diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..c12d0806 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,31 @@ +name: 📦 CD + +on: + push: + branches: + - main + +jobs: + docker: + runs-on: ubuntu-latest + name: Build and push Docker image + steps: + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Inject enhanced GitHub environment variables + uses: rlespinasse/github-slug-action@v5 + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ github.token }} + - name: Build and push + uses: docker/build-push-action@v6 + with: + push: true + tags: | + ghcr.io/${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG }}/sites-faciles:${{ env.GITHUB_REF_SLUG }} + latest + cache-from: type=registry,ref=ghcr.io/${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG }}/sites-faciles:${{ env.GITHUB_REF_SLUG }} + cache-to: type=inline diff --git a/Dockerfile b/Dockerfile index d36ecc35..728f75bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,15 +13,18 @@ ENV POETRY_HOME=/opt/poetry ENV POETRY_VENV=/opt/poetry-venv ENV POETRY_CACHE_DIR=/opt/.cache +# Needed for docker build to succeed +ENV DATABASE_URL=postgres://user:password@localhost:5432/db + # Add new user to run the whole thing as non-root. RUN set -ex \ - && addgroup app \ - && adduser --ingroup app --home ${APP_DIR} --disabled-password app; + && addgroup --gid 1000 app \ + && adduser --uid 1000 --gid 1000 --home ${APP_DIR} --disabled-password app; # Install poetry separated from system interpreter RUN python3 -m venv ${POETRY_VENV} \ - && ${POETRY_VENV}/bin/pip install -U pip setuptools \ - && ${POETRY_VENV}/bin/pip install poetry==${POETRY_VERSION} + && ${POETRY_VENV}/bin/pip install -U pip setuptools \ + && ${POETRY_VENV}/bin/pip install poetry==${POETRY_VERSION} # Add `poetry` to PATH ENV PATH="${PATH}:${POETRY_VENV}/bin"