ci: fix publishing docker images (#1104)

* ci: improve GitHub Action to build and publish docker image

* ci: increase the timeout for yarn steps

* ci: fix build-args

* ci: merge build GitHub Workflows into one

* ci: add more logging

* ci: Pack locally built dist into nginx container

* ci: build actual app

* ci: setup correct node version

* ci: include dist in context

* ci: use correct path to determine node version

* ci: push images

* ci: publish image

* ci: login always to the hub

* ci: remove debugging conditions

Co-authored-by: Mikołaj Młodzikowski <mikolaj.mlodzikowski@gmail.com>

.dockerignore

@@ -1,5 +1,5 @@
-dist/*
-node_modules/*
+apps/**/dist/*
+apps/**/node_modules/*
 tmp/*
 .dockerignore
-Dockerfile
+dockerfiles

.github/workflows/publish-containers-cra.yml

@@ -1,60 +0,0 @@
-name: Publish NextJs containers
-
-'on':
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-pre[0-9]+'
-
-jobs:
-  master:
-    strategy:
-      matrix:
-        build-platform: ['linux/amd64']
-        app: ['trading']
-    name: Build the ${{ inputs.image_name }} image
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set output
-        id: vars
-        run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
-      - name: Check output
-        env:
-          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
-        run: |
-          echo $RELEASE_VERSION
-          echo ${{ steps.vars.outputs.tag }}
-      - uses: actions/checkout@v3
-      - name: Set up QEMU
-        id: quemu
-        uses: docker/setup-qemu-action@v2
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Collect images data
-        id: tags
-        run: |
-          echo '::set-output name=current::vegaprotocol/${{ matrix.app }}:${{ steps.vars.outputs.tag }}'
-          echo '::set-output name=latest::vegaprotocol/${{ matrix.app }}:latest'
-
-      - name: Echo tags
-        run: |
-          echo ${{ steps.tags.outputs.latest }}
-          echo ${{ steps.tags.outputs.current }}
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Docker build
-        uses: docker/build-push-action@v3
-        with:
-          context: '.'
-          file: './Dockerfile.next'
-          build-args: 'APP=${{ matrix.app }}'
-          platforms: ${{ matrix.build-platform }}
-          tags: ${{ steps.tags.outputs.latest }},${{ steps.tags.outputs.current }}
-          push: true

.github/workflows/publish-containers-next.yml

@@ -1,60 +0,0 @@
-name: Publish CRA containers
-
-'on':
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-pre[0-9]+'
-
-jobs:
-  master:
-    strategy:
-      matrix:
-        build-platform: ['linux/amd64']
-        app: ['explorer', 'token']
-    name: Build the ${{ inputs.image_name }} image
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set output
-        id: vars
-        run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
-      - name: Check output
-        env:
-          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
-        run: |
-          echo $RELEASE_VERSION
-          echo ${{ steps.vars.outputs.tag }}
-      - uses: actions/checkout@v3
-      - name: Set up QEMU
-        id: quemu
-        uses: docker/setup-qemu-action@v2
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Collect images data
-        id: tags
-        run: |
-          echo '::set-output name=current::vegaprotocol/${{ matrix.app }}:${{ steps.vars.outputs.tag }}'
-          echo '::set-output name=latest::vegaprotocol/${{ matrix.app }}:latest'
-
-      - name: Echo tags
-        run: |
-          echo ${{ steps.tags.outputs.latest }}
-          echo ${{ steps.tags.outputs.current }}
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Docker build
-        uses: docker/build-push-action@v3
-        with:
-          context: '.'
-          file: './Dockerfile.cra'
-          build-args: 'APP=${{ matrix.app }}'
-          platforms: ${{ matrix.build-platform }}
-          tags: ${{ steps.tags.outputs.latest }},${{ steps.tags.outputs.current }}
-          push: true

