-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
90 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| name: Build and Push Docker Image | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| IMAGE_NAME: safetychecker | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
|
|
||
| - name: Login to GitHub Container Registry | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GH_NPM_TOKEN }} | ||
|
|
||
| - name: Build and push | ||
| uses: docker/build-push-action@v4 | ||
| with: | ||
| secrets: | | ||
| GH_NPM_TOKEN=${{ secrets.GH_NPM_TOKEN }} | ||
| platforms: linux/amd64,linux/arm64 | ||
| context: . | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest | ||
| ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ github.sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| # syntax = docker/dockerfile:1 | ||
|
|
||
| # Adjust BUN_VERSION as desired | ||
| ARG BUN_VERSION=1.1.20 | ||
| FROM oven/bun:${BUN_VERSION}-slim as base | ||
|
|
||
| # Next.js app lives here | ||
| WORKDIR /app | ||
|
|
||
| # Set production environment | ||
| ENV NODE_ENV="production" | ||
|
|
||
| # Throw-away build stage to reduce size of final image | ||
| FROM base as build | ||
|
|
||
| # Install packages needed to build node modules | ||
| RUN apt-get update -qq && \ | ||
| apt-get install --no-install-recommends -y build-essential pkg-config python-is-python3 | ||
|
|
||
| # Mount the GH_NPM_TOKEN secret and use it to create bunfig.toml | ||
| RUN --mount=type=secret,id=GH_NPM_TOKEN \ | ||
| echo '[install.scopes]' > bunfig.toml && \ | ||
| echo 'neodyland = { token = "'$(cat /run/secrets/GH_NPM_TOKEN)'", url = "https://npm.pkg.github.com/" }' >> bunfig.toml | ||
|
|
||
| # Install node modules | ||
| COPY --link bun.lockb package.json ./ | ||
| RUN bun install | ||
|
|
||
| # Copy application code | ||
| COPY --link . . | ||
|
|
||
| # Build application | ||
| RUN bun run build | ||
|
|
||
| # Remove development dependencies | ||
| RUN rm -rf node_modules && \ | ||
| bun install --ci | ||
|
|
||
| # Remove bunfig.toml to avoid token leakage | ||
| RUN rm -f bunfig.toml | ||
|
|
||
| # Final stage for app image | ||
| FROM base | ||
|
|
||
| # Copy built application | ||
| COPY --from=build /app/.next/standalone /app | ||
| COPY --from=build /app/.next/static /app/.next/static | ||
| COPY --from=build /app/public /app/public | ||
|
|
||
| # Start the server by default, this can be overwritten at runtime | ||
| EXPOSE 3000 | ||
| CMD [ "bun", "server.js" ] |