diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 02a7c371..c571360d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,14 +48,20 @@ jobs: - uses: actions/setup-python@v4 with: python-version: 3.9.15 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Auth gcloud - uses: google-github-actions/auth@v1 + id: auth + uses: google-github-actions/auth@v2 with: + token_format: access_token credentials_json: ${{ secrets.gke-credentials }} - - name: Setup gcloud - uses: google-github-actions/setup-gcloud@v1 + - name: Login to GAR + uses: docker/login-action@v3 with: - project_id: ${{ secrets.gke-project }} + registry: europe-west1-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} - name: Configure gcloud run: | gcloud --quiet auth configure-docker @@ -64,7 +70,7 @@ jobs: id: docker-metadata uses: docker/metadata-action@v4 with: - images: eu.gcr.io/${{ secrets.gke-project }}/website/php + images: europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php tags: | type=raw,value=${{ github.sha }},priority=9999 ${{ inputs.tags }} @@ -78,10 +84,10 @@ jobs: tags: ${{ steps.docker-metadata.outputs.tags }} labels: ${{ steps.docker-metadata.outputs.labels }} cache-from: | - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/caddy:latest - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/php:latest - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/caddy:${{ github.sha }} - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/php:${{ github.sha }} + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy:latest + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php:latest + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy:${{ github.sha }} + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php:${{ github.sha }} cache-to: type=inline outputs: version: ${{ github.sha }} @@ -99,14 +105,20 @@ jobs: - uses: actions/setup-python@v4 with: python-version: 3.9.15 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Auth gcloud - uses: google-github-actions/auth@v1 + id: auth + uses: google-github-actions/auth@v2 with: + token_format: access_token credentials_json: ${{ secrets.gke-credentials }} - - name: Setup gcloud - uses: google-github-actions/setup-gcloud@v1 + - name: Login to GAR + uses: docker/login-action@v3 with: - project_id: ${{ secrets.gke-project }} + registry: europe-west1-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} - name: Configure gcloud run: | gcloud --quiet auth configure-docker @@ -115,7 +127,7 @@ jobs: id: docker-metadata uses: docker/metadata-action@v4 with: - images: eu.gcr.io/${{ secrets.gke-project }}/website/caddy + images: europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy tags: | type=raw,value=${{ github.sha }},priority=9999 ${{ inputs.tags }} @@ -129,10 +141,10 @@ jobs: tags: ${{ steps.docker-metadata.outputs.tags }} labels: ${{ steps.docker-metadata.outputs.labels }} cache-from: | - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/caddy:latest - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/php:latest - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/caddy:${{ github.sha }} - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/php:${{ github.sha }} + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy:latest + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php:latest + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy:${{ github.sha }} + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php:${{ github.sha }} cache-to: type=inline outputs: version: ${{ github.sha }} @@ -150,14 +162,20 @@ jobs: - uses: actions/setup-python@v4 with: python-version: 3.9.15 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - name: Auth gcloud - uses: google-github-actions/auth@v1 + id: auth + uses: google-github-actions/auth@v2 with: + token_format: access_token credentials_json: ${{ secrets.gke-credentials }} - - name: Setup gcloud - uses: google-github-actions/setup-gcloud@v1 + - name: Login to GAR + uses: docker/login-action@v3 with: - project_id: ${{ secrets.gke-project }} + registry: europe-west1-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} - name: Configure gcloud run: | gcloud --quiet auth configure-docker @@ -166,7 +184,7 @@ jobs: id: docker-metadata uses: docker/metadata-action@v4 with: - images: eu.gcr.io/${{ secrets.gke-project }}/website/pwa + images: europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa tags: | type=raw,value=${{ github.sha }},priority=9999 ${{ inputs.tags }} @@ -196,8 +214,8 @@ jobs: build-args: | NEXT_ROOT_URL=${{ env.URL }} cache-from: | - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/pwa:latest - type=registry,ref=eu.gcr.io/${{ secrets.gke-project }}/website/pwa:${{ github.sha }} + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa:latest + type=registry,ref=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa:${{ github.sha }} cache-to: type=inline secrets: | "GITHUB_KEY=${{ secrets.gh-key }}" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6f7ba73b..650e2a43 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -111,13 +111,13 @@ jobs: --atomic \ --namespace=${{ env.NAMESPACE }} \ --set=app.version=${{ github.sha }} \ - --set=php.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/php \ + --set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php \ --set=php.image.tag=${{ inputs.docker-images-version }} \ --set=php.image.pullPolicy=Always \ - --set=caddy.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/caddy \ + --set=caddy.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy \ --set=caddy.image.tag=${{ inputs.docker-images-version }} \ --set=caddy.image.pullPolicy=Always \ - --set=pwa.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/pwa \ + --set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa \ --set=pwa.image.tag=${{ inputs.docker-images-version }} \ --set=pwa.image.pullPolicy=Always \ --set=bucket.s3Upstream=storage.googleapis.com \ @@ -150,13 +150,13 @@ jobs: --atomic \ --namespace=${{ env.NAMESPACE }} \ --set=app.version=${{ github.sha }} \ - --set=php.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/php \ + --set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php \ --set=php.image.tag=${{ inputs.docker-images-version }} \ --set=php.image.pullPolicy=Always \ - --set=caddy.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/caddy \ + --set=caddy.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy \ --set=caddy.image.tag=${{ inputs.docker-images-version }} \ --set=caddy.image.pullPolicy=Always \ - --set=pwa.image.repository=eu.gcr.io/${{ secrets.gke-project }}/website/pwa \ + --set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa \ --set=pwa.image.tag=${{ inputs.docker-images-version }} \ --set=pwa.image.pullPolicy=Always \ --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ diff --git a/pwa/Dockerfile b/pwa/Dockerfile index 71fb5b55..3f4ce60d 100644 --- a/pwa/Dockerfile +++ b/pwa/Dockerfile @@ -49,11 +49,11 @@ RUN pnpm install --offline --frozen-lock # Development image FROM deps as dev -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.data ./public/php-web.data -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.wasm ./public/php-web.wasm -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.wasm ./app/playground/utils/ -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.data.js /build/php-web.data.js -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.mjs /build/php-web.mjs +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.data ./public/php-web.data +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.wasm ./public/php-web.wasm +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.wasm ./app/playground/utils/ +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.data.js /build/php-web.data.js +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.mjs /build/php-web.mjs RUN sed '/--pre-js/r /build/php-web.data.js' /build/php-web.mjs > ./app/playground/utils/php-web.mjs EXPOSE 3000 @@ -66,11 +66,11 @@ FROM builder_base AS builder COPY --link . . COPY --from=deps --link /srv/app/node_modules ./node_modules -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.data ./public/php-web.data -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.wasm ./public/php-web.wasm -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.wasm ./app/playground/utils/ -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.data.js /build/php-web.data.js -COPY --from=phpwasm --link --chown=nextjs:nodejs /build/php-web.mjs /build/php-web.mjs +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.data ./public/php-web.data +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.wasm ./public/php-web.wasm +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.wasm ./app/playground/utils/ +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.data.js /build/php-web.data.js +COPY --from=phpwasm --link --chown=1001:1001 /build/php-web.mjs /build/php-web.mjs RUN sed '/--pre-js/r /build/php-web.data.js' /build/php-web.mjs > ./app/playground/utils/php-web.mjs ARG NEXT_ROOT_URL @@ -115,9 +115,9 @@ COPY --from=builder --link /srv/app/public ./public # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing -COPY --from=builder --link --chown=nextjs:nodejs /srv/app/.next/standalone ./ -COPY --from=builder --link --chown=nextjs:nodejs /srv/app/public/* ./public/ -COPY --from=builder --link --chown=nextjs:nodejs /srv/app/.next/static ./.next/static +COPY --from=builder --link --chown=1001:1001 /srv/app/.next/standalone ./ +COPY --from=builder --link --chown=1001:1001 /srv/app/public/* ./public/ +COPY --from=builder --link --chown=1001:1001 /srv/app/.next/static ./.next/static USER nextjs