 @@
+.dockerignore
+# there are valid reasons to keep the .git, namely so that you can get the
+# current commit hash
+.git
+.log
+tmp
+
+# Mix artifacts
 _build
 deps
+*.ez
+releases
+
+# Generate on crash by the VM
+erl_crash.dump
+
+# Static artifacts
 node_modules
-.git
-.tags
-priv/static/js
+priv/static

.formatter.exs

@@ -2,11 +2,11 @@
   surface_line_length: 120,
   import_deps: [:ecto, :phoenix, :surface],
   inputs: [
-    "*.{ex,exs}",
+    "{mix,.formatter}.exs",
     "priv/*/seeds.exs",
-    "{config,lib,test}/**/*.{ex,exs}"
+    "{config,lib,test}/**/*.{ex,exs,sface}",
+    "lib/librecov_web/live/**/*.{ex,exs,sface}"
   ],
-  surface_inputs: ["{lib,test}/**/*.{ex,exs,sface}"],
   subdirectories: ["priv/*/migrations"],
   plugins: [Surface.Formatter.Plugin],
   locals_without_parens: [

.github/workflows/ghcr.yml

@@ -1,15 +1,22 @@
-name: CI to GHCR 
+name: Docker
 
 on:
+  pull_request:
   push:
-    branches: [ main ]
+    branches:
+      - main
+    tags:
+      - v*
+  release:
+    types: [released]
 
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   build-and-push-image:
+    name: Build
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -19,6 +26,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v2
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
       - name: Log in to the Container registry
         uses: docker/login-action@5fcefb941de79536616e9422226e33fd39f1706f
         with:
@@ -32,10 +50,36 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
-      - name: Build and push Docker image
-        uses: docker/build-push-action@604f033158cc23bb0aa20cd1742ac95c460d3abf
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=schedule
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=ref,event=tag
+            type=sha,enable=true,priority=100,prefix=sha-,suffix=,format=long
+            type=edge,branch=main
+      
+      - name: Build and push
+        uses: docker/build-push-action@v2
         with:
           context: .
-          push: true
+          push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new
+
+      - name: Move cache
+        shell: bash
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/tests.yml