.github/workflows/publish-docker-containers.yml

@@ -0,0 +1,126 @@
+name: Publish docker containers
+
+'on':
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - 'v[0-9]+.[0-9]+.[0-9]+-pre[0-9]+'
+
+  workflow_dispatch:
+    inputs:
+      publish:
+        description: 'Publish tag to Docker Hub & GitHub Registry'
+        required: false
+        type: boolean
+        default: false
+      tag:
+        description: 'Git Tag to build and publish'
+        required: false
+        type: string
+        default: ''
+      apps:
+        description: 'Applications to build and publish'
+        required: false
+        type: choice
+        options:
+          - '["explorer", "token", "trading"]'
+          - '["explorer"]'
+          - '["token"]'
+          - '["trading"]'
+      archs:
+        description: 'Architecture to build and publish'
+        required: false
+        type: choice
+        options:
+          - linux/amd64, linux/arm64
+          - linux/amd64
+          - linux/arm64
+
+jobs:
+  master:
+    strategy:
+      fail-fast: false
+      matrix:
+        app: ${{ fromJson(inputs.apps || '["explorer", "token", "trading"]') }}
+    name: Build the ${{ matrix.app }} image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.tag }}
+
+      - name: Set up QEMU
+        id: quemu
+        uses: docker/setup-qemu-action@v2
+
+      - name: Available platforms
+        run: echo ${{ steps.qemu.outputs.platforms }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        if: ${{ inputs.publish || startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Determine Docker Image tag
+        id: tags
+        run: |
+          hash=$(git rev-parse HEAD|cut -b1-8)
+          versionTag=${{ inputs.tag || startsWith(github.ref, 'refs/tags/') && github.ref_name || '${hash}' }}
+          echo ::set-output name=version::${versionTag}
+          echo ::set-output name=npmVersion::$(cat dockerfiles/${{ matrix.app =='trading' && 'Dockerfile.next' || 'Dockerfile.cra' }} | grep FROM | head -n 1 | awk '{print $2}' | cut -d ':' -f 2 | cut -d '-' -f 1 )
+
+      - name: Print config
+        run: |
+          git rev-parse --verify HEAD
+          git status
+          echo "inputs.tag=${{ inputs.tag }}"
+          echo "inputs.publish=${{ inputs.publish }}"
+          echo "inputs.apps=${{ inputs.apps }}"
+          echo "inputs.archs=${{ inputs.archs }}"
+          echo "steps.tags.outputs.version=${{ steps.tags.outputs.version }}"
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ steps.tags.outputs.npmVersion }}
+
+      - name: Build frontend dists
+        run: |
+          yarn --verbose --pure-lockfile
+          yarn nx ${{ matrix.app =='trading' && 'export' || 'build' }} ${{ matrix.app }} --pure-lockfile
+
+      - name: Build and export to local Docker
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: false
+          file: dockerfiles/${{ matrix.app =='trading' && 'Dockerfile.next' || 'Dockerfile.cra' }}.dist
+          build-args: APP=${{ matrix.app }}
+          load: true
+          tags: vegaprotocol/${{ matrix.app }}:local
+
+      - name: Sanity check docker image
+        run: |
+          docker run --rm vegaprotocol/${{ matrix.app }}:local cat .env
+          docker run --rm vegaprotocol/${{ matrix.app }}:local ls -lah
+
+      - name: Build and push to DockerHub
+        id: docker_build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: ${{ inputs.publish || startsWith(github.ref, 'refs/tags/') }}
+          file: dockerfiles/${{ matrix.app =='trading' && 'Dockerfile.next' || 'Dockerfile.cra' }}.dist
+          build-args: APP=${{ matrix.app }}
+          platforms: ${{ inputs.archs || 'linux/amd64, linux/arm64' }}
+          tags: |
+            vegaprotocol/${{ matrix.app }}:latest
+            vegaprotocol/${{ matrix.app }}:${{ steps.tags.outputs.version }}
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

README.md

@@ -106,12 +106,12 @@ Visit the [Nx Documentation](https://nx.dev/getting-started/intro) to learn more
 
 ## Docker
 
-The [Dockerfile](./Dockerfile) for running the frontends is pretty basic, merely building the application with the APP arg that is passed in and serving the application from [nginx](./nginx/nginx.conf). The only complexity that exists is that there is a script which allows the passing of run time environment variables to the containers. See configuration below for how to do this.
+The [Dockerfile](./dockerfiles) for running the frontends is pretty basic, merely building the application with the APP arg that is passed in and serving the application from [nginx](./nginx/nginx.conf). The only complexity that exists is that there is a script which allows the passing of run time environment variables to the containers. See configuration below for how to do this.
 
 You can build any of the containers locally with the following command:
 
 ```bash
-docker build . --build-arg APP=[YOUR APP] --tag=[TAG]
+docker build --dockerfile dockerfiles/Dockerfile.cra . --build-arg APP=[YOUR APP] --tag=[TAG]
 ```
 
 In order to run a container:
@@ -120,6 +120,8 @@ In order to run a container:
 docker run -p 3000:80 [TAG]
 ```
 
+Images ending with `.dist` are to pack locally created transpiled HTML files into nginx container for non-compatible with yarn architectures like M1 Mac
+
 ## Config
 
 As environment variables are build time and not run time in frontend applications. We have built a system which allows for passing run time environment variables, this generates a JSON file that will override the default environment variables that the container was built with (which is always testnet, using the default .env files).

dockerfiles/Dockerfile.cra

@@ -8,8 +8,8 @@ COPY package.json ./
 COPY yarn.lock ./
 COPY . ./
 RUN apk add python3 make gcc g++
-RUN yarn
-RUN yarn nx build $APP
+RUN yarn --network-timeout 100000 --verbose --pure-lockfile
+RUN yarn nx build $APP --network-timeout 100000 --verbose --pure-lockfile
 
 # Production environment
 FROM nginx:stable-alpine

dockerfiles/Dockerfile.cra.dist

@@ -0,0 +1,17 @@
+FROM nginx:stable-alpine
+ARG APP
+COPY dist/apps/$APP /usr/share/nginx/html
+COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+WORKDIR /usr/share/nginx/html
+COPY ./env.sh .
+COPY ./apps/$APP/.env .env
+
+# Add bash
+RUN apk add --no-cache bash
+
+RUN chmod +x ./env.sh
+CMD ["/bin/sh", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""]
+

dockerfiles/Dockerfile.next

@@ -8,8 +8,8 @@ COPY package.json ./
 COPY yarn.lock ./
 COPY . ./
 RUN apk add python3 make gcc g++
-RUN yarn
-RUN yarn nx export $APP
+RUN yarn --network-timeout 100000 --verbose --pure-lockfile
+RUN yarn nx export $APP --network-timeout 100000 --verbose --pure-lockfile
 
 # Production environment
 FROM nginx:stable-alpine

dockerfiles/Dockerfile.next.dist

@@ -0,0 +1,16 @@
+FROM nginx:stable-alpine
+ARG APP
+COPY dist/apps/$APP/exported /usr/share/nginx/html
+COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+WORKDIR /usr/share/nginx/html
+COPY ./env.sh .
+COPY ./apps/$APP/.env .env
+
+# Add bash
+RUN apk add --no-cache bash
+
+RUN chmod +x ./env.sh
+CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""]