Add core image build workflow

.github/workflows/build-backend-docker-image.yml

@@ -9,18 +9,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Restore Onyx Cache
-        uses: actions/cache/restore@v4
-        with:
-          path: onyx/bin
-          key: onyx-${{ hashFiles('onyx/**') }}
-
-      - name: Restore TypeScript Apps Cache
-        uses: actions/cache/restore@v4
-        with:
-          path: yaku-apps-typescript
-          key: typescript-apps-${{ hashFiles('yaku-apps-typescript/**') }}
-
       - name: Restore Backend Cache
         uses: actions/cache@v4
         with:
@@ -39,8 +27,6 @@ jobs:
         with:
           pull: true
           push: true
-          build-args: |
-            BASE_IMAGE_WORKFLOW_NAME=node:22-alpine
           tags: ghcr.io/b-s-f/yaku/api-image-test:test
           context: ./qg-api-service
           file: qg-api-service/qg-api-service/Dockerfile

.github/workflows/build-core-docker-image.yml

@@ -0,0 +1,43 @@
+on:
+  workflow_call:
+
+jobs:
+  build-core-docker-image:
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create packages directory
+        run: mkdir -p packages
+
+      - name: Restore Onyx Cache
+        uses: actions/cache/restore@v4
+        with:
+          path: onyx/bin
+          key: onyx-${{ hashFiles('onyx/**') }}
+
+      - name: Restore TypeScript Apps Cache
+        uses: actions/cache/restore@v4
+        with:
+          path: yaku-apps-typescript
+          key: typescript-apps-${{ hashFiles('yaku-apps-typescript/**') }}
+
+      - name: Log in to the Container Registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker Image
+        uses: docker/build-push-action@v5
+        with:
+          pull: true
+          push: true
+          tags: ghcr.io/b-s-f/yaku/core-image-test:test
+          context: .
+          target: development
+          file: core-image/Dockerfile
+          platforms: linux/amd64

.github/workflows/build.yml

@@ -5,6 +5,7 @@ on:
   push:
     branches:
       - "main"
+      - "build-core-image"
   pull_request:
     branches:
       - "main"
@@ -30,9 +31,14 @@ jobs:
     uses: ./.github/workflows/build-backend.yml
 
   build-backend-docker-image:
-    if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    # if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
     needs:
-      - build-onyx
-      - build-typescript-apps
       - build-backend
     uses: ./.github/workflows/build-backend-docker-image.yml
+
+  build-core-docker-image:
+    # if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+    needs:
+      - build-onyx
+      - build-typescript-apps
+    uses: ./.github/workflows/build-core-docker-image.yml

