Download FE repo in Dockerfile

Author: aponcedeleonch

.github/workflows/image-build.yml

@@ -30,4 +30,6 @@ jobs:
           push: false # Only attempt to build, to verify the Dockerfile is working
           load: true
           cache-from: type=gha
-          cache-to: type=gha,mode=max
+          cache-to: type=gha,mode=max
+          secrets: |
+            gh_token=${{ secrets.GITHUB_TOKEN }}

.github/workflows/image-publish.yml

@@ -74,3 +74,5 @@ jobs:
           labels: ${{ steps.docker-metadata.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          secrets: |
+            gh_token=${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -21,29 +21,78 @@ RUN poetry config virtualenvs.create false && \
 # Copy the rest of the application
 COPY . /app
 
+# Build the webapp
+FROM node:20.18-slim AS webbuilder
+
+# Install curl for downloading the webapp from GH and unzip to extract it
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    unzip
+
+WORKDIR /usr/src/
+
+# Download the webapp from GH
+# -O to save the file with the same name as the remote file
+# -L to follow redirects
+# -s to silence the progress bar
+# -k to allow curl to make insecure connections
+# -H to pass the GITHUB_TOKEN as a header
+RUN --mount=type=secret,id=gh_token \
+    curl -OLSsk "https://github.com/stacklok/codegate-ui/archive/refs/heads/main.zip" \
+    -H "Authorization: Bearer $(cat /run/secrets/gh_token)"
+
+# Extract the downloaded zip file
+RUN unzip main.zip
+RUN rm main.zip
+# Rename the extracted folder
+RUN mv codegate-ui-main webapp
+
+WORKDIR /usr/src/webapp
+
+# Install the webapp dependencies and build it
+RUN npm install
+RUN npm run build
+
 # Runtime stage: Create the final lightweight image
 FROM python:3.12-slim AS runtime
 
 # Install runtime system dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
     libgomp1 \
+    nginx \
     && rm -rf /var/lib/apt/lists/*
 
-# Create a non-root user and switch to it
+
+# Create a non-root user
 RUN adduser --system --no-create-home codegate --uid 1000
+
+# Set permissions for user codegate to run nginx
+RUN chown -R codegate /var/lib/nginx && \
+    chown -R codegate /var/log/nginx && \
+    chown -R codegate /run
+
+# Switch to codegate user
 USER codegate
 WORKDIR /app
 
 # Copy necessary artifacts from the builder stage
 COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
 COPY --from=builder /app /app
 
+# Copy necessary artifacts from the webbuilder stage
+COPY --from=webbuilder /usr/src/webapp/dist /var/www/html
+# Expose nginx
+EXPOSE 80
+
 # Set the PYTHONPATH environment variable
 ENV PYTHONPATH=/app/src
 
 # Allow to expose weaviate_data volume
 VOLUME ["/app/weaviate_data"]
 
-# Set the container's default entrypoint
+# Set the container's default entrypoint to run Codegate BE and FE
 EXPOSE 8989
-ENTRYPOINT ["python", "-m", "src.codegate.cli", "serve", "--port", "8989", "--host", "0.0.0.0"]
+ENTRYPOINT ["/bin/bash", "-c", " \
+    python -m src.codegate.cli serve --port 8989 --host 0.0.0.0 & \
+    nginx -g 'daemon off;' \
+"]