From 493dac700a34f48d9cfcfb317931d75b3e0393bc Mon Sep 17 00:00:00 2001
From: karmaking <daniel@danieltippmann.de>
Date: Mon, 14 Oct 2024 21:45:16 +0200
Subject: [PATCH] added non-OC-image, update build pipeline

---
 .github/workflows/build_container_image.yml | 18 ++++++++++++++++-
 Dockerfile                                  | 13 ++++++++++++
 Dockerfile_nginx                            | 22 +++++++++++++++++++++
 requirements.txt                            |  1 +
 4 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile
 create mode 100644 Dockerfile_nginx

diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml
index e32909da..ba31a4cc 100644
--- a/.github/workflows/build_container_image.yml
+++ b/.github/workflows/build_container_image.yml
@@ -23,9 +23,15 @@ jobs:
           echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
           docker build . --file .github/Dockerfile_nginx_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}-OC 
           docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }} --all-tags
-          echo docker apimanager-nginx done
+          echo docker apimanager-nginx-OC done
           docker build . --file .github/Dockerfile_OC --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}-OC
           docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker api-manager-OC done
+          docker build . --file Dockerfile_nginx --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }} 
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }} --all-tags
+          echo docker apimanager-nginx done
+          docker build . --file Dockerfile --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
           echo docker api-manager done
       - uses: sigstore/cosign-installer@main
       - name: Write signing key to disk (only needed for `cosign sign --key`)
@@ -44,6 +50,16 @@ jobs:
             -a "workflow=${{ github.workflow }}" \
             -a "ref=${{ github.sha }}-nginx" \
             docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}-OC
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:${{ steps.extract_branch.outputs.branch }}
+          cosign sign -y --key cosign.key \
+            -a "repo=${{ github.repository }}" \
+            -a "workflow=${{ github.workflow }}" \
+            -a "ref=${{ github.sha }}-nginx" \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY_NGINX }}:${{ steps.extract_branch.outputs.branch }}
 
 
 
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..81e20c0d
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,13 @@
+FROM python:3.10
+USER root
+COPY . /app
+COPY .github/local_settings_container.py /app/apimanager/apimanager/local_settings.py
+COPY .github/gunicorn.conf.py /app/gunicorn.conf.py
+RUN pip install -r /app/requirements.txt
+WORKDIR /app
+RUN ./apimanager/manage.py migrate
+RUN chgrp -R 0 /app && chmod -R g+rwX /app
+USER 501
+WORKDIR /app/apimanager
+EXPOSE 8000
+CMD ["gunicorn", "--bind", ":8000", "--config", "../gunicorn.conf.py", "apimanager.wsgi"]
\ No newline at end of file
diff --git a/Dockerfile_nginx b/Dockerfile_nginx
new file mode 100644
index 00000000..fcdc3ae3
--- /dev/null
+++ b/Dockerfile_nginx
@@ -0,0 +1,22 @@
+FROM python:3.10 AS builder
+USER 0
+COPY . /app
+RUN cp /app/.github/local_settings_container.py /app/apimanager/apimanager/local_settings.py
+RUN pip install -r /app/requirements.txt
+RUN chown  501 /
+RUN chown -R 501 /app
+RUN chgrp -R 0 /app && chmod -R g+rwX /app
+USER 1001
+WORKDIR /app
+RUN python ./apimanager/manage.py collectstatic --noinput
+
+FROM nginx:mainline-alpine
+USER 0
+#RUN dnf update -y
+ADD .github/apimanager.conf "${NGINX_DEFAULT_CONF_PATH}"
+COPY --from=builder /app/apimanager/static /opt/app-root/src
+RUN chgrp -R 0 /opt/app-root/src/ && chmod -R g+rwX /opt/app-root/src/
+USER 1001
+CMD nginx -g "daemon off;"
+
+
diff --git a/requirements.txt b/requirements.txt
index 76104862..d1794813 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
+psycopg2
 #Django==1.11.7
 Django==2.2.28
 oauthlib==3.2.2