diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml new file mode 100644 index 00000000..20a3f50f --- /dev/null +++ b/.github/workflows/docker-image.yml @@ -0,0 +1,18 @@ +name: Docker Image CI + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + run: docker build . --file Dockerfile --tag latest diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index bd80a153..00000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Docker - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -on: - schedule: - - cron: '20 0 * * *' - push: - branches: [ "main" ] - # Publish semver tags as releases. - tags: [ 'v*.*.*' ] - pull_request: - branches: [ "main" ] - -env: - # Use docker.io for Docker Hub if empty - REGISTRY: ghcr.io - # github.repository as / - IMAGE_NAME: ${{ github.repository }} - - -jobs: - build: - - runs-on: self-hosted - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@main - with: - cosign-release: 'v1.13.1' # optional - - # Setup QEMU - # https://github.com/marketplace/actions/docker-setup-buildx#with-qemu - - name: Setup QEMU - uses: docker/setup-qemu-action@v2 - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v2 - - # This step is being disabled because the runner is on a self-hosted machine - # where the cache will stick between runs. - # - name: Cache Docker layers - # uses: actions/cache@v3 - # with: - # path: /tmp/.buildx-cache - # key: ${{ runner.os }}-buildx-${{ github.sha }} - # restore-keys: | - # ${{ runner.os }}-buildx- - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - flavor: | - latest=auto - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v4 - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - BUILDTIME=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }} - VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }} - REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }} - # https://github.com/docker/setup-qemu-action#about - # platforms: linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6 - platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max - - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign -# - name: Sign the published Docker image -# if: ${{ github.event_name != 'pull_request' }} -# env: -# COSIGN_EXPERIMENTAL: "true" -# # This step uses the identity token to provision an ephemeral certificate -# # against the sigstore community Fulcio instance. -# run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }} - - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index f989048e..9819a758 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -12,7 +12,7 @@ and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. -## Our Standards +## Our Standards Examples of behavior that contributes to a positive environment for our community include: diff --git a/Dockerfile b/Dockerfile index 1d9a4931..e0bd9c3e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,8 @@ COPY --link package.json pnpm-lock.yaml* ./ SHELL ["/bin/ash", "-xeo", "pipefail", "-c"] RUN apk add --no-cache libc6-compat \ - && apk add --no-cache --virtual .gyp python3 make g++ \ - && npm install -g pnpm + && apk add --no-cache --virtual .gyp python3 make g++ \ + && npm install -g pnpm RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store pnpm fetch | grep -v "cross-device link not permitted\|Falling back to copying packages from store" @@ -24,13 +24,13 @@ ARG BUILDTIME ARG VERSION ARG REVISION -COPY --link --from=deps /app/node_modules ./node_modules/ +COPY --from=deps /app/node_modules ./node_modules/ COPY . . SHELL ["/bin/ash", "-xeo", "pipefail", "-c"] RUN npm run telemetry \ - && mkdir config && echo '---' > config/settings.yaml \ - && NEXT_PUBLIC_BUILDTIME=$BUILDTIME NEXT_PUBLIC_VERSION=$VERSION NEXT_PUBLIC_REVISION=$REVISION npm run build + && mkdir config && echo '---' > config/settings.yaml \ + && NEXT_PUBLIC_BUILDTIME=$BUILDTIME NEXT_PUBLIC_VERSION=$VERSION NEXT_PUBLIC_REVISION=$REVISION npm run build # Production image, copy all the files and run next FROM docker.io/node:18-alpine AS runner diff --git a/src/utils/config/service-helpers.js b/src/utils/config/service-helpers.js index 317c0f3c..adf331a4 100644 --- a/src/utils/config/service-helpers.js +++ b/src/utils/config/service-helpers.js @@ -4,7 +4,7 @@ import path from "path"; import yaml from "js-yaml"; import Docker from "dockerode"; import * as shvl from "shvl"; -import { NetworkingV1Api } from "@kubernetes/client-node"; +import { CustomObjectsApi, NetworkingV1Api } from "@kubernetes/client-node"; import createLogger from "utils/logger"; import checkAndCopyConfig, { substituteEnvironmentVars } from "utils/config/config"; @@ -145,6 +145,7 @@ export async function servicesFromKubernetes() { return []; } const networking = kc.makeApiClient(NetworkingV1Api); + const crd = kc.makeApiClient(CustomObjectsApi); const ingressList = await networking.listIngressForAllNamespaces(null, null, null, null) .then((response) => response.body) @@ -152,6 +153,20 @@ export async function servicesFromKubernetes() { logger.error("Error getting ingresses: %d %s %s", error.statusCode, error.body, error.response); return null; }); + + const traefikIngressList = await crd.listClusterCustomObject("traefik.containo.us", "v1alpha1", "ingressroutes") + .then((response) => response.body) + .catch((error) => { + logger.error("Error getting traefik ingresses: %d %s %s", error.statusCode, error.body, error.response); + return null; + }); + + if (traefikIngressList && traefikIngressList.items.length > 0) { + const traefikServices = traefikIngressList.items + .filter((ingress) => ingress.metadata.annotations && ingress.metadata.annotations[`${ANNOTATION_BASE}/href`]) + ingressList.items.push(...traefikServices); + } + if (!ingressList) { return []; }