feat: add docker support. (#2)

* feat: docker init

* fix: update .dockerignore

* feat: update docker configuration files.

* fix: update docker configurations

* fix: add UNPUB_DB_PORT and UNPUB_UPSTREAM

* fix: update dart pub logo.

* Create docker-publish.yml

* fix: remove lint action

.github/workflows/docker-publish.yml

@@ -0,0 +1,98 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '33 7 * * *'
+  push:
+    branches: [ "master" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "master" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: unpub
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

unpub/.dockerignore

@@ -0,0 +1,27 @@
+# Include any files or directories that you don't want to be copied to your
+# container here (e.g., local build artifacts, temporary files, etc.).
+#
+# For more help, visit the .dockerignore file reference guide at
+# https://docs.docker.com/go/build-context-dockerignore/
+
+**/.DS_Store
+**/.dockerignore
+**/.env
+**/.git
+**/.github
+**/.gitignore
+**/.vs
+**/.vscode
+**/.idea
+**/.packages
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/dart_tool
+**/build
+**/example
+**/tool
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

unpub/Dockerfile

@@ -0,0 +1,23 @@
+# Use latest stable channel SDK.
+FROM dart:stable AS build
+
+# Resolve app dependencies.
+WORKDIR /app
+COPY pubspec.* ./
+RUN dart pub get
+
+# Copy app source code (except anything in .dockerignore) and AOT compile app.
+COPY . .
+# Ensure packages are still up-to-date if anything has changed
+RUN dart pub get --offline
+RUN dart compile exe bin/unpub.dart -o bin/unpub
+
+# Build minimal serving image from AOT-compiled `/unpub`
+# and the pre-built AOT-runtime in the `/runtime/` directory of the base image.
+FROM scratch
+COPY --from=build /runtime/ /
+COPY --from=build /app/bin/unpub /app/bin/
+
+# Start unpub.
+EXPOSE 4000
+CMD ["/app/bin/unpub"]

unpub/README.Docker.md

@@ -0,0 +1,17 @@
+### Building and running your application
+
+When you're ready, start your application by running:
+`docker compose up --build`.
+
+### Deploying your application to the cloud
+
+First, build your image, e.g.: `docker build -t myapp .`.
+If your cloud uses a different CPU architecture than your development
+machine (e.g., you are on a Mac M1 and your cloud provider is amd64),
+you'll want to build the image for that platform, e.g.:
+`docker build --platform=linux/amd64 -t myapp .`.
+
+Then, push it to your registry, e.g. `docker push myregistry.com/myapp`.
+
+Consult Docker's [getting started](https://docs.docker.com/go/get-started-sharing/)
+docs for more detail on building and pushing.

unpub/bin/unpub.dart

@@ -5,11 +5,15 @@ import 'package:mongo_dart/mongo_dart.dart';
 import 'package:unpub/unpub.dart' as unpub;
 
 main(List<String> args) async {
+  final environment = Platform.environment;
+  final dbHost = environment['UNPUB_DB_HOST'] ?? 'localhost';
+  final dbPort = environment['UNPUB_DB_PORT'] ?? '27017';
+  final upstream = environment['UNPUB_UPSTREAM'] ?? 'https://pub.dev';
   var parser = ArgParser();
   parser.addOption('host', abbr: 'h', defaultsTo: '0.0.0.0');
   parser.addOption('port', abbr: 'p', defaultsTo: '4000');
   parser.addOption('database',
-      abbr: 'd', defaultsTo: 'mongodb://localhost:27017/dart_pub');
+      abbr: 'd', defaultsTo: 'mongodb://$dbHost:$dbPort/dart_pub');
   parser.addOption('proxy-origin', abbr: 'o', defaultsTo: '');
 
   var results = parser.parse(args);
@@ -33,7 +37,8 @@ main(List<String> args) async {
   var app = unpub.App(
     metaStore: unpub.MongoStore(db),
     packageStore: unpub.FileStore(baseDir),
-    proxy_origin: proxy_origin.trim().isEmpty ? null : Uri.parse(proxy_origin)
+    upstream: upstream,
+    proxy_origin: proxy_origin.trim().isEmpty ? null : Uri.parse(proxy_origin),
   );
 
   var server = await app.serve(host, port);

unpub/compose.yaml

@@ -0,0 +1,26 @@
+services:
+  server:
+    build: .
+    restart: always
+    ports:
+      - 4000:4000
+    volumes:
+      - package_store:/app/unpub-packages
+    environment:
+      - UNPUB_DB_HOST=db
+    depends_on:
+      db:
+        condition: service_healthy
+  db:
+    image: mongo:4.4.26
+    restart: always
+    volumes:
+      - meta_store:/data/db
+    healthcheck:
+      test: ["CMD", "mongo", "--eval", "db.runCommand('ping').ok"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+volumes:
+  meta_store:
+  package_store:

unpub/lib/src/static/main.dart.js.dart

@@ -14128,7 +14128,7 @@ m=G.bW(n.a(o.R(C.f,b4)),t.f.a(o.R(C.i,b4)),a5,a4.dx)
 a4.e=new G.bf(m)
 l=T.x(b2,a4.dx,"img")
 T.an(l,"alt","dart pub logo")
-T.an(l,"src","https://pub.dev/static/img/pub-dev-logo-2x.png?hash=umitaheu8hl7gd3mineshk2koqfngugi")
+T.an(l,"src","https://pub.dev/static/hash-ivea6bgp/img/pub-dev-logo.svg")
 a4.B(l)
 k=T.aE(b2,p)
 a4.t(k,"_flex-space")