From ec4c5a504c800b13280ee9e5657df0ec536d3923 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Thu, 27 Jul 2023 17:34:09 +0200 Subject: [PATCH 01/21] build: add docker build for api --- apps/api/Dockerfile | 22 ++++++++++++++++++++++ apps/api/project.json | 4 ++++ 2 files changed, 26 insertions(+) create mode 100644 apps/api/Dockerfile diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile new file mode 100644 index 00000000..87a59e6c --- /dev/null +++ b/apps/api/Dockerfile @@ -0,0 +1,22 @@ +ARG NODE_VERSION + +# TODO: base node version off of nvmrc +FROM docker.io/node:${NODE_VERSION}-alpine AS builder + +WORKDIR /app +# TODO: optimize by copying package.json only for install +COPY dist/apps/api /app + +RUN npm --omit=dev -f install + +# Use distroless for maximum security: https://github.com/GoogleContainerTools/distroless +FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian11 + +COPY --from=builder /app /app +WORKDIR /app + +ENV PORT=3333 +EXPOSE ${PORT} + + +CMD ["./main.js"] \ No newline at end of file diff --git a/apps/api/project.json b/apps/api/project.json index ea4f1f5d..f3eb2dc6 100644 --- a/apps/api/project.json +++ b/apps/api/project.json @@ -58,6 +58,10 @@ "codeCoverage": true } } + }, + "docker-build": { + "dependsOn": ["build"], + "command": "docker build --build-arg NODE_VERSION=$(cat .nvmrc | tr -cd [:digit:].) -f apps/api/Dockerfile . -t api" } }, "tags": [] From 55367070bd2d176b233dcebb548fbae2906269ed Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Thu, 27 Jul 2023 18:20:48 +0200 Subject: [PATCH 02/21] build: add image layer for improved caching --- apps/api/Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile index 87a59e6c..48e0bc64 100644 --- a/apps/api/Dockerfile +++ b/apps/api/Dockerfile @@ -1,14 +1,15 @@ ARG NODE_VERSION -# TODO: base node version off of nvmrc FROM docker.io/node:${NODE_VERSION}-alpine AS builder WORKDIR /app -# TODO: optimize by copying package.json only for install -COPY dist/apps/api /app +# Install dependencies separately for caching +COPY dist/apps/api/package.json dist/apps/api/package-lock.json . RUN npm --omit=dev -f install +COPY dist/apps/api . + # Use distroless for maximum security: https://github.com/GoogleContainerTools/distroless FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian11 From 5c52d58a6805cff5d96721b828ae94e75bfb6682 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Thu, 27 Jul 2023 18:49:10 +0200 Subject: [PATCH 03/21] ci: build and push docker container for api --- .../actions/build-and-deploy-api/action.yml | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 341e4e19..9c7b851d 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -25,18 +25,30 @@ outputs: runs: using: "composite" steps: - - run: envsubst < apps/api/src/.env.template > apps/api/src/.env + - name: Set environment + run: envsubst < apps/api/src/.env.template > apps/api/src/.env env: MONGODB_URI: ${{ inputs.mongoUri }} ENVIRONMENT_NAME: ${{ inputs.slot }} RELEASE_VERSION: ${{ inputs.releaseVersion }} SENTRY_KEY: ${{ inputs.sentryKey }} shell: bash - - run: | - npx nx build api --prod - cd dist/apps/api - npm i --omit=dev --ignore-scripts + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # TODO: publish latest tag somewhere and pull latest container image here to make use of Docker's caching + - name: Build app and container + run: | + npx nx docker-build api --prod shell: bash + - name: Push container to registry + run: | + docker tag api ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + docker push ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + # TODO: Replace wa-deployment by deployment to K8s - name: Deploy API id: wa-deployment uses: azure/webapps-deploy@v2 From f143f6ab6957e09e042f1c854d24742f49ef92a6 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 17:17:06 +0200 Subject: [PATCH 04/21] ci: use Docker build action to enable Github caching --- .../actions/build-and-deploy-api/action.