@@ -1,3 +1,4 @@
+name: Tests
 on: push
 
 jobs:
@@ -7,8 +8,8 @@ jobs:
       MIX_ENV: test
     strategy:
       matrix:
-        elixir: ["1.12.3"]
-        otp: ["24.0"]
+        elixir: ["1.13"]
+        otp: ["24.1"]
     steps:
       - name: Cancel previous runs
         uses: styfle/cancel-workflow-action@0.9.1
@@ -18,6 +19,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Sets up an Erlang/OTP environment
         uses: erlef/setup-beam@v1
+        id: beam
         with:
           elixir-version: ${{ matrix.elixir }}
           otp-version: ${{ matrix.otp }}
@@ -29,7 +31,7 @@ jobs:
             deps
             _build
             priv/plts
-          key: ${{ runner.os }}-${{ matrix.otp }}-${{ matrix.elixir }}-${{ hashFiles('mix.lock') }}-v2
+          key: ${{ runner.os }}-${{ steps.beam.outputs.otp-version }}-${{ steps.beam.outputs.elixir-version }}-${{ hashFiles('mix.lock') }}-v2
       - name: Install dependencies
         if: steps.mix-cache.outputs.cache-hit != 'true'
         run: |
@@ -48,8 +50,8 @@ jobs:
       MIX_ENV: test
     strategy:
       matrix:
-        elixir: ["1.12.3"]
-        otp: ["24.0"]
+        elixir: ["1.13"]
+        otp: ["24.1"]
     steps:
       - name: Cancel previous runs
         uses: styfle/cancel-workflow-action@0.9.1
@@ -59,6 +61,7 @@ jobs:
         uses: actions/checkout@v2
       - name: Sets up an Erlang/OTP environment
         uses: erlef/setup-beam@v1
+        id: beam
         with:
           elixir-version: ${{ matrix.elixir }}
           otp-version: ${{ matrix.otp }}
@@ -70,7 +73,7 @@ jobs:
             deps
             _build
             priv/plts
-          key: ${{ runner.os }}-${{ matrix.otp }}-${{ matrix.elixir }}-${{ hashFiles('mix.lock') }}-v2
+          key: ${{ runner.os }}-${{ steps.beam.outputs.otp-version }}-${{ steps.beam.outputs.elixir-version }}-${{ hashFiles('mix.lock') }}-v2
       - run: mix format --check-formatted
       - run: mix credo
       - run: mix dialyzer --no-check --ignore-exit-status
@@ -82,8 +85,8 @@ jobs:
       MIX_ENV: test
     strategy:
       matrix:
-        elixir: ["1.12.3"]
-        otp: ["24.0"]
+        elixir: ["1.13"]
+        otp: ["24.1"]
     services:
       db:
         image: postgres:13-alpine
@@ -110,6 +113,7 @@ jobs:
       - uses: c-hive/gha-yarn-cache@v2
       - name: Sets up an Erlang/OTP environment
         uses: erlef/setup-beam@v1
+        id: beam
         with:
           elixir-version: ${{ matrix.elixir }}
           otp-version: ${{ matrix.otp }}
@@ -121,7 +125,7 @@ jobs:
             deps
             _build
             priv/plts
-          key: ${{ runner.os }}-${{ matrix.otp }}-${{ matrix.elixir }}-${{ hashFiles('mix.lock') }}-v2
+          key: ${{ runner.os }}-${{ steps.beam.outputs.otp-version }}-${{ steps.beam.outputs.elixir-version }}-${{ hashFiles('mix.lock') }}-v2
       - name: Install NPM Packages (Global)
         run: yarn install
       - name: Seed

.tool-versions

@@ -1,3 +1,3 @@
-elixir 1.12.3-otp-24
-erlang 24.1.1
-nodejs 14.16.1
+elixir 1.13.2-otp-24
+erlang 24.1.7
+nodejs 16.13.2

Dockerfile

@@ -1,7 +1,30 @@
-FROM elixir:1.13.1-slim AS build
+# Find eligible builder and runner images on Docker Hub. We use Ubuntu/Debian instead of
+# Alpine to avoid DNS resolution issues in production.
+#
+# https://hub.docker.com/r/hexpm/elixir/tags?page=1&name=ubuntu
+# https://hub.docker.com/_/ubuntu?tab=tags
+#
+#
+# This file is based on these images:
+#
+#   - https://hub.docker.com/r/hexpm/elixir/tags - for the build image
+#   - https://hub.docker.com/_/debian?tab=tags&page=1&name=bullseye-20210902-slim - for the release image
+#   - https://pkgs.org/ - resource for finding needed packages
+#   - Ex: hexpm/elixir:1.13.2-erlang-24.1.1-debian-bullseye-20210902-slim
+#
+ARG BUILDER_IMAGE="hexpm/elixir:1.13.2-erlang-24.1.1-debian-bullseye-20210902-slim"
+ARG RUNNER_IMAGE="debian:bullseye-20210902-slim"
+
+FROM ${BUILDER_IMAGE} as builder
 
 # install build dependencies
-RUN apt update && apt install -y build-essential git
+RUN apt-get update -y && apt-get install -y build-essential git apt-transport-https curl \
+    && apt-get clean && rm -f /var/lib/apt/lists/*_*
+
+# add node deb
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x -o /tmp/setup_node.sh && bash /tmp/setup_node.sh && apt-get install -y nodejs \
+    && apt-get clean && rm -f /var/lib/apt/lists/*_* \
+    && corepack enable
 
 # prepare build dir
 WORKDIR /app
@@ -11,41 +34,68 @@ RUN mix local.hex --force && \
     mix local.rebar --force
 
 # set build ENV
-ENV MIX_ENV=prod
+ENV MIX_ENV="prod"
 
 # install mix dependencies
 COPY mix.exs mix.lock ./
-COPY config config
-RUN mix do deps.get, deps.compile
+RUN mix deps.get --only $MIX_ENV
+RUN mkdir config
 
