new ci docker

.github/workflows/realease-docker-refredesign.yml

@@ -0,0 +1,78 @@
+name: Release & Docker
+
+on:
+  push:
+    branches:
+      - 'ref/redesign'
+
+jobs:
+  install:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Use Node.js 18
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: yarn --frozen-lockfile
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Use Node.js 18
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
+      - run: yarn
+      - run: yarn build
+      - name: Upload build
+        uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: build
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout current branch
+        uses: actions/checkout@v4
+      - name: Get current version
+        id: version
+        uses: notiz-dev/github-action-json-property@release
+        with:
+          path: 'package.json'
+          prop_path: 'version'
+      - run: echo ${{steps.version.outputs.prop}}
+      - name: Release snapshot
+        id: release-snapshot
+        uses: actions/create-release@latest
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{steps.version.outputs.prop}}
+          release_name: ${{steps.version.outputs.prop}}
+          draft: false
+          prerelease: false
+  docker:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Download build
+        id: download
+        uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: build
+      - name: Get current version
+        id: version
+        uses: notiz-dev/github-action-json-property@release
+        with:
+          path: 'package.json'
+          prop_path: 'version'
+      - run: echo ${{steps.version.outputs.prop}}
+      - name: Publish to Registry
+        uses: elgohr/Publish-Docker-Github-Action@master
+        with:
+          name: inseefr/pearl-jam
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          tags: ${{steps.version.outputs.prop}}-experimental

Dockerfile

@@ -1,17 +1,26 @@
-FROM nginx
-ADD build /usr/share/nginx/html
+FROM nginxinc/nginx-unprivileged:1.25-bookworm
+ENV NGINX_USER_ID=101
+ENV NGINX_GROUP_ID=101
+ENV NGINX_USER=nginx
+USER $NGINX_USER_ID
 RUN rm etc/nginx/conf.d/default.conf
-# Overload nginx.conf to enable cors
-COPY nginx.conf etc/nginx/conf.d/
+COPY --chown=$NGINX_USER:$NGINX_USER nginx.conf etc/nginx/conf.d/
 
-# Copy .env file and shell script to container
-WORKDIR /usr/share/nginx/html
-COPY ./scripts/env.sh .
-COPY .env .
+COPY --chown=$NGINX_USER:$NGINX_USER build /usr/share/nginx/html
 
-# Make shell script executable
-RUN chmod +x env.sh
 
-# Start Nginx server
-CMD ["/bin/bash", "-c", "/usr/share/nginx/html/env.sh && nginx -g \"daemon off;\""]
+RUN rm /usr/share/nginx/html/configuration.json
+RUN rm /usr/share/nginx/html/keycloak.json
+
+RUN touch /usr/share/nginx/html/configuration.json
+RUN touch /usr/share/nginx/html/keycloak.json
+
+COPY --chown=$NGINX_USER:$NGINX_USER  entrypoint.sh /entrypoint.sh
+
+RUN chmod 755 /entrypoint.sh
+
+EXPOSE 8080
+
+ENTRYPOINT [ "/entrypoint.sh" ]
+CMD ["nginx", "-g", "daemon off;"]
 

entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+cat <<EOF > /usr/share/nginx/html/configuration.json
+{
+  "QUEEN_URL": "${QUEEN_URL}",
+
+  "PEARL_API_URL": "${PEARL_API_URL}",
+
+  "PEARL_AUTHENTICATION_MODE": "${PEARL_AUTHENTICATION_MODE}",
+}
+EOF
+
+cat <<EOF > /usr/share/nginx/html/keycloak.json
+{
+  "auth-server-url": "${KEYCLOAK_AUTH_SERVER_URL}",
+  "realm": "${KEYCLOAK_REALM}",
+  "resource": "${KEYCLOAK_RESOURCE}",
+  "ssl-required": "external",
+  "public-client": true,
+  "confidential-port": 0
+}
+
+EOF
+
+exec "$@"