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 9c7b851d..a7e77a92 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -39,16 +39,18 @@ runs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # TODO: publish latest tag somewhere and pull latest container image here to make use of Docker's caching - - name: Build app and container + - name: Build app run: | - npx nx docker-build api --prod + npx nx build api --prod shell: bash - - name: Push container to registry - run: | - docker tag api ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} - docker push ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} - # TODO: Replace wa-deployment by deployment to K8s + - name: Build and push + uses: docker/build-push-action@v4 + with: + context: ./apps/api/ + push: true + tags: ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + cache-from: type=gha + cache-to: type=gha,mode=max - name: Deploy API id: wa-deployment uses: azure/webapps-deploy@v2 From 5e869d5dec305927201191bbf9dcb163539c0773 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 17:30:06 +0200 Subject: [PATCH 05/21] ci: fix build --- .github/actions/build-and-deploy-api/action.yml | 5 ++++- apps/api/Dockerfile | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index a7e77a92..1285ad74 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -47,8 +47,11 @@ runs: uses: docker/build-push-action@v4 with: context: ./apps/api/ + build-args: + NODE_VERSION: $(cat .nvmrc | tr -cd [:digit:].) push: true - tags: ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + tags: + - ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} cache-from: type=gha cache-to: type=gha,mode=max - name: Deploy API diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile index 48e0bc64..2244338a 100644 --- a/apps/api/Dockerfile +++ b/apps/api/Dockerfile @@ -5,7 +5,7 @@ FROM docker.io/node:${NODE_VERSION}-alpine AS builder WORKDIR /app # Install dependencies separately for caching -COPY dist/apps/api/package.json dist/apps/api/package-lock.json . +COPY dist/apps/api/package.json dist/apps/api/package-lock.json ./ RUN npm --omit=dev -f install COPY dist/apps/api . From 6965fbc2756e4110558dbed9b02823e1ea71549f Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 17:59:43 +0200 Subject: [PATCH 06/21] ci: fix build parameters --- .github/actions/build-and-deploy-api/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 1285ad74..695e6674 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -47,11 +47,11 @@ runs: uses: docker/build-push-action@v4 with: context: ./apps/api/ - build-args: - NODE_VERSION: $(cat .nvmrc | tr -cd [:digit:].) + build-args: | + NODE_VERSION=$(cat .nvmrc | tr -cd [:digit:].) push: true - tags: - - ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + tags: | + ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} cache-from: type=gha cache-to: type=gha,mode=max - name: Deploy API From 2956f655a76fa26b5e95fba46690e95b8c67709e Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 18:05:02 +0200 Subject: [PATCH 07/21] ci: fix Github action --- .github/actions/build-and-deploy-api/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 695e6674..ae4e7cfa 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -38,7 +38,7 @@ runs: with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: '${{ secrets.GITHUB_TOKEN }}' - name: Build app run: | npx nx build api --prod From 4ed073eefbfd180f55aaec2187735a9fdfb66bfe Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 20:55:22 +0200 Subject: [PATCH 08/21] ci: fix container build --- .github/actions/build-and-deploy-api/action.yml | 15 ++++++++++++--- .github/workflows/next-deployment.yml | 3 +++ .github/workflows/preview-deployment.yml | 6 ++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index ae4e7cfa..ab64c541 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -17,6 +17,15 @@ inputs: sentryAuthToken: required: true description: "Sentry Auth Token" + containerRegistryUrl: + required: true + description: "Container registry url" + containerRegistryUsername: + required: true + description: "Container registry username" + containerRegistryPassword: + required: true + description: "Container registry password" outputs: url: description: "API URL" @@ -36,9 +45,9 @@ runs: - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - registry: ghcr.io - username: ${{ github.actor }} - password: '${{ secrets.GITHUB_TOKEN }}' + registry: ${{ input.containerRegistryUrl }} + username: ${{ input.containerRegistryUsername }} + password: ${{ input.containerRegistryPassword }} - name: Build app run: | npx nx build api --prod diff --git a/.github/workflows/next-deployment.yml b/.github/workflows/next-deployment.yml index 907ae09e..5649dbc9 100644 --- a/.github/workflows/next-deployment.yml +++ b/.github/workflows/next-deployment.yml @@ -34,6 +34,9 @@ jobs: mongoUri: ${{ secrets.DEV_MONGODB_URI }} sentryKey: ${{ secrets.API_SENTRY_KEY }} sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} + containerRegistryUrl: ghcr.io + containerRegistryUsername: ${{ github.actor }} + containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }} - name: Apply Database Migrations run: ./tools/db/kordis-db.sh apply-pending-migrations env: diff --git a/.github/workflows/preview-deployment.yml b/.github/workflows/preview-deployment.yml index 61e33b9b..768153e5 100644 --- a/.github/workflows/preview-deployment.yml +++ b/.github/workflows/preview-deployment.yml @@ -97,6 +97,9 @@ jobs: releaseVersion: ${{ github.sha }} sentryKey: ${{ secrets.API_SENTRY_KEY }} sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} + containerRegistryUrl: ghcr.io + containerRegistryUsername: ${{ github.actor }} + containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }} - name: Build and Deploy SPA id: spa-deployment uses: ./.github/actions/build-and-deploy-spa @@ -177,6 +180,9 @@ jobs: releaseVersion: ${{ github.sha }} sentryKey: ${{ secrets.API_SENTRY_KEY }} sentryAuthToken: ${{ secrets.SENTRY_AUTH_TOKEN }} + containerRegistryUrl: ghcr.io + containerRegistryUsername: ${{ github.actor }} + containerRegistryPassword: ${{ secrets.GITHUB_TOKEN }} - name: Build and Deploy SPA id: spa-deployment uses: ./.github/actions/build-and-deploy-spa From 60517f327fc0ac8b8854697c863aaf05667c4e7c Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 21:04:33 +0200 Subject: [PATCH 09/21] ci: fix api action --- .github/actions/build-and-deploy-api/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index ab64c541..fe7926c1 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -45,9 +45,9 @@ runs: - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - registry: ${{ input.containerRegistryUrl }} - username: ${{ input.containerRegistryUsername }} - password: ${{ input.containerRegistryPassword }} + registry: ${{ inputs.containerRegistryUrl }} + username: ${{ inputs.containerRegistryUsername }} + password: ${{ inputs.containerRegistryPassword }} - name: Build app run: | npx nx build api --prod From 4a816daf687acb349aa2c0b170188f28688d57e5 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 21:42:21 +0200 Subject: [PATCH 10/21] ci: add Docker build setup --- .github/actions/build-and-deploy-api/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index fe7926c1..23fadc34 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -42,6 +42,8 @@ runs: RELEASE_VERSION: ${{ inputs.releaseVersion }} SENTRY_KEY: ${{ inputs.sentryKey }} shell: bash + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: From 120772cfde4201102600526e7c6ea573544e99a1 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 22:05:42 +0200 Subject: [PATCH 11/21] ci: fix Node version check --- .github/actions/build-and-deploy-api/action.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 23fadc34..b49f609d 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -54,12 +54,17 @@ runs: run: | npx nx build api --prod shell: bash - - name: Build and push + - id: node-version-check + run: echo "node-version=$(cat .nvmrc | tr -cd '[:digit:].')\n" >> $GITHUB_OUTPUT + outputs: + node-version: + descriptio: Version of Node used by the project + - name: Build and push image uses: docker/build-push-action@v4 with: context: ./apps/api/ build-args: | - NODE_VERSION=$(cat .nvmrc | tr -cd [:digit:].) + NODE_VERSION=${{ steps.node-version-check.outputs.node-version}} push: true tags: | ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} From 98ab81572a1d3de4b472efa98413f322c6fc1bd6 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 22:09:23 +0200 Subject: [PATCH 12/21] ci: fix output --- .github/actions/build-and-deploy-api/action.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index b49f609d..fd4db1f4 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -56,9 +56,6 @@ runs: shell: bash - id: node-version-check run: echo "node-version=$(cat .nvmrc | tr -cd '[:digit:].')