Docker + CI/CD

.gitea/workflows/gitea-push-docker.yml

@@ -0,0 +1,73 @@
+name: Build and deploy
+
+on:
+  push:
+    branches: ['main', 'staging']
+
+env:
+  CONTEXT: src/Otchinslator
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    name: Publish image
+    container: catthehacker/ubuntu:act-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: https://github.com/docker/metadata-action@v4
+        with:
+          images: ${{ vars.SERVER_DOMAIN }}/${{ gitea.repository }}
+      - name: Build an image from Dockerfile
+        run: |
+          cd ${{ env.CONTEXT }} &&
+          docker build -t ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} .
+      # - name: Run Trivy vulnerability scanner
+      #   uses: aquasecurity/trivy-action@0.20.0
+      #   with:
+      #     image-ref: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
+      #     format: 'table'
+      #     exit-code: '1'
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: 'CRITICAL,HIGH'
+      - name: Run dockle
+        uses: goodwithtech/dockle-action@main
+        with:
+          image: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
+          format: 'list'
+          exit-code: '1'
+          exit-level: 'warn'
+          ignore: 'CIS-DI-0001,CIS-DI-0010,DKL-DI-0006'
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ vars.SERVER_DOMAIN }}
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.TOKEN }}
+      - name: Push
+        run: |
+          docker push '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}'
+  # deploy:
+    # needs: build-and-push-image
+    # runs-on: ubuntu-latest
+    # name: Deploy image
+    # container: catthehacker/ubuntu:act-latest
+    # steps:
+    #   - name: install ssh keys
+    #     # check this thread to understand why its needed:
+    #     # <https://stackoverflow.com/a/70447517>
+    #     run: |
+    #       install -m 600 -D /dev/null ~/.ssh/id_rsa
+    #       echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+    #       ssh-keyscan -H ${{ secrets.SSH_HOST }} > ~/.ssh/known_hosts
+    #   - name: connect and pull
+    #     run: ssh ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && docker compose pull && docker compose up -d && docker image prune && exit"
+    #   - name: cleanup
+    #     run: rm -rf ~/.ssh

.gitignore

@@ -493,3 +493,5 @@ FodyWeavers.xsd
 
 
 src/Otchinslator/wwwroot/css/styles.css
+
+src/Otchinslator/appsettings.Development.json

docker-compose.yml

@@ -0,0 +1,33 @@
+services:
+  app:
+    container_name: Otchislator
+    image: git.zetcraft.ru/serega404/otchislator:main
+    ports:
+      - "8025:80"
+    volumes:
+      - /srv/otchislator/pdfs:/app/PDFCache
+    environment:
+      - BOT_TOKEN=123:ABC
+      - ChatId=
+      - Email:Port=587
+      - Email:Address=otchislator@server.ru
+      - Email:Host=server.ru
+      - Email:Name=Отчислятор
+      - AzureAd:Instance=https://login.microsoftonline.com/
+      - AzureAd:TenantId=sfedu.ru
+      - AzureAd:ClientId=123
+      - AzureAd:ClientSecret=123
+      - AzureAd:Domain=sfedu.onmicrosoft.com
+      - AzureAd:CallbackPath=/signin-oidc
+      - GotenbergSharpClient:ServiceUrl=http://gotenberg:3000
+      - GotenbergSharpClient:HealthCheckUrl=http://gotenberg:3000/health
+      - GotenbergSharpClient:RetryPolicy:Enabled=true
+      - GotenbergSharpClient:RetryPolicy:RetryCount=4
+      - GotenbergSharpClient:RetryPolicy:LoggingEnabled=true
+      - TZ=Europe/Moscow
+    restart: always
+  gotenberg:
+    image: gotenberg/gotenberg:8
+    ports:
+      - "3005:3000"
+    restart: always

src/Otchinslator/Dockerfile

@@ -1,16 +1,17 @@
-FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
+FROM mcr.microsoft.com/dotnet/aspnet:8.0.10-alpine3.2 AS base
+USER root
+RUN apk update && apk add --no-cache curl icu tzdata musl-locales musl-locales-lang
 USER $APP_UID
 WORKDIR /app
-EXPOSE 8080
-EXPOSE 8081
+EXPOSE 80
 
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 ARG BUILD_CONFIGURATION=Release
 WORKDIR /src
-COPY ["Otchinslator/Otchinslator.csproj", "Otchinslator/"]
-RUN dotnet restore "Otchinslator/Otchinslator.csproj"
+COPY ["Otchinslator.csproj", "CyberGardenLK.csproj"]
+RUN dotnet restore "Otchinslator.csproj"
 COPY . .
-WORKDIR "/src/Otchinslator"
+WORKDIR "/src"
 RUN dotnet build "Otchinslator.csproj" -c $BUILD_CONFIGURATION -o /app/build
 
 FROM build AS publish
@@ -19,5 +20,6 @@ RUN dotnet publish "Otchinslator.csproj" -c $BUILD_CONFIGURATION -o /app/publish
 
 FROM base AS final
 WORKDIR /app
+# HEALTHCHECK --interval=5s --timeout=10s --retries=3 CMD curl --fail http://localhost:8000/health || exit 1
 COPY --from=publish /app/publish .
 ENTRYPOINT ["dotnet", "Otchinslator.dll"]

src/Otchinslator/appsettings.Development.json

@@ -1,8 +0,0 @@
-{
-  "Logging": {
-    "LogLevel": {
-      "Default": "Information",
-      "Microsoft.AspNetCore": "Warning"
-    }
-  }
-}