Skip to content

Commit

Permalink
feat : ci and docker file updated for usergroup
Browse files Browse the repository at this point in the history
  • Loading branch information
@soumyadip007
soumyadip007 committed Feb 7, 2024
1 parent be98501 commit b443ba1
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 8 deletions.
68 changes: 63 additions & 5 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,14 @@ on:
inputs:
version:
default: v1.0.0
description: Bump Version
description: Select environment
options:
- Dev
- Qa
- Stage
- Prod
required: true
type: choice

jobs:
push_to_registry:
Expand All @@ -38,14 +44,66 @@ jobs:
username: ${{ secrets.CI_QUAY_USERNAME }}
password: ${{ secrets.CI_QUAY_TOKEN }}

- name: Build and push into repository
id: docker_build
- name: Dev Build and push into repository
if: github.event.inputs.env == 'Dev'
id: docker_build_dev
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
build-args: |
USERGROUP=${{ secrets.DEV_GIT_BROKER_USERGROUP }}
tags: |
quay.io/${{ env.REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}:${{env.GITHUB_REF_SLUG}}
quay.io/${{ env.REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}:dev-${{env.GITHUB_REF_SLUG}}
- name: Image digest
run: echo ${{ steps.docker_build.outputs.digest }}
run: echo ${{ steps.docker_build_dev.outputs.digest }}


- name: QA Build and push into repository
if: github.event.inputs.env == 'Qa'
id: docker_build_qa
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
build-args: |
USERGROUP=${{ secrets.QA_GIT_BROKER_USERGROUP }}
tags: |
quay.io/${{ env.REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}:qa-${{env.GITHUB_REF_SLUG}}
- name: Image digest
run: echo ${{ steps.docker_build_dev.outputs.digest }}


- name: Stage Build and push into repository
if: github.event.inputs.env == 'Stage'
id: docker_build_stage
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
build-args: |
USERGROUP=${{ secrets.STAGE_GIT_BROKER_USERGROUP }}
tags: |
quay.io/${{ env.REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}:stage-${{env.GITHUB_REF_SLUG}}
- name: Image digest
run: echo ${{ steps.docker_build_dev.outputs.digest }}


- name: Prod Build and push into repository
if: github.event.inputs.env == 'Prod'
id: docker_build_prod
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: ${{ github.event_name != 'pull_request' }}
build-args: |
USERGROUP=${{ secrets.PROD_GIT_BROKER_USERGROUP }}
tags: |
quay.io/${{ env.REGISTRY_NAMESPACE }}/${{ env.IMAGE_NAME }}:prod-${{env.GITHUB_REF_SLUG}}
- name: Image digest
run: echo ${{ steps.docker_build_dev.outputs.digest }}

15 changes: 12 additions & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
FROM node:18-alpine3.16 AS build

RUN addgroup -S puzzgroup && adduser -S -G puzzgroup puzzuser
ARG USERGROUP

RUN addgroup allusers && adduser -S -G allusers $USERGROUP
RUN mkdir /.npm
RUN mkdir /.npm/_cacache

WORKDIR /app

COPY package*.json ./
RUN npm ci --only=production
COPY . .

RUN chown -R puzzuser:puzzgroup /app
USER puzzuser
RUN chown -R $USERGROUP:allusers .
RUN chown -R $USERGROUP:allusers ~/.npm
RUN chown -R $USERGROUP:allusers /.npm
RUN chmod -R 777 .

EXPOSE 9191

USER $USERGROUP

CMD ["npm", "run", "start"]

0 comments on commit b443ba1

Please sign in to comment.