\n" >> $GITHUB_OUTPUT - outputs: - node-version: - descriptio: Version of Node used by the project - name: Build and push image uses: docker/build-push-action@v4 with: From 7605c80470a98eac955dbf2abc16ecf713afc812 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 22:11:54 +0200 Subject: [PATCH 13/21] ci: fix sheel --- .github/actions/build-and-deploy-api/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index fd4db1f4..63fd296b 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -56,6 +56,7 @@ runs: shell: bash - id: node-version-check run: echo "node-version=$(cat .nvmrc | tr -cd '[:digit:].')\n" >> $GITHUB_OUTPUT + shell: bash - name: Build and push image uses: docker/build-push-action@v4 with: From 065078d9afa8d4141af54fbd839546c094888b11 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 22:14:48 +0200 Subject: [PATCH 14/21] ci: fix node version --- .github/actions/build-and-deploy-api/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 63fd296b..b11be717 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -55,7 +55,7 @@ runs: npx nx build api --prod shell: bash - id: node-version-check - run: echo "node-version=$(cat .nvmrc | tr -cd '[:digit:].')\n" >> $GITHUB_OUTPUT + run: echo "node-version=$(cat .nvmrc | tr -cd '[:digit:].')" >> $GITHUB_OUTPUT shell: bash - name: Build and push image uses: docker/build-push-action@v4 From 6abd34da08d840ca3a439fee42b53ddb89bc3f2b Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:00:11 +0200 Subject: [PATCH 15/21] ci: fix docker build context --- .dockerignore | 1 + .github/actions/build-and-deploy-api/action.yml | 3 ++- apps/api/Dockerfile | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..30bc1627 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +/node_modules \ No newline at end of file diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index b11be717..074cef0e 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -60,7 +60,8 @@ runs: - name: Build and push image uses: docker/build-push-action@v4 with: - context: ./apps/api/ + context: ./ + file: ./apps/api/Dockerfile build-args: | NODE_VERSION=${{ steps.node-version-check.outputs.node-version}} push: true diff --git a/apps/api/Dockerfile b/apps/api/Dockerfile index 2244338a..5df6f546 100644 --- a/apps/api/Dockerfile +++ b/apps/api/Dockerfile @@ -5,10 +5,10 @@ FROM docker.io/node:${NODE_VERSION}-alpine AS builder WORKDIR /app # Install dependencies separately for caching -COPY dist/apps/api/package.json dist/apps/api/package-lock.json ./ +COPY ./dist/apps/api/package.json ./dist/apps/api/package-lock.json ./ RUN npm --omit=dev -f install -COPY dist/apps/api . +COPY ./dist/apps/api ./ # Use distroless for maximum security: https://github.com/GoogleContainerTools/distroless FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian11 From e0e5fd83f67c7fc0ecd4ed384b9f71c22c0d305e Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:08:32 +0200 Subject: [PATCH 16/21] ci: fix image name --- .github/actions/build-and-deploy-api/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/build-and-deploy-api/action.yml b/.github/actions/build-and-deploy-api/action.yml index 074cef0e..85fe6ba6 100644 --- a/.github/actions/build-and-deploy-api/action.yml +++ b/.github/actions/build-and-deploy-api/action.yml @@ -66,7 +66,7 @@ runs: NODE_VERSION=${{ steps.node-version-check.outputs.node-version}} push: true tags: | - ghcr.io/kordis-leitstelle/kordis/api-${{ inputs.releaseVersion}} + ghcr.io/kordis-leitstelle/kordis-api:${{ inputs.releaseVersion}} cache-from: type=gha cache-to: type=gha,mode=max - name: Deploy API From c6442e22c39766a7dad719d565a8adc97c99afa2 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:18:40 +0200 Subject: [PATCH 17/21] ci: fix Github token permissions --- .github/workflows/next-deployment.yml | 2 ++ .github/workflows/preview-deployment.yml | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/next-deployment.yml b/.github/workflows/next-deployment.yml index 5649dbc9..fc37c791 100644 --- a/.github/workflows/next-deployment.yml +++ b/.github/workflows/next-deployment.yml @@ -14,6 +14,8 @@ jobs: url: ${{ steps.spa-deployment.outputs.url }} outputs: spaUrl: ${{ steps.spa-deployment.outputs.url }} + permissions: + packages: write steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 diff --git a/.github/workflows/preview-deployment.yml b/.github/workflows/preview-deployment.yml index 768153e5..95790f47 100644 --- a/.github/workflows/preview-deployment.yml +++ b/.github/workflows/preview-deployment.yml @@ -60,6 +60,8 @@ jobs: if: | (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && (needs.comment-handler.outputs.is-admin == 'true') + permissions: + packages: write steps: - uses: actions/checkout@v3 with: @@ -144,6 +146,8 @@ jobs: if: | (github.event_name == 'pull_request' && github.event.action == 'synchronize') && (needs.has-deployment.outputs.has-swa == 'true' || needs.has-deployment.outputs.has-wa == 'true') + permissions: + packages: write steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 From f3e0128528342a8a4dc48ce1de74ff4db83624c9 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:31:55 +0200 Subject: [PATCH 18/21] ci: fix permissions --- .github/workflows/preview-deployment.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/preview-deployment.yml b/.github/workflows/preview-deployment.yml index 95790f47..5a663031 100644 --- a/.github/workflows/preview-deployment.yml +++ b/.github/workflows/preview-deployment.yml @@ -61,7 +61,10 @@ jobs: (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && (needs.comment-handler.outputs.is-admin == 'true') permissions: + contents: read + discussions: write packages: write + pull-requests: write steps: - uses: actions/checkout@v3 with: From 94ef76df38791c6255db93cea115673d1dd096da Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:37:18 +0200 Subject: [PATCH 19/21] ci: test permissions --- .github/workflows/preview-deployment.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/preview-deployment.yml b/.github/workflows/preview-deployment.yml index 5a663031..fb2edcd1 100644 --- a/.github/workflows/preview-deployment.yml +++ b/.github/workflows/preview-deployment.yml @@ -61,10 +61,7 @@ jobs: (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && (needs.comment-handler.outputs.is-admin == 'true') permissions: - contents: read - discussions: write packages: write - pull-requests: write steps: - uses: actions/checkout@v3 with: @@ -150,7 +147,9 @@ jobs: (github.event_name == 'pull_request' && github.event.action == 'synchronize') && (needs.has-deployment.outputs.has-swa == 'true' || needs.has-deployment.outputs.has-wa == 'true') permissions: + contents: read packages: write + pull-requests: write steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 From d528cf4ba68b430245c9c116724f1c13de58f783 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Tue, 8 Aug 2023 23:48:18 +0200 Subject: [PATCH 20/21] ci: fix permissions for all api build occurences --- .github/workflows/next-deployment.yml | 2 ++ .github/workflows/preview-deployment.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/next-deployment.yml b/.github/workflows/next-deployment.yml index fc37c791..8c87e92a 100644 --- a/.github/workflows/next-deployment.yml +++ b/.github/workflows/next-deployment.yml @@ -15,7 +15,9 @@ jobs: outputs: spaUrl: ${{ steps.spa-deployment.outputs.url }} permissions: + contents: read packages: write + pull-requests: write steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 diff --git a/.github/workflows/preview-deployment.yml b/.github/workflows/preview-deployment.yml index fb2edcd1..a5a042ab 100644 --- a/.github/workflows/preview-deployment.yml +++ b/.github/workflows/preview-deployment.yml @@ -61,7 +61,9 @@ jobs: (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/deploy-preview')) && (needs.comment-handler.outputs.is-admin == 'true') permissions: + contents: read packages: write + pull-requests: write steps: - uses: actions/checkout@v3 with: From 51d0c179e05b3bea5c77f51c0b6c3ced35a6ac48 Mon Sep 17 00:00:00 2001 From: Jasper Herzberg Date: Wed, 9 Aug 2023 00:01:47 +0200 Subject: [PATCH 21/21] ci: improve Docker build performance --- .dockerignore | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 30bc1627..1ed66dcd 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,3 @@ -/node_modules \ No newline at end of file +/.angular +/node_modules +/.git \ No newline at end of file