core-image/Dockerfile

@@ -0,0 +1,94 @@
+# Base image: Ubuntu 22.04
+
+ARG BASE_IMAGE_NAME=ubuntu:22.04
+
+FROM ${BASE_IMAGE_NAME} AS production
+
+LABEL "repository"="https://github.com/B-S-F/yaku"
+LABEL maintainer="Neutrinos GROW/PAT"
+LABEL description="YAKU core docker image based on Ubuntu 22.04 image"
+
+ARG DEBIAN_FRONTEND=noninteractive
+ARG NODE_VERSION=18
+ARG USERNAME="qguser"
+ARG USER_UID=1001
+ARG USER_GID=1000
+
+RUN groupadd --gid ${USER_GID} ${USERNAME} \
+    && useradd -s /bin/bash --uid ${USER_UID} --gid ${USER_GID} -m "${USERNAME}"
+
+RUN set -ex pipefail \
+    && apt-get -yq update \
+    && apt-get install -y --no-install-recommends \
+        bash-completion \
+        ca-certificates \
+        curl \
+        fontconfig \
+        git \
+        gnupg \
+        jq \
+        libxml2-utils \
+        python3 \
+        python3-pip \
+        python3-venv \
+        python-is-python3 \
+        unzip \
+        xfonts-utils \
+        xz-utils \     
+    && echo "Installing nodejs ${NODE_VERSION}" \
+        && mkdir -p /etc/apt/keyrings | curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+        && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_VERSION}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list \
+        && apt-get update -y && apt-get install nodejs -y \
+    # Install Trivy is currently broken see https://github.com/aquasecurity/trivy-repo/issues/32 
+    # && apt-get install -y apt-transport-https gnupg lsb-release \
+    # && curl https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - \
+    # && echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list \
+    # && apt-get update \
+    # && apt-get install trivy \
+    && echo "Cleaning image..." \
+    && apt-get clean \
+    && rm -rf /var/cache/* \
+    && rm -rf /var/lib/apt/lists/* \
+    && echo "Cleaned image"
+
+# Install GH CLI
+RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
+    && apt update \
+    && apt install gh -y
+
+# Install yq
+RUN curl -fsSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 > /usr/local/bin/yq \
+    && chmod +x /usr/local/bin/yq
+
+# Install htmlq
+RUN curl -fsSL https://github.com/mgdm/htmlq/releases/latest/download/htmlq-x86_64-linux.tar.gz > htmlq.tar.gz \
+    && tar -xzvf htmlq.tar.gz -C /usr/local/bin
+
+# Install trivy workaround
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.56.2
+
+ADD --chown=${USER_UID}:${USER_GID} ./onyx/bin "/home/${USERNAME}/bin"
+ADD --chown=${USER_UID}:${USER_GID} ./yaku-apps-typescript/node_modules "/home/${USERNAME}/node_modules"
+# ADD --chown=${USER_UID}:${USER_GID} ./latest-versions.json "/home/${USERNAME}/app-versions.json"
+
+
+ENV NODE_ENV=production
+
+USER ${USERNAME}
+
+ENV PATH="/home/${USERNAME}/node_modules/.bin:/home/${USERNAME}/bin:${PATH}"
+
+RUN mkdir "/home/${USERNAME}/mnt"
+WORKDIR /home/${USERNAME}/mnt
+CMD [ "qg", "generate" ]
+
+
+FROM production as development
+
+ADD --chown=${USER_UID}:${USER_GID} ./yaku-apps-typescript "/home/${USERNAME}/yaku-apps-typescript"
+
+ENV PATH="/home/${USERNAME}/node_modules/.bin:/home/${USERNAME}/yaku-apps-typescript/node_modules/.bin:/home/${USERNAME}/bin:${PATH}"
+WORKDIR /home/${USERNAME}/mnt
+CMD [ "qg", "generate" ]

core-image/README.md

@@ -0,0 +1,4 @@
+# Core Image
+
+This image uses Ubuntu 22.04 as its base. Ubuntu is distributed under the GPL and other open-source licenses https://ubuntu.com/legal/open-source-licences.
+

qg-api-service/qg-api-service/Dockerfile

@@ -2,9 +2,9 @@
 # BUILD FOR LOCAL DEVELOPMENT
 ###################
 
-ARG BASE_IMAGE_NODEJS_NAME=node:18-alpine
+ARG BASE_IMAGE_NAME="node:18-alpine"
 
-FROM ${BASE_IMAGE_NODEJS_NAME} As development
+FROM ${BASE_IMAGE_NAME} As development
 
 USER node
 RUN mkdir /home/node/app
@@ -17,9 +17,9 @@ RUN npm install -ws --include-workspace-root
 # BUILD FOR PRODUCTION
 ###################
 
-ARG BASE_IMAGE_NODEJS_NAME=node:18-alpine
+ARG BASE_IMAGE_NAME="node:18-alpine"
 
-FROM ${BASE_IMAGE_NODEJS_NAME}  As build
+FROM ${BASE_IMAGE_NAME}  As build
 
 RUN apk --no-cache add zip
 
@@ -44,16 +44,16 @@ USER node
 # PRODUCTION
 ###################
 
-ARG BASE_IMAGE_NODEJS_NAME=node:18-alpine
+ARG BASE_IMAGE_NAME="node:18-alpine"
 
-FROM ${BASE_IMAGE_NODEJS_NAME} AS production
+FROM ${BASE_IMAGE_NAME} AS production
 
 ARG VERSION=latest
 ENV IMAGE_VERSION=$VERSION
 ENV PORT=8080
 
 LABEL maintainer="Neutrinos GROW/PAT"
-LABEL description="YAKU core-api docker image based on Ubuntu-nodejs"
+LABEL description="YAKU core-api docker image based on node image"
 
 ENV PATH=$PATH:/app/node_modules/.bin