diff --git a/.github/workflows/main-docker-alpine.yml b/.github/workflows/main-docker-alpine.yml new file mode 100644 index 000000000..612d626ad --- /dev/null +++ b/.github/workflows/main-docker-alpine.yml @@ -0,0 +1,153 @@ +on: + push: + branches: + - "develop" + - "feature/update**" + - "feature/server_esm**" + paths-ignore: + - "docs/**" + - "bin/**" + tags: + - "v*" + workflow_dispatch: + +env: + GHCR_REGISTRY: ghcr.io + DOCKERHUB_REGISTRY: docker.io + IMAGE_