From 0eec835c315a96be4ece75f7f7e564e1f36c9205 Mon Sep 17 00:00:00 2001
From: Torsten Curdt <tcurdt@vafer.org>
Date: Mon, 30 Aug 2021 23:26:44 +0200
Subject: [PATCH] cleaning up and improving the CI/CD pipeline (#1122)

* no artifacts, not required

* renamed

* cleanup and comments

* pass build args

* two-step docker build
---
 .github/workflows/ci.yml                      | 49 +++++++------------
 .github/workflows/cleanup.yml                 | 17 -------
 .../{dockerhub.yml => release-dockerhub.yml}  | 19 +++++--
 .../workflows/{npm.yml => release-npm.yml}    |  2 +-
 Dockerfile                                    | 29 +++++++----
 5 files changed, 52 insertions(+), 64 deletions(-)
 delete mode 100644 .github/workflows/cleanup.yml
 rename .github/workflows/{dockerhub.yml => release-dockerhub.yml} (50%)
 rename .github/workflows/{npm.yml => release-npm.yml} (93%)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index befb97d2..f3b586f2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,20 +1,23 @@
 name: ci
 
-on: [push, pull_request]
+on:
+  - push
+  - pull_request
 
 env:
-  project: 'release-node'
+  project: 'gun'
 
 jobs:
 
   test:
     strategy:
       matrix:
-        node-version: [14.x] # [12.x, 14.x]
-        os: [ubuntu-latest] #, macos-latest, windows-latest]
+        node-version: [ 14.x ]
+        os: [ ubuntu-latest ]
     runs-on: ${{ matrix.os }}
     steps:
 
+    # checkout the code
     - name: Checkout
       uses: actions/checkout@v2
 
@@ -22,11 +25,13 @@ jobs:
     - name: Version
       uses: tcurdt/action-verify-version-npm@master
 
+    # setup the node version
     - name: Setup Node ${{ matrix.node-version }}
       uses: actions/setup-node@v1
       with:
         node-version: ${{ matrix.node-version }}
 
+    # cache node_modules if we can
     - name: Cache
       id: cache-modules
       uses: actions/cache@v2
@@ -34,42 +39,24 @@ jobs:
         path: node_modules
         key: ${{ matrix.node-version }}-${{ runner.OS }}-build-${{ hashFiles('package.json') }}
 
+    # ottherweise run install
     - name: Install
       if: steps.cache-modules.outputs.cache-hit != 'true'
       run: npm install
 
+    # run tests
     - name: Test
       run: npm test
 
-    # create release artifacts to publish as github release
-    # - name: Upload
-    #   if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-    #   uses: actions/upload-artifact@v2
-    #   with:
-    #     name: ${{ env.project }}_${{ matrix.os }}_${{ matrix.node-version }}
-    #     path: |
-    #       !.git
-    #       !.github
-    #       !node_modules
-    #       .
-
+  # only create a release for tags named 'v*'
   release:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-    needs: [test]
+    needs: [ test ]
     runs-on: ubuntu-latest
     steps:
 
-      # - name: Download
-      #   uses: actions/download-artifact@v2
-      #   with:
-      #     path: artifacts
-      # - name: Archives
-      #   run: find artifacts -mindepth 1 -maxdepth 1  -exec tar -C {} -cvzf {}.tgz . \;
-
-      - name: Release
-        uses: softprops/action-gh-release@v1
-        # with:
-        #   files: |
-        #     artifacts/*.tgz
-        env:
-          GITHUB_TOKEN: ${{ secrets.PAT }}
+    # create github release (which triggers the release workflows)
+    - name: Release
+      uses: softprops/action-gh-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.PAT }}
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
deleted file mode 100644
index 067e221e..00000000
--- a/.github/workflows/cleanup.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-name: cleanup
-
-on:
-  schedule:
-    - cron:  '1 1 * * 1' # once a week clean out old artifacts
-
-jobs:
-
-  expire:
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Expire Artifacts
-      uses: kolpav/purge-artifacts-action@v1
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        expire-in: 1hour
diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/release-dockerhub.yml
similarity index 50%
rename from .github/workflows/dockerhub.yml
rename to .github/workflows/release-dockerhub.yml
index 17eb638a..39dd96d8 100644
--- a/.github/workflows/dockerhub.yml
+++ b/.github/workflows/release-dockerhub.yml
@@ -2,10 +2,10 @@ name: dockerhub
 
 on:
   release:
-    types: [published]
+    types: [ published ]
 
 env:
-  project: 'release-node'
+  project: 'gun'
 
 jobs:
 
@@ -26,10 +26,19 @@ jobs:
         DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
       run: echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
 
-    - name: Tag
+    - name: Build
       run: |
-        docker tag ${{ env.project }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.project }}:${GITHUB_REF/refs\/tags\/v/}
-        docker tag ${{ env.project }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.project }}:latest
+        echo "SHA=$GITHUB_SHA"
+        docker build --build-arg \
+          SHA=$GITHUB_SHA \
+          BUILD_DATE=$(date +'%Y-%m-%d') \
+          VCS_REF=${GITHUB_REF/refs\/tags\/v/} \
+          VCS_URL=$GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} \
+          VERSION=${GITHUB_REF/refs\/tags\/v/} \
+          --label "sha=$GITHUB_SHA" \
+          --tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.project }}:${GITHUB_REF/refs\/tags\/v/} \
+          --tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.project }}:latest \
+          .
 
     - name: Push
       run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.project }}
diff --git a/.github/workflows/npm.yml b/.github/workflows/release-npm.yml
similarity index 93%
rename from .github/workflows/npm.yml
rename to .github/workflows/release-npm.yml
index 6af0892d..d66cbed6 100644
--- a/.github/workflows/npm.yml
+++ b/.github/workflows/release-npm.yml
@@ -2,7 +2,7 @@ name: npm
 
 on:
   release:
-    types: [published]
+    types: [ published ]
 
 jobs:
 
diff --git a/Dockerfile b/Dockerfile
index c1d6fd9c..564dee47 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,15 @@
-FROM alpine:latest
-# Build-time metadata as defined at http://label-schema.org
+# install packages
+FROM node:14-alpine as builder
+RUN mkdir /work
+WORKDIR /work
+RUN apk add --no-cache alpine-sdk python
+COPY package*.json ./
+RUN mkdir -p node_modules
+RUN npm ci --only=production
+
+# fresh image without dev packages
+FROM node:14-alpine
+# build-time metadata as defined at http://label-schema.org
 ARG BUILD_DATE
 ARG VCS_REF
 ARG VCS_URL
@@ -12,15 +22,14 @@ LABEL org.label-schema.build-date=$BUILD_DATE \
   org.label-schema.vendor="The Gun Database Team" \
   org.label-schema.version=$VERSION \
   org.label-schema.schema-version="1.0"
-#  org.label-schema.description="Let it be pulled from Readme.md..." \
-WORKDIR /app
+ARG SHA
+RUN mkdir /work
+WORKDIR /work
+COPY --from=builder /work/node_modules ./node_modules
+RUN npm rebuild -q
 ADD . .
-ENV NPM_CONFIG_LOGLEVEL warn
-RUN apk update && apk upgrade \
-  && apk add --no-cache ca-certificates nodejs npm \
-  && apk add --no-cache --virtual .build-dependencies python2 make g++ git \
-  && npm install --production=false \
-  && apk del .build-dependencies && rm -rf /var/cache/* /tmp/npm*
+RUN echo "{ \"sha\": \"$SHA\" }" > version.json
+RUN cat version.json
 EXPOSE 8080
 EXPOSE 8765
 CMD ["npm","start"]