Skip to content

Commit e49518a

Browse files
lognaturellognaturel
authored
Add workflow to publish nginx and service images to GHCR (#676)
1 parent e284e52 commit e49518a

4 files changed

Lines changed: 83 additions & 9 deletions

File tree

.github/workflows/ghcr.yml

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
name: GHCR
2+
3+
on:
4+
workflow_dispatch:
5+
push:
6+
branches: [master]
7+
tags: ["v*.*.*"]
8+
9+
env:
10+
REGISTRY: ghcr.io
11+
12+
jobs:
13+
build-push-image:
14+
runs-on: ubuntu-latest
15+
permissions:
16+
contents: read
17+
packages: write
18+
19+
strategy:
20+
matrix:
21+
image: [nginx, service]
22+
23+
steps:
24+
- name: Checkout repository
25+
uses: actions/checkout@v4
26+
with:
27+
fetch-depth: 0
28+
fetch-tags: true
29+
submodules: recursive
30+
31+
- name: Log into registry ${{ env.REGISTRY }}
32+
uses: docker/login-action@v3
33+
with:
34+
registry: ${{ env.REGISTRY }}
35+
username: ${{ github.actor }}
36+
password: ${{ secrets.GITHUB_TOKEN }}
37+
38+
- name: Extract Docker metadata
39+
id: meta
40+
uses: docker/metadata-action@v5
41+
with:
42+
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/central-${{ matrix.image }}
43+
44+
- name: Set up QEMU emulator for multi-arch images
45+
uses: docker/setup-qemu-action@v3
46+
47+
- name: Set up Docker Buildx
48+
uses: docker/setup-buildx-action@v3
49+
50+
- name: Build and push ${{ matrix.image }} Docker image
51+
uses: docker/build-push-action@v5
52+
with:
53+
file: ${{ matrix.image }}.dockerfile
54+
context: .
55+
push: true
56+
tags: ${{ steps.meta.outputs.tags }}
57+
labels: ${{ steps.meta.outputs.labels }}
58+
platforms: 'linux/amd64,linux/arm64'

docker-compose.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -77,8 +77,6 @@ services:
7777
nginx:
7878
build:
7979
context: .
80-
args:
81-
- OIDC_ENABLED=${OIDC_ENABLED:-false}
8280
dockerfile: nginx.dockerfile
8381
depends_on:
8482
- service
@@ -90,6 +88,11 @@ services:
9088
- SENTRY_ORG_SUBDOMAIN=${SENTRY_ORG_SUBDOMAIN:-o130137}
9189
- SENTRY_KEY=${SENTRY_KEY:-3cf75f54983e473da6bd07daddf0d2ee}
9290
- SENTRY_PROJECT=${SENTRY_PROJECT:-1298632}
91+
- OIDC_ENABLED=${OIDC_ENABLED:-false}
92+
volumes:
93+
- ./files/local/customssl/:/etc/customssl/live/local/:ro
94+
- ./files/nginx/odk.conf.template:/usr/share/odk/nginx/odk.conf.template:ro
95+
- ./files/nginx/client-config.json.template:/usr/share/odk/nginx/client-config.json.template:ro
9396
ports:
9497
- "${HTTP_PORT:-80}:80"
9598
- "${HTTPS_PORT:-443}:443"

files/nginx/setup-odk.sh

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,15 @@
11
#!/bin/bash
22

3+
4+
echo "writing client config..."
5+
if [[ $OIDC_ENABLED != 'true' ]] && [[ $OIDC_ENABLED != 'false' ]]; then
6+
echo 'OIDC_ENABLED must be either true or false'
7+
exit 1
8+
fi
9+
10+
envsubst < /usr/share/odk/nginx/client-config.json.template > /usr/share/nginx/html/client-config.json
11+
12+
313
DH_PATH=/etc/dh/nginx.pem
414
if [ "$SSL_TYPE" != "upstream" ] && [ ! -s "$DH_PATH" ]; then
515
openssl dhparam -out "$DH_PATH" 2048
@@ -17,7 +27,9 @@ fi
1727

1828
# start from fresh templates in case ssl type has changed
1929
echo "writing fresh nginx templates..."
30+
# redirector.conf gets deleted if using upstream SSL so copy it back
2031
cp /usr/share/odk/nginx/redirector.conf /etc/nginx/conf.d/redirector.conf
32+
2133
CNAME=$( [ "$SSL_TYPE" = "customssl" ] && echo "local" || echo "$DOMAIN") \
2234
envsubst '$SSL_TYPE $CNAME $SENTRY_ORG_SUBDOMAIN $SENTRY_KEY $SENTRY_PROJECT' \
2335
< /usr/share/odk/nginx/odk.conf.template \

nginx.dockerfile

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,6 @@ RUN apt-get update \
99
COPY ./ ./
1010
RUN files/prebuild/write-version.sh
1111
RUN files/prebuild/build-frontend.sh
12-
ARG OIDC_ENABLED
13-
RUN files/prebuild/write-client-config.sh
1412

1513

1614

@@ -21,17 +19,20 @@ FROM jonasal/nginx-certbot:5.0.1
2119
EXPOSE 80
2220
EXPOSE 443
2321

24-
VOLUME [ "/etc/dh", "/etc/selfsign", "/etc/nginx/conf.d" ]
25-
ENTRYPOINT [ "/bin/bash", "/scripts/setup-odk.sh" ]
22+
# Persist Diffie-Hellman parameters and/or selfsign key
23+
VOLUME [ "/etc/dh", "/etc/selfsign" ]
2624

2725
RUN apt-get update && apt-get install -y netcat-openbsd
2826

2927
RUN mkdir -p /usr/share/odk/nginx/
3028

3129
COPY files/nginx/setup-odk.sh /scripts/
32-
COPY files/local/customssl/*.pem /etc/customssl/live/local/
33-
COPY files/nginx/*.conf* /usr/share/odk/nginx/
30+
RUN chmod +x /scripts/setup-odk.sh
31+
32+
COPY files/nginx/redirector.conf /usr/share/odk/nginx/
33+
COPY files/nginx/common-headers.conf /usr/share/odk/nginx/
3434

3535
COPY --from=intermediate client/dist/ /usr/share/nginx/html
3636
COPY --from=intermediate /tmp/version.txt /usr/share/nginx/html
37-
COPY --from=intermediate /tmp/client-config.json /usr/share/nginx/html
37+
38+
ENTRYPOINT [ "/scripts/setup-odk.sh" ]

0 commit comments

Comments
 (0)