Merge 1fa0e41a31 into f895a6bf23

2023-03-26 13:08:07 +00:00 · 2023-03-26 13:08:07 +00:00 · d4aec56550
commit d4aec56550
parent f895a6bf23 1fa0e41a31
5 changed files with 40 additions and 133 deletions
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@ -0,0 +1,18 @@
 name: Docker Image CI
 on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - name: Build the Docker image
      run: docker build . --file Dockerfile --tag latest
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@ -1,126 +0,0 @@
 name: Docker
 # This workflow uses actions that are not certified by GitHub.
 # They are provided by a third-party and are governed by
 # separate terms of service, privacy policy, and support
 # documentation.
 on:
  schedule:
    - cron: '20 0 * * *'
  push:
    branches: [ "main" ]
    # Publish semver tags as releases.
    tags: [ 'v*.*.*' ]
  pull_request:
    branches: [ "main" ]
 env:
  # Use docker.io for Docker Hub if empty
  REGISTRY: ghcr.io
  # github.repository as <account>/<repo>
  IMAGE_NAME: ${{ github.repository }}
 jobs:
  build:
    runs-on: self-hosted
    permissions:
      contents: read
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
      id-token: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      # Install the cosign tool except on PR
      # https://github.com/sigstore/cosign-installer
      - name: Install cosign
        if: github.event_name != 'pull_request'
        uses: sigstore/cosign-installer@main
        with:
          cosign-release: 'v1.13.1' # optional
      # Setup QEMU
      # https://github.com/marketplace/actions/docker-setup-buildx#with-qemu
      - name: Setup QEMU
        uses: docker/setup-qemu-action@v2
      # Workaround: https://github.com/docker/build-push-action/issues/461
      - name: Setup Docker buildx
        uses: docker/setup-buildx-action@v2
      # This step is being disabled because the runner is on a self-hosted machine
      # where the cache will stick between runs.
      # - name: Cache Docker layers
      #   uses: actions/cache@v3
      #   with:
      #     path: /tmp/.buildx-cache
      #     key: ${{ runner.os }}-buildx-${{ github.sha }}
      #     restore-keys: |
      #       ${{ runner.os }}-buildx-
      # Login against a Docker registry except on PR
      # https://github.com/docker/login-action
      - name: Log into registry ${{ env.REGISTRY }}
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      # Extract metadata (tags, labels) for Docker
      # https://github.com/docker/metadata-action
      - name: Extract Docker metadata
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          flavor: |
            latest=auto
      # Build and push Docker image with Buildx (don't push on PR)
      # https://github.com/docker/build-push-action
      - name: Build and push Docker image
        id: build-and-push
        uses: docker/build-push-action@v4
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            BUILDTIME=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.created'] }}
            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}
            REVISION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.revision'] }}
          # https://github.com/docker/setup-qemu-action#about
          # platforms: linux/amd64,linux/arm64,linux/riscv64,linux/ppc64le,linux/s390x,linux/386,linux/mips64le,linux/mips64,linux/arm/v7,linux/arm/v6
          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
      # Sign the resulting Docker image digest except on PRs.
      # This will only write to the public Rekor transparency log when the Docker
      # repository is public to avoid leaking data.  If you would like to publish
      # transparency data even for private images, pass --force to cosign below.
      # https://github.com/sigstore/cosign
 #       - name: Sign the published Docker image
 #         if: ${{ github.event_name != 'pull_request' }}
 #         env:
 #           COSIGN_EXPERIMENTAL: "true"
 #         # This step uses the identity token to provision an ephemeral certificate
 #         # against the sigstore community Fulcio instance.
 #         run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
      # Temp fix
      # https://github.com/docker/build-push-action/issues/252
      # https://github.com/moby/buildkit/issues/1896
      - name: Move cache
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
--- a/10
+++ b/10
@ -9,8 +9,8 @@ COPY --link package.json pnpm-lock.yaml* ./
 SHELL ["/bin/ash", "-xeo", "pipefail", "-c"]
 RUN apk add --no-cache libc6-compat \
- && apk add --no-cache --virtual .gyp python3 make g++ \
+  && apk add --no-cache --virtual .gyp python3 make g++ \
- && npm install -g pnpm
+  && npm install -g pnpm
 RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store pnpm fetch | grep -v "cross-device link not permitted\|Falling back to copying packages from store"
@ -24,13 +24,13 @@ ARG BUILDTIME
 ARG VERSION
 ARG REVISION
-COPY --link --from=deps /app/node_modules ./node_modules/
+COPY --from=deps /app/node_modules ./node_modules/
 COPY . .
 SHELL ["/bin/ash", "-xeo", "pipefail", "-c"]
 RUN npm run telemetry \
- && mkdir config && echo '---' > config/settings.yaml \
+  && mkdir config && echo '---' > config/settings.yaml \
- && NEXT_PUBLIC_BUILDTIME=$BUILDTIME NEXT_PUBLIC_VERSION=$VERSION NEXT_PUBLIC_REVISION=$REVISION npm run build
+  && NEXT_PUBLIC_BUILDTIME=$BUILDTIME NEXT_PUBLIC_VERSION=$VERSION NEXT_PUBLIC_REVISION=$REVISION npm run build
 # Production image, copy all the files and run next
 FROM docker.io/node:18-alpine AS runner
--- a/src/utils/config/service-helpers.js
+++ b/src/utils/config/service-helpers.js
@ -4,7 +4,7 @@ import path from "path";
 import yaml from "js-yaml";
 import Docker from "dockerode";
 import * as shvl from "shvl";
-import { NetworkingV1Api } from "@kubernetes/client-node";
+import { CustomObjectsApi, NetworkingV1Api } from "@kubernetes/client-node";
 import createLogger from "utils/logger";
 import checkAndCopyConfig, { substituteEnvironmentVars } from "utils/config/config";
@ -145,6 +145,7 @@ export async function servicesFromKubernetes() {
      return [];
    }
    const networking = kc.makeApiClient(NetworkingV1Api);
    const crd = kc.makeApiClient(CustomObjectsApi);
    const ingressList = await networking.listIngressForAllNamespaces(null, null, null, null)
      .then((response) => response.body)
@ -152,6 +153,20 @@ export async function servicesFromKubernetes() {
        logger.error("Error getting ingresses: %d %s %s", error.statusCode, error.body, error.response);
        return null;
      });
    const traefikIngressList = await crd.listClusterCustomObject("traefik.containo.us", "v1alpha1", "ingressroutes")
      .then((response) => response.body)
      .catch((error) => {
        logger.error("Error getting traefik ingresses: %d %s %s", error.statusCode, error.body, error.response);
        return null;
      });
    if (traefikIngressList && traefikIngressList.items.length > 0) {
      const traefikServices = traefikIngressList.items
      .filter((ingress) => ingress.metadata.annotations && ingress.metadata.annotations[`${ANNOTATION_BASE}/href`])
      ingressList.items.push(...traefikServices);
    }
    if (!ingressList) {
      return [];
    }