-# build assets
-# COPY assets/package.json assets/package-lock.json ./assets/
-# RUN npm --prefix ./assets ci --progress=false --no-audit --loglevel=error
+# copy compile-time config files before we compile dependencies
+# to ensure any relevant config change will trigger the dependencies
+# to be re-compiled.
+COPY config/config.exs config/${MIX_ENV}.exs config/
+RUN mix deps.compile
 
 COPY priv priv
-# COPY assets assets
-# RUN npm run --prefix ./assets deploy
-RUN mix phx.digest
 
-# compile and build release
+# note: if your project uses a tool like https://purgecss.com/,
+# which customizes asset compilation based on what it finds in
+# your Elixir templates, you will need to move the asset compilation
+# step down so that `lib` is available.
+COPY assets assets
+ADD openapi.json package.json yarn.lock ./
+# compile assets
+RUN yarn install --frozen-lockfile
 COPY lib lib
-COPY openapi.json openapi.json
-# uncomment COPY if rel/ exists
-# COPY rel rel
-RUN mix do compile, release
+RUN mix assets.deploy
+# Compile the release
 
-# prepare release image
-FROM debian:buster AS app
-RUN apt update && apt install -y openssl
+RUN mix compile
 
-WORKDIR /app
+# Changes to config/runtime.exs don't require recompiling the code
+COPY config/runtime.exs config/
+
+COPY rel rel
+RUN mix release
+
+# start a new build stage so that the final image will only contain
+# the compiled release and other runtime necessities
+FROM ${RUNNER_IMAGE}
+
+RUN apt-get update -y && apt-get install -y libstdc++6 openssl libncurses5 locales apt-transport-https curl \
+  && apt-get clean && rm -f /var/lib/apt/lists/*_*
+
+# add node deb
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x -o /tmp/setup_node.sh && bash /tmp/setup_node.sh && apt-get install -y nodejs --no-install-recommends \
+    && apt-get clean && rm -f /var/lib/apt/lists/*_* \
+    && corepack enable
+
+# Set the locale
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
 
-# RUN chown nobody:nobody /app
+ENV LANG en_US.UTF-8
+ENV LANGUAGE en_US:en
+ENV LC_ALL en_US.UTF-8
 
-# USER nobody:nobody
+WORKDIR "/app"
+RUN chown nobody /app
 
-COPY --from=build --chown=nobody:nobody /app/_build/prod/rel/librecov ./
+# Only copy the final release from the build stage
+COPY --from=builder --chown=nobody:root /app/_build/prod/rel/librecov ./
+ADD openapi.json package.json yarn.lock /app/bin/
+RUN cd bin && yarn install --production --frozen-lockfile
 
-ENV HOME=/app
+USER nobody
 
-CMD ["bin/librecov", "start"]
+CMD ["/app/bin/server"]

config/config.exs

@@ -1,4 +1,4 @@
-use Mix.Config
+import Config
 
 config :librecov, Librecov.Endpoint,
   url: [host: "localhost"],
@@ -90,7 +90,4 @@ config :kaffy,
   admin_logo: "/images/logo.png",
   admin_logo_mini: "/images/logo.png"
 
-import_config "#{Mix.env()}.exs"
-
-local_config_path = Path.expand("local.exs", __DIR__)
-if File.exists?(local_config_path), do: import_config(local_config_path)
+import_config "#{config_env()}.exs"

config/dev.exs

@@ -1,4 +1,4 @@
-use Mix.Config
+import Config
 
 # For development, we disable any cache and enable
 # debugging and code reloading.
@@ -81,3 +81,5 @@ config Librecov.Plug.Github,
   secret: "my-secret",
   path: "/api/v1/github_webhook",
   action: {Librecov.GithubService, :handle}
+
+config :phoenix, :plug_init_mode, :runtime