deploy: build production containers and send to ghcr

Pedro Lucas Porcellis porcellis@eletrotupi.com 5 days ago 2413af1abc6efc9954e73e8d3acfc14be7720858

Parents: 28732da

2 file(s) changed

.github/workflows/deploy.yml +55 -0
api/Dockerfile.production +36 -0

.github/workflows/deploy.yml

@@ -0,0 +1,55 @@
  + name: Deploy
  + 
  + on:
  +   push:
  +     branches:
  +       - master # goes for production now, will become staging later on
  +       - production
  + 
  + env:
  +   REGISTRY: ghcr.io
  +   IMAGE_NAME: ${{ github.repository }}
  + 
  + jobs:
  +   build-and-push:
  +     name: Build & push image
  +     runs-on: ubuntu-latest
  +     permissions:
  +       contents: read
  +       packages: write
  + 
  +     outputs:
  +       image_tag: ${{ steps.meta.outputs.version }}
  + 
  +     steps:
  +       - name: Checkout
  +         uses: actions/checkout@v4
  + 
  +       - name: Log in to GHCR
  +         uses: docker/login-action@v3
  +         with:
  +           registry: ${{ env.REGISTRY }}
  +           username: ${{ github.actor }}
  +           password: ${{ secrets.GHCR_TOKEN }}
  + 
  +       - name: Docker metadata
  +         id: meta
  +         uses: docker/metadata-action@v5
  +         with:
  +           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
  +           tags: |
  +             # main branch => tag "latest"
  +             type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }}
  +             # production branch => tag "production"
  +             # type=raw,value=production,enable=${{ github.ref == 'refs/heads/production' }}
  +             # always tag with short SHA for traceability
  +             type=sha,prefix=,format=short
  + 
  +       - name: Build and push
  +         uses: docker/build-push-action@v5
  +         with:
  +           context: ./api
  +           file: ./api/Dockerfile.production
  +           push: true
  +           tags: ${{ steps.meta.outputs.tags }}
  +           labels: ${{ steps.meta.outputs.labels }}

api/Dockerfile.production

@@ -0,0 +1,36 @@
  + FROM node:24-alpine3.23 AS deps
  + 
  + RUN apk add --no-cache build-base yaml-dev
  + 
  + ARG UID=1000
  + ARG GID=1000
  + 
  + USER ${UID}:${GID}
  + WORKDIR /app
  + 
  + COPY --chown=${UID}:${GID} package*.json ./
  + RUN npm ci --frozen-lockfile --omit=dev
  + 
  + COPY --chown=${UID}:${GID} prisma ./prisma/
  + RUN npx prisma generate
  + 
  + # For runtime then:
  + FROM node:24-alpine3.23
  + 
  + RUN apk add --no-cache bash postgresql17-client valkey-cli
  + 
  + ARG UID=1000
  + ARG GID=1000
  + 
  + USER ${UID}:${GID}
  + WORKDIR /app
  + 
  + COPY --from=deps --chown=${UID}:${GID} /app/node_modules ./node_modules
  + COPY --from=deps --chown=${UID}:${GID} /app/node_modules/.prisma ./node_modules/.prisma
  + 
  + COPY --chown=${UID}:${GID} . .
  + 
  + EXPOSE 3000
  + 
  + # migrate then start — migrations are idempotent
  + CMD ["sh", "-c", "npx prisma migrate deploy && npm run start"]