[BN-1133]: Add Dockerfile and Set Up CI/CD (#4)

Prepare Faucet for production deployment.

This is largely based off the flutter_annulus repo.

* Add Dockerfile
* Add CI/CD GitHub actions

.github/workflows/_build.yml

@@ -0,0 +1,31 @@
+name: Build
+
+on:
+ workflow_call:
+
+jobs:
+ build:
+ name: Build ${{ matrix.target }}
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ target: [web] #TODO: Add android, ios, linux, macos, windows.
+ steps:
+ - name: Set up JDK 11
+ uses: actions/setup-java@v3
+ with:
+ java-version: 11
+ distribution: temurin
+ # Set up Flutter.
+ - name: Set up Flutter
+ uses: subosito/flutter-action@v2
+ with:
+ # flutter-version: '' TODO: Pin this to a version.
+ channel: stable
+ - run: flutter doctor -v
+ - name: Checkout
+ uses: actions/checkout@v3
+ - run: flutter pub get
+ - run: flutter packages pub run build_runner build --delete-conflicting-outputs
+ - run: flutter build ${{ matrix.target }}

.github/workflows/_docker_publish_private.yml

@@ -0,0 +1,66 @@
+name: Publish Docker Images (Private)
+
+on:
+ workflow_call:
+ inputs:
+ registry-auth-location:
+ description: 'Name of the GCP managed Artifact Registry.'
+ default: "us-central1-docker.pkg.dev"
+ required: false
+ type: string
+ remote-docker-image:
+ description: 'Remote Docker image. ex: toplprotocol/faucet'
+ default: "us-central1-docker.pkg.dev/topl-shared-project-dev/topl-artifacts-dev/faucet"
+ required: false
+ type: string
+
+jobs:
+ publish_docker_images:
+ name: Publish Docker Images
+ runs-on: ubuntu-latest
+ permissions:
+ id-token: write
+ contents: read
+ steps:
+ - name: Checkout current branch
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ submodules: true
+
+ - id: 'auth'
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v1
+ with:
+ workload_identity_provider: ${{ secrets.GCP_OIDC_PROVIDER_NAME }}
+ service_account: ${{ secrets.GCP_OIDC_SERVICE_ACCOUNT_EMAIL }}
+
+ - name: Set up gcloud
+ uses: google-github-actions/setup-gcloud@v1
+
+ - name: Auth Artifact Registry
+ run: gcloud auth configure-docker ${{ inputs.registry-auth-location }} --quiet
+
+ - name: Extract metadata (tags, labels) for Docker
+ id: meta
+ uses: docker/[email protected]
+ with:
+ images: ${{ inputs.remote-docker-image }}
+ tags: |
+ type=ref,event=branch
+ type=ref,event=tag
+ type=ref,event=pr
+ type=sha,enable=true,prefix=,
+
+ - name: Echo metadata
+ run: |
+ echo "tags: ${{ steps.meta.outputs.tags }}"
+ echo "labels: ${{ steps.meta.outputs.labels }}"
+ 
+ - name: Build and push Docker image
+ uses: docker/[email protected]
+ with:
+ context: .
+ push: ${{ github.event_name != 'pull_request' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}

.github/workflows/_docker_publish_public.yml

@@ -0,0 +1,57 @@
+name: Publish Docker Images (Public)
+
+on:
+ workflow_call:
+ inputs:
+ remote-docker-image:
+ description: 'Remote Docker image. ex: toplprotocol/faucet'
+ default: "toplprotocol/faucet"
+ required: false
+ type: string
+
+jobs:
+ publish_docker_images:
+ name: Publish Docker Images
+ runs-on: ubuntu-latest
+ permissions:
+ id-token: write
+ contents: read
+ packages: write
+ steps:
+ - name: Checkout current branch
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ submodules: true
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Log in to the Github Container registry
+ uses: docker/login-action@v2
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Extract metadata (tags, labels) for Docker
+ id: meta
+ uses: docker/[email protected]
+ with:
+ images: ${{ inputs.remote-docker-image }}
+
+ - name: Echo metadata
+ run: |
+ echo "tags: ${{ steps.meta.outputs.tags }}"
+ echo "labels: ${{ steps.meta.outputs.labels }}"
+ 
+ - name: Build and push Docker image
+ uses: docker/[email protected]
+ with:
+ context: .
+ push: ${{ github.event_name != 'pull_request' }}
+ tags: ${{ steps.meta.outputs.tags }}
+ labels: ${{ steps.meta.outputs.labels }}

.github/workflows/pr.yml

@@ -0,0 +1,7 @@
+name: PR
+on:
+ pull_request:
+
+jobs:
+ build:
+ uses: ./.github/workflows/_build.yml

.github/workflows/push.yml

@@ -0,0 +1,26 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: CI
+
+on:
+ push:
+ branches:
+ - main
+ - dev
+
+jobs:
+ build:
+ uses: ./.github/workflows/_build.yml 
+
+ publish_private:
+ uses: ./.github/workflows/_docker_publish_private.yml
+ needs: [build]
+ secrets: inherit
+ with:

.github/workflows/release.yml

@@ -0,0 +1,32 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# GitHub recommends pinning actions to a commit SHA.
+# To get a newer version, you will need to update the SHA.
+# You can also reference a tag or branch, but the action may change without warning.
+
+name: Release
+
+on:
+ push:
+ tags: ['*']
+
+jobs:
+ build:
+ uses: ./.github/workflows/_build.yml
+
+ publish_dockerhub:
+ uses: ./.github/workflows/_docker_publish_public.yml
+ needs: [build]
+ secrets: inherit
+ with:
+ remote-docker-image: "toplprotocol/faucet"
+
+ publish_ghcr:
+ uses: ./.github/workflows/_docker_publish_public.yml
+ needs: [build]
+ secrets: inherit
+ with:
+ remote-docker-image: "ghcr.io/topl/faucet"

Dockerfile

@@ -0,0 +1,25 @@
+# Stage 1: Build the Flutter app
+FROM ghcr.io/cirruslabs/flutter:3.10.6 AS build
+
+# Set the working directory to /app
+WORKDIR /app
+
+# Copy the entire Flutter project to the container
+COPY . .
+
+# Run the necessary Flutter commands to build the app
+RUN flutter pub get && \
+ flutter packages pub run build_runner build --delete-conflicting-outputs && \
+ flutter build web --release
+
+# Stage 2: Create a minimal image to run the built app
+FROM nginx:stable-alpine3.17
+
+# Copy the built app from the previous stage to the nginx html directory
+COPY --from=build /app/build/web /usr/share/nginx/html
+
+# Expose port 80 for the web server to listen on
+EXPOSE 80
+
+# Start Nginx
+CMD ["nginx", "-g", "daemon off;"]