Merge pull request #171 from datacite/remove-copying-of-gemfile-and-lock

reorder dockerfile and add 'branch-to-staging' git action

.github/workflows/_update_terraform.yml

@@ -0,0 +1,60 @@
+name: Update Terraform
+on:
+  workflow_call:
+    secrets:
+      PERSONAL_ACCESS_TOKEN:
+        required: true
+    inputs:
+      image_tag:
+        description: Tag for the image for docker/ghcr registries
+        required: true
+        type: string
+      deployment_environment:
+        description: The terraform target environment
+        required: true
+        type: string
+        default: staging
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    env:
+      GIT_SHA: ${{ github.sha }}
+      GIT_TAG: ${{ inputs.image_tag }}
+    steps:
+      - name: Checkout terraform config repo
+        uses: actions/checkout@v4
+        with:
+          # public repo with terraform configuration
+          repository: 'datacite/mastino'
+          persist-credentials: false
+      - name: Setup dokerize and template parameters
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          wget https://github.com/jwilder/dockerize/releases/download/v0.6.0/dockerize-linux-amd64-v0.6.0.tar.gz
+          tar -xzvf dockerize-linux-amd64-v0.6.0.tar.gz
+          rm dockerize-linux-amd64-v0.6.0.tar.gz
+
+      - name: Conditionally update staging environment
+        if: ${{ (inputs.deployment_environment == 'staging') }}
+        run: |
+          ./dockerize -template stage/services/levriero/_levriero.auto.tfvars.tmpl:stage/services/levriero/_levriero.auto.tfvars
+          git add stage/services/levriero/_levriero.auto.tfvars
+          git commit -m "Adding levriero git variables for commit ${{ github.sha }}"
+
+      - name: Conditionally update production/test environments
+        if: ${{ (inputs.deployment_environment == 'production') }}
+        run: |
+          ./dockerize -template prod-eu-west/services/levriero/_levriero.auto.tfvars.tmpl:prod-eu-west/services/levriero/_levriero.auto.tfvars
+          ./dockerize -template test/services/levriero/_levriero.auto.tfvars.tmpl:test/services/levriero/_levriero.auto.tfvars
+
+          git add prod-eu-west/services/levriero/_levriero.auto.tfvars
+          git add test/services/levriero/_levriero.auto.tfvars
+          git commit -m "Adding levriero git variables for tag ${{ inputs.image_tag }}"
+      - name: Push changes
+        uses: ad-m/[email protected]
+        with:
+          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          repository: 'datacite/mastino'
+          branch: 'refs/heads/master'
+          tags: false

.github/workflows/branch_to_staging.yml

@@ -0,0 +1,21 @@
+name: Build/Deploy Branch to Staging
+on:
+  workflow_dispatch:
+jobs:
+  test:
+    uses: ./.github/workflows/parallel_ci.yml
+    secrets: inherit
+  call_build_and_push:
+    needs: test
+    uses: ./.github/workflows/build.yml
+    with:
+      image_name: ${{ github.repository }}
+      image_tag: ${{ github.ref_name }}
+    secrets: inherit
+  deploy:
+    needs: [test, call_build_and_push]
+    uses: ./.github/workflows/_update_terraform.yml
+    with:
+      image_tag: ${{ github.ref_name }}
+      deployment_environment: staging
+    secrets: inherit

.github/workflows/build.yml

@@ -0,0 +1,54 @@
+name: Build and Tag
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+    inputs:
+      image_name:
+        description: The name of the image for docker/ghcr registries
+        required: true
+        type: string
+      image_tag:
+        description: Tag for the image for docker/ghcr registries
+        required: true
+        type: string
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and Push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: |
+            ${{ inputs.image_name }}:${{ inputs.image_tag }}
+            ghcr.io/${{ inputs.image_name }}:${{ inputs.image_tag }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache

Dockerfile

@@ -33,6 +33,11 @@ COPY vendor/docker/00_app_env.conf /etc/nginx/conf.d/00_app_env.conf
 # Use Amazon NTP servers
 COPY vendor/docker/ntp.conf /etc/ntp.conf
 
+# Add Runit script for shoryuken workers
+WORKDIR /home/app/webapp
+RUN mkdir /etc/service/shoryuken
+ADD vendor/docker/shoryuken.sh /etc/service/shoryuken/run
+
 # Copy webapp folder
 COPY . /home/app/webapp/
 RUN mkdir -p tmp/pids && \
@@ -41,7 +46,6 @@ RUN mkdir -p tmp/pids && \
     chmod -R 755 /home/app/webapp
 
 # Install Ruby gems
-COPY Gemfile* /home/app/webapp/
 WORKDIR /home/app/webapp
 RUN mkdir -p vendor/bundle && \
     chown -R app:app . && \
@@ -54,10 +58,6 @@ RUN mkdir -p vendor/bundle && \
 RUN rm -f /etc/service/sshd/down && \
     /etc/my_init.d/00_regen_ssh_host_keys.sh
 
-# Add Runit script for shoryuken workers
-RUN mkdir /etc/service/shoryuken
-ADD vendor/docker/shoryuken.sh /etc/service/shoryuken/run
-
 # Run additional scripts during container startup (i.e. not at build time)
 RUN mkdir -p /etc/my_init.d