From 6151c37093e9e3d6b4c5fe8dbc7b0c9e4cce66fc Mon Sep 17 00:00:00 2001 From: Sergey Karmanov Date: Fri, 21 Jun 2024 08:17:06 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8=D0=BB=20CI?= =?UTF-8?q?/CD=20=D0=B8=20Docker?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/Linter.yml | 30 ++++++++ .gitea/workflows/gitea-push-docker.yml | 74 +++++++++++++++++++ HackathonPreparing/.dockerignore | 25 +++++++ .../HackathonPreparing.ApiService/Dockerfile | 24 ++++++ .../HackathonPreparing.ApiService.csproj | 7 ++ 5 files changed, 160 insertions(+) create mode 100644 .gitea/workflows/Linter.yml create mode 100644 .gitea/workflows/gitea-push-docker.yml create mode 100644 HackathonPreparing/.dockerignore create mode 100644 HackathonPreparing/HackathonPreparing.ApiService/Dockerfile diff --git a/.gitea/workflows/Linter.yml b/.gitea/workflows/Linter.yml new file mode 100644 index 0000000..2ac1f12 --- /dev/null +++ b/.gitea/workflows/Linter.yml @@ -0,0 +1,30 @@ +name: Lint + +on: + # Trigger the workflow on push or pull request, + # but only for the main branch + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + run-linters: + name: Run linters + runs-on: ubuntu-latest + + steps: + - name: Check out Git repository + uses: actions/checkout@v3 + + - name: Set up .NET + uses: actions/setup-dotnet@v1 + with: + dotnet-version: "8.0.x" + + - name: Run linters + uses: wearerequired/lint-action@v2 + with: + dotnet_format: true \ No newline at end of file diff --git a/.gitea/workflows/gitea-push-docker.yml b/.gitea/workflows/gitea-push-docker.yml new file mode 100644 index 0000000..6af9e0a --- /dev/null +++ b/.gitea/workflows/gitea-push-docker.yml @@ -0,0 +1,74 @@ +name: Create and publish a Docker image + +on: + push: + branches: ['main'] + +env: + REGISTRY: git.zetcraft.ru + CONTEXT: HackathonPreparing\HackathonPreparing.ApiService + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + name: Publish image + container: catthehacker/ubuntu:act-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: https://github.com/docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ gitea.repository }} + - name: Build an image from Dockerfile + run: | + cd ${{ env.CONTEXT }} && + docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} . + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@0.20.0 + with: + image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' + - name: Run dockle + uses: goodwithtech/dockle-action@main + with: + image: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' + format: 'list' + exit-code: '1' + exit-level: 'warn' + ignore: 'CIS-DI-0001,CIS-DI-0010,DKL-DI-0006' + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ gitea.actor }} + password: ${{ secrets.TOKEN }} + - name: Push + run: | + docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' + deploy: + needs: build-and-push-image + runs-on: ubuntu-latest + name: Deploy image + container: catthehacker/ubuntu:act-latest + steps: + - name: install ssh keys + # check this thread to understand why its needed: + # + run: | + install -m 600 -D /dev/null ~/.ssh/id_rsa + echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa + ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts + - name: connect and pull + run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && docker image prune && exit" + - name: cleanup + run: rm -rf ~/.ssh \ No newline at end of file diff --git a/HackathonPreparing/.dockerignore b/HackathonPreparing/.dockerignore new file mode 100644 index 0000000..cd967fc --- /dev/null +++ b/HackathonPreparing/.dockerignore @@ -0,0 +1,25 @@ +**/.dockerignore +**/.env +**/.git +**/.gitignore +**/.project +**/.settings +**/.toolstarget +**/.vs +**/.vscode +**/.idea +**/*.*proj.user +**/*.dbmdl +**/*.jfm +**/azds.yaml +**/bin +**/charts +**/docker-compose* +**/Dockerfile* +**/node_modules +**/npm-debug.log +**/obj +**/secrets.dev.yaml +**/values.dev.yaml +LICENSE +README.md \ No newline at end of file diff --git a/HackathonPreparing/HackathonPreparing.ApiService/Dockerfile b/HackathonPreparing/HackathonPreparing.ApiService/Dockerfile new file mode 100644 index 0000000..b4818d1 --- /dev/null +++ b/HackathonPreparing/HackathonPreparing.ApiService/Dockerfile @@ -0,0 +1,24 @@ +FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base +USER $APP_UID +WORKDIR /app +EXPOSE 8080 + +FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build +ARG BUILD_CONFIGURATION=Release +WORKDIR /src +COPY ["HackathonPreparing.ApiService.csproj", "HackathonPreparing.ApiService.csproj"] +# COPY ["HackathonPreparing.ServiceDefaults/HackathonPreparing.ServiceDefaults.csproj", "HackathonPreparing.ServiceDefaults/"] +RUN dotnet restore "HackathonPreparing.ApiService.csproj" +COPY . . +WORKDIR "/src" +RUN dotnet build "HackathonPreparing.ApiService.csproj" -c $BUILD_CONFIGURATION -o /app/build + +FROM build AS publish +ARG BUILD_CONFIGURATION=Release +RUN dotnet publish "HackathonPreparing.ApiService.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false + +FROM base AS final +WORKDIR /app +HEALTHCHECK --interval=5s --timeout=10s --retries=3 CMD curl --fail http://localhost:8080/health || exit 1 +COPY --from=publish /app/publish . +ENTRYPOINT ["dotnet", "HackathonPreparing.ApiService.dll"] diff --git a/HackathonPreparing/HackathonPreparing.ApiService/HackathonPreparing.ApiService.csproj b/HackathonPreparing/HackathonPreparing.ApiService/HackathonPreparing.ApiService.csproj index dbf01af..8e5049d 100644 --- a/HackathonPreparing/HackathonPreparing.ApiService/HackathonPreparing.ApiService.csproj +++ b/HackathonPreparing/HackathonPreparing.ApiService/HackathonPreparing.ApiService.csproj @@ -4,6 +4,7 @@ net8.0 enable enable + Linux @@ -24,4 +25,10 @@ + + + .dockerignore + + +