added non-OC-image, update build pipeline

OpenBankProject · Oct 14, 2024 · 493dac7 · 493dac7
1 parent 212b609
commit 493dac7
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 1 deletion.
diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml
@@ -23,9 +23,15 @@ jobs:
           echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
           docker build . --file .github/Dockerfile_nginx_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}-OC 
           docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }} --all-tags
-          echo docker apimanager-nginx done
+          echo docker apimanager-nginx-OC done
           docker build . --file .github/Dockerfile_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}-OC
           docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-manager-OC done
+          docker build . --file Dockerfile_nginx --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }} 
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }} --all-tags
+          echo docker apimanager-nginx done
+          docker build . --file Dockerfile --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
           echo docker api-manager done
       - uses: sigstore/cosign-installer@main
       - name: Write signing key to disk (only needed for `cosign sign --key`)
@@ -44,6 +50,16 @@ jobs:
             -a "workflow=${{ github.workflow }}" \
             -a "ref=${{ github.sha }}-nginx" \
             docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}-OC
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}-nginx" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}
 
 
 
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,13 @@
+FROM python:3.10
+USER root
+COPY . /app
+COPY .github/local_settings_container.py /app/apimanager/apimanager/local_settings.py
+COPY .github/gunicorn.conf.py /app/gunicorn.conf.py
+RUN pip install -r /app/requirements.txt
+WORKDIR /app
+RUN ./apimanager/manage.py migrate
+RUN chgrp -R 0 /app && chmod -R g+rwX /app
+USER 501
+WORKDIR /app/apimanager
+EXPOSE 8000
+CMD ["gunicorn", "--bind", ":8000", "--config", "../gunicorn.conf.py", "apimanager.wsgi"]
diff --git a/Dockerfile_nginx b/Dockerfile_nginx
@@ -0,0 +1,22 @@
+FROM python:3.10 AS builder
+USER 0
+COPY . /app
+RUN cp /app/.github/local_settings_container.py /app/apimanager/apimanager/local_settings.py
+RUN pip install -r /app/requirements.txt
+RUN chown  501 /
+RUN chown -R 501 /app
+RUN chgrp -R 0 /app && chmod -R g+rwX /app
+USER 1001
+WORKDIR /app
+RUN python ./apimanager/manage.py collectstatic --noinput
+
+FROM nginx:mainline-alpine
+USER 0
+#RUN dnf update -y
+ADD .github/apimanager.conf "${NGINX_DEFAULT_CONF_PATH}"
+COPY --from=builder /app/apimanager/static /opt/app-root/src
+RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/
+USER 1001
+CMD nginx -g "daemon off;"
+
+
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,4 @@
+psycopg2
 #Django==1.11.7
 Django==2.2.28
 oauthlib==3.2.2