Skip to content

Commit

Permalink
chore: update ci.yml, optimize Dockerfile
Browse files Browse the repository at this point in the history
  • Loading branch information
@MinhoJJang
MinhoJJang committed Aug 8, 2024
1 parent f2bcd9c commit 1eb0b51
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 32 deletions.
57 changes: 38 additions & 19 deletions .github/workflows/nextjs-prod-CI.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,25 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'

- name: Install dependencies
run: |
npm ci
npm install -g npm@latest
- name: Lint
run: npm run lint

- name: Get latest tag
id: get_latest_tag
run: |
Expand Down Expand Up @@ -52,26 +67,30 @@ jobs:
git tag ${{ steps.bump_version.outputs.NEW_TAG }}
git push https://[email protected]/${{ github.repository }}.git ${{ steps.bump_version.outputs.NEW_TAG }}
- name: Set up environment variables
run: |
echo "NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}" >> .env.local
echo "ACCESS_KEY=${{ secrets.ACCESS_KEY }}" >> .env.local
echo "ACCESS_SECRET_KEY=${{ secrets.ACCESS_SECRET_KEY }}" >> .env.local
echo "NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}" >> .env.local
echo "NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }}" >> .env.local
- name: Build the Docker image
run: |
docker build -t ${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }} --platform linux/amd64 .
docker tag ${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }} ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Login to KCR
run: |
echo "${{ secrets.ACCESS_SECRET_KEY }}" | docker login ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev -u "${{ secrets.ACCESS_KEY }}" --password-stdin
uses: docker/login-action@v2
with:
registry: ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev
username: ${{ secrets.ACCESS_KEY }}
password: ${{ secrets.ACCESS_SECRET_KEY }}

- name: Push to KCR
run: |
docker push ${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: |
${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ steps.bump_version.outputs.NEW_TAG }}
${{ env.PROJECT_NAME }}.kr-central-2.kcr.dev/${{ env.REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
NEXT_PUBLIC_SERVER_URL=${{ secrets.NEXT_PUBLIC_SERVER_URL }}
NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}
NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }}
- name: Create Release
uses: actions/create-release@v1
Expand All @@ -81,4 +100,4 @@ jobs:
tag_name: ${{ steps.bump_version.outputs.NEW_TAG }}
release_name: Release ${{ steps.bump_version.outputs.NEW_TAG }}
draft: false
prerelease: false
prerelease: false
40 changes: 27 additions & 13 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
# Base image
# Build stage
FROM node:18-alpine AS builder

# Set working directory
WORKDIR /app

# Copy package.json and package-lock.json
# Copy package files
COPY package.json package-lock.json* ./

# Install dependencies
Expand All @@ -13,29 +13,43 @@ RUN npm ci
# Copy the rest of the application code
COPY . .

# Install sharp for improved image optimization
RUN npm install sharp

# Build the Next.js application
RUN npm run build

# Start a new stage for a smaller production image
FROM node:18-alpine
# Production stage
FROM node:18-alpine AS runner

# Set working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json package-lock.json* ./
# Set node environment to production
ENV NODE_ENV production

# Install only production dependencies
RUN npm ci --only=production
# Add a non-root user
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs

# Copy the built app from the previous stage
COPY --from=builder /app/.next ./.next
# Copy necessary files from build stage
COPY --from=builder /app/next.config.mjs ./
COPY --from=builder /app/public ./public
COPY --from=builder /app/package.json ./package.json

# Copy the built app
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

# Set the correct permission for prerender cache
RUN mkdir .next
RUN chown nextjs:nodejs .next

# Copy next.config.mjs
COPY --from=builder /app/next.config.mjs ./next.config.mjs
# Switch to non-root user
USER nextjs

# Expose the port the app runs on
EXPOSE 3000

# Start the application
CMD ["npm", "start", "--", "-p", "3000"]
CMD ["node", "server.js"]

0 comments on commit 1eb0b51

Please sign in to comment.