From f896665dcf4d22dc1c341a84502e1abbc89ecd17 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Wed, 7 May 2025 13:36:13 +0200 Subject: [PATCH 01/10] chore(ci): Add labels to docker image --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 5d16c45..faee65e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,6 +27,10 @@ COPY --from=builder /app/public ./public COPY --from=builder /app/.next/standalone ./ COPY --from=builder /app/.next/static ./.next/static +LABEL org.opencontainers.image.source="https://git.dominikstahl.dev/DHBW-WE/MeetUp" +LABEL org.opencontainers.image.title="MeetUp" +LABEL org.opencontainers.image.description="A web application for managing meetups" + EXPOSE 3000 ENV HOSTNAME="0.0.0.0" From e7fc02c8c99a73b65f989fc67433fd3583d624c4 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Wed, 7 May 2025 13:38:03 +0200 Subject: [PATCH 02/10] chore(ci): example environment variables add example environment variables to docker-compose.yml to prevent errors --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 9cff22a..e5c4b78 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,3 +5,5 @@ services: dockerfile: Dockerfile ports: - '3000:3000' + environment: + - AUTH_SECRET=secret From 2c384187708cc878b8677e92ffe74b4d3ddb43be Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Wed, 7 May 2025 13:39:29 +0200 Subject: [PATCH 03/10] chore(ci): remove sha_ tags from build docker images --- .github/workflows/docker-build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 69147b5..a3723c9 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -53,7 +53,7 @@ jobs: if: github.event_name == 'pull_request' with: push: true - tags: git.dominikstahl.dev/${{ env.REPO }}:sha_${{ github.sha }},git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag}} + tags: git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag}} - name: Build and push (push_tag) uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 @@ -67,4 +67,4 @@ jobs: if: github.event_name == 'push' && github.ref_type == 'branch' with: push: true - tags: git.dominikstahl.dev/${{ env.REPO }}:sha_${{ github.sha }},git.dominikstahl.dev/${{ env.REPO }}:main + tags: git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag }} From 0927116a2caea67cbd269bc5f8cccd2c534fba6a Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Thu, 8 May 2025 14:31:45 +0200 Subject: [PATCH 04/10] fix: add missing env variable to docker-compose added the missing AUTH_URL variable to the example docker-compose.yml --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index e5c4b78..cee59f7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,9 @@ services: build: context: . dockerfile: Dockerfile + image: git.dominikstahl.dev/dhbw-we/meetup:main ports: - '3000:3000' environment: - AUTH_SECRET=secret + - AUTH_URL=http://localhost:3000 From ef65c5bbf65e66df71f8c7e28ec09e6ae3a08726 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Fri, 9 May 2025 22:11:48 +0200 Subject: [PATCH 05/10] chore: add Docker cleanup steps to workflows --- .github/workflows/container-scan.yml | 7 +++++++ .github/workflows/docker-build.yml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index 0266cdc..1c5ac22 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -41,3 +41,10 @@ jobs: uses: forgejo/upload-artifact@v4 with: path: trivy-report.json + + - name: Clean up Docker + run: | + docker system prune -af + docker volume prune -f + docker network prune -f + docker builder prune -af diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index a3723c9..e7f8888 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -68,3 +68,10 @@ jobs: with: push: true tags: git.dominikstahl.dev/${{ env.REPO }}:${{ steps.get-ref.outputs.tag }} + + - name: Clean up Docker + run: | + docker system prune -af + docker volume prune -f + docker network prune -f + docker builder prune -af From 794ed5483260e1591fa8f35bf422beaf1d8fe5d8 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Fri, 9 May 2025 22:48:12 +0200 Subject: [PATCH 06/10] chore: remove docker installs from workflows --- .github/workflows/container-scan.yml | 13 ------------- .github/workflows/docker-build.yml | 11 ----------- 2 files changed, 24 deletions(-) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index 1c5ac22..8720c0b 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -8,23 +8,10 @@ jobs: container-scan: name: Container Scan runs-on: docker - container: - image: node:22-bullseye@sha256:ed0338dd02fd86861a59dc1cbc2e12152f3a93c4ce5933d347d6677232000dc7 steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - - name: Install Docker - run: | - apt-get update - apt-get install -y ca-certificates curl - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc - chmod a+r /etc/apt/keyrings/docker.asc - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt-get update - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - - name: Build an image from Dockerfile run: docker build -t git.dominikstahl.dev/dhbw-we/meetup:${{ github.sha }} . diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index e7f8888..674b4c4 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -13,17 +13,6 @@ jobs: docker: runs-on: docker steps: - - name: Install Docker - run: | - apt-get update - apt-get install -y ca-certificates curl - install -m 0755 -d /etc/apt/keyrings - curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc - chmod a+r /etc/apt/keyrings/docker.asc - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null - apt-get update - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - - name: Login to Docker Hub uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 with: From ae2d7005e6a7196729ccc72e2bb7d762d7aff78e Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Fri, 9 May 2025 23:11:50 +0200 Subject: [PATCH 07/10] fix: keep some build caches to speed up builds --- .github/workflows/container-scan.yml | 7 +++---- .github/workflows/docker-build.yml | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index 8720c0b..e55bd72 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -31,7 +31,6 @@ jobs: - name: Clean up Docker run: | - docker system prune -af - docker volume prune -f - docker network prune -f - docker builder prune -af + docker builder prune -af --keep-storage 2GB + docker rmi $(docker images --filter=reference="git.dominikstahl.dev/dhbw-we/meetup:*" -q) + docker image prune -f diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 674b4c4..b061608 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -60,7 +60,6 @@ jobs: - name: Clean up Docker run: | - docker system prune -af - docker volume prune -f - docker network prune -f - docker builder prune -af + docker builder prune -af --keep-storage 2GB + docker rmi $(docker images --filter=reference="git.dominikstahl.dev/dhbw-we/meetup:*" -q) + docker image prune -f From dcb9dda000f7ca77c8aa17b39c3ab785d2c62ea3 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Fri, 9 May 2025 23:17:46 +0200 Subject: [PATCH 08/10] fix: set container image in workflow files --- .github/workflows/container-scan.yml | 2 ++ .github/workflows/docker-build.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml index e55bd72..2139ad7 100644 --- a/.github/workflows/container-scan.yml +++ b/.github/workflows/container-scan.yml @@ -8,6 +8,8 @@ jobs: container-scan: name: Container Scan runs-on: docker + container: + image: ghcr.io/di0ik/forgejo_runner_container:main steps: - name: Checkout code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index b061608..1c6fa1b 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -12,6 +12,8 @@ on: jobs: docker: runs-on: docker + container: + image: ghcr.io/di0ik/forgejo_runner_container:main steps: - name: Login to Docker Hub uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 From aeb904dcde6492d41dbbbd33c04bd275a57bca95 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Fri, 9 May 2025 23:37:01 +0200 Subject: [PATCH 09/10] fix: make repo to lower workflow step posix compatible --- .github/workflows/docker-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 1c6fa1b..0042890 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -37,7 +37,7 @@ jobs: - name: lowercase repo name run: | - echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV} + echo "REPO=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >>${GITHUB_ENV} - name: Build and push (pull_request) uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6 From 96d2852c2dc9aaf1df41de5d0e814258ab2fb430 Mon Sep 17 00:00:00 2001 From: Dominik Stahl Date: Sat, 10 May 2025 00:01:34 +0200 Subject: [PATCH 10/10] fix: dont try to remove already removed tags --- .github/workflows/docker-build.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 0042890..6ecc55f 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -63,5 +63,4 @@ jobs: - name: Clean up Docker run: | docker builder prune -af --keep-storage 2GB - docker rmi $(docker images --filter=reference="git.dominikstahl.dev/dhbw-we/meetup:*" -q) docker image prune -f