docker

2025-12-12 16:32:38 +00:00 · 2025-02-11 17:48:11 +01:00
parent 6f30c8a2ac
commit cc2f603a67
6 changed files with 85 additions and 49 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +1,2 @@
-node_modules
-.git
-.gitignore
-*.md
-dist
+*
+!docker
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,75 @@
+name: Docker
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Cache turbo build setup
+        uses: actions/cache@v4
+        with:
+          path: .turbo
+          key: ${{ runner.os }}-turbo-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-turbo-
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: 'image=moby/buildkit:v0.11.6'
+
+      - name: Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_IMAGE }}
+          # generate Docker tags based on the following events/attributes
+          tags: type=sha
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build for Docker
+        run: pnpm build:docker
+
+      - name: Build and Push Image
+        id: build
+        uses: docker/build-push-action@v5
+        timeout-minutes: 10
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,5 @@ packages/zitadel-server/src/app/proto
 /playwright-report/
 /blob-report/
 /playwright/.cache/
+/out
+/docker
--- a/46
+++ b/46
@@ -1,43 +1,5 @@
-# Inspired by https://pnpm.io/docker#example-3-build-on-cicd
-# Inspired by https://pnpm.io/docker#minimizing-docker-image-size-and-build-time
+FROM node:20-slim

-FROM node:20-slim AS base
-
-ENV PNPM_HOME="/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
-RUN apt-get update
-RUN apt-get install -y git
-RUN npm install -g corepack
-RUN corepack enable
-RUN corepack prepare pnpm@latest --activate
-RUN pnpm install turbo@^2 --global
-
-FROM base AS builder
-# Set working directory
-WORKDIR /app
-# Replace <your-major-version> with the major version installed in your repository. For example:
-RUN pnpm install turbo@^2 --global
-COPY . .
- 
-# Generate a partial monorepo with a pruned lockfile for a target workspace.
-# Assuming "web" is the name entered in the project's package.json: { name: "web" }
-RUN turbo prune @zitadel/login --docker
- 
-# Add lockfile and package.json's of isolated subworkspace
-FROM base AS installer
-
-WORKDIR /app
- 
-# First install the dependencies (as they change less often)
-COPY --from=builder /app/out/json/ .
-RUN pnpm install --frozen-lockfile
- 
-# Build the project
-COPY --from=builder /app/out/full/ .
-
-RUN turbo run build
-
-FROM base AS runner
 WORKDIR /app

 # Don't run production as root
@@ -47,9 +9,9 @@ USER nextjs

 # Automatically leverage output traces to reduce image size
 # https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/.next/standalone ./
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/.next/static ./apps/login/.next/static
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/public ./apps/login/public
+COPY --chown=nextjs:nodejs ./docker/apps/login/.next/standalone ./
+COPY --chown=nextjs:nodejs ./docker/apps/login/.next/static ./apps/login/.next/static
+COPY --chown=nextjs:nodejs ./docker/apps/login/public ./apps/login/public

 ENV HOSTNAME="0.0.0.0"
 CMD node apps/login/server.js
--- a/apps/login/src/lib/service.ts
+++ b/apps/login/src/lib/service.ts
@@ -81,9 +81,8 @@ export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
  } else if (process.env.ZITADEL_API_URL) {
    instanceUrl = process.env.ZITADEL_API_URL;
  } else {
-    // TODO: remove this fallback once the host header is always set
    const host =
-      headers.get("x-zitadel-forward-host") ?? "http://localhost:8080";
+      headers.get("x-zitadel-forward-host") ?? headers.get("host");

    if (host) {
      const [hostname, port] = host.split(":");
--- a/package.json
+++ b/package.json
@@ -5,6 +5,7 @@
  "scripts": {
    "generate": "turbo run generate",
    "build": "turbo run build",
+    "build:docker": "rm -rf ./out ./docker && mkdir -p ./docker && turbo prune @zitadel/login --docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && turbo run build && cd ..",
    "build:packages": "turbo run build --filter=./packages/*",
    "build:apps": "turbo run build --filter=./apps/*",
    "test": "turbo run test",