Merge pull request #1 from bennu/feat/ci-cd

Feat/ci cd

Author: fernandoAlfaro00

.dockerignore

@@ -0,0 +1,52 @@
+name: Build Docker Image
+on:
+  push:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: gcr.io/kaniko-project/executor:v1.24.0-debug
+    permissions:
+      contents: read
+      packages: write
+    timeout-minutes: 15
+    env:
+      GIT_USERNAME: ${{ github.actor }}
+      GIT_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+      IMAGE_TAG: latest
+      DOCKERFILE:  ${{  secrets.DOCKERFILE || './Dockerfile.dev' }}
+      IMAGE_NAME:  ghcr.io/${{ github.repository }}
+      IMAGE_REGISTRY_URL:  ${{ secrets.IMAGE_REGISTRY_URL || 'https://ghcr.io' }}
+      IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER || github.actor }}
+      IMAGE_REGISTRY_PASSWORD:  ${{ secrets.IMAGE_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Setup env var TAG image debug
+        if: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' }}
+        run: |
+          echo "IMAGE_TAG=$(echo ${GITHUB_SHA} | head  -c 7)" >> "$GITHUB_ENV"
+
+      - name: Setup env var TAG image production
+        if: startsWith(github.ref, 'refs/tags')
+        run: |
+          echo "IMAGE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Build and Push Image to registry with kaniko
+        run: |
+          mkdir -p /kaniko/.docker
+          cat <<EOF > /kaniko/.docker/config.json
+          {
+            "auths": {
+              "${{ env.IMAGE_REGISTRY_URL }}": {
+                "auth": "$(echo -n "${{ env.IMAGE_REGISTRY_USER }}:${{ env.IMAGE_REGISTRY_PASSWORD }}" | base64 )"
+              }
+            }
+          }
+          EOF
+
+          /kaniko/executor --dockerfile="${{ env.DOCKERFILE }}" \
+            --context="${{ github.repositoryUrl }}#${{ github.ref }}#${{ github.sha }}"  \
+            --destination="$IMAGE_NAME:$IMAGE_TAG" \
+            --push-retry 5\
+            --verbosity=debug

.github/workflows/build-image.yml

@@ -1,27 +1,44 @@
-name: Deploy  docker container
+name: Deploy to Production
 on:
   workflow_dispatch:
 
 permissions:
   packages: read
 
 jobs:
-  deploy:
+  deploy_prod:
     runs-on: ec2-bice
+    if: startsWith(github.ref, 'refs/tags')
+    timeout-minutes: 15
     env: 
-      GIT_USERNAME: ${{ github.actor }}
-      GIT_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-      DOCKER_IMAGE_NAME: ghcr.io/${{ github.repository }}
-      IMAGE_REGISTRY: ${{ 'https://ghcr.io' }}
+      IMAGE_TAG: latest
       EXPOSE_PORT: ${{ secrets.EXPOSE_PORT || 8080 }} 
       PUBLISH_PORT: ${{ secrets.PUBLISH_PORT || 8081 }} 
-      NAME_REPO: ${{ github.repository }}
-      IMAGE_TAG: latest
+      IMAGE_NAME: ghcr.io/${{ github.repository }}
+      CONTAINER_NAME: ${{ secrets.CONTAINER_NAME ||  github.event.repository.name }}
+      IMAGE_REGISTRY_URL: ${{  secrets.IMAGE_REGISTRY_URL || 'https://ghcr.io' }}
+      IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER ||  github.actor }}
+      IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD ||  secrets.GITHUB_TOKEN }}
 
     steps:
-      - name: deploy in Docker
+      - name: Setup env var TAG image production
+        run: |
+          echo "IMAGE_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Normalize container name
+        run: |  
+          SAFE_NAME="${CONTAINER_NAME//-/_}"
+          SAFE_NAME="$(echo "$SAFE_NAME" | tr 'A-Z' 'a-z')"
+          echo "CONTAINER_NAME=$SAFE_NAME" >> $GITHUB_ENV
+
+      - name: Deploy in Docker
         run: |
-          echo $GIT_PASSWORD | docker login $IMAGE_REGISTRY -u $GIT_USERNAME --password-stdin
-          docker rm -f "$NAME_REPO"
-          docker run -d --restart=unless-stopped --name "$NAME_REPO" -p "$PUBLISH_PORT:$EXPOSE_PORT" "$DOCKER_IMAGE_NAME:$IMAGE_TAG"
-          echo "El container $NAME_REPO, se ejecuto correctamente"
+          echo $IMAGE_REGISTRY_PASSWORD | docker login $IMAGE_REGISTRY_URL -u $IMAGE_REGISTRY_USER --password-stdin
+          docker rm -f "$CONTAINER_NAME"
+          docker run -d --restart=unless-stopped --name "$CONTAINER_NAME" -p "$PUBLISH_PORT:$EXPOSE_PORT" "$IMAGE_NAME:$IMAGE_TAG"
+          if [ "$(docker inspect -f '{{.State.Running}}' $CONTAINER_NAME)" != "true" ]; then
+              echo "El contenedor $CONTAINER_NAME no inicio como se esperaba "
+              docker logs $CONTAINER_NAME || true
+              exit 1
+          fi
+          echo "El container $CONTAINER_NAME, inicio correctamente"

.github/workflows/deploy-docker.yml

@@ -0,0 +1,26 @@
+## Stage 1 : build with maven builder image with native capabilities
+FROM quay.io/quarkus/ubi9-quarkus-mandrel-builder-image:jdk-21 AS build
+COPY --chown=quarkus:quarkus --chmod=0755 mvnw /code/mvnw
+COPY --chown=quarkus:quarkus .mvn /code/.mvn
+COPY --chown=quarkus:quarkus pom.xml /code/
+USER quarkus
+WORKDIR /code
+RUN ./mvnw -B org.apache.maven.plugins:maven-dependency-plugin:3.8.1:go-offline
+COPY src /code/src
+RUN ./mvnw package -Dnative
+
+## Stage 2 : create the docker final image
+FROM quay.io/quarkus/ubi9-quarkus-micro-image:2.0
+WORKDIR /work/
+COPY --from=build /code/target/*-runner /work/application
+
+# set up permissions for user `1001`
+RUN chmod 775 /work /work/application \
+  && chown -R 1001 /work \
+  && chmod -R "g+rwX" /work \
+  && chown -R 1001:root /work
+
+EXPOSE 8080
+USER 1001
+
+CMD ["./application", "-Dquarkus.http.host=0.0.0.0"]

Dockerfile

@@ -0,0 +1,7 @@
+## Stage 1 : build with maven builder image with native capabilities
+FROM maven:3.9.9-eclipse-temurin-21-alpine
+COPY  . /code
+WORKDIR /code
+
+EXPOSE 8080
+CMD ["mvn", "quarkus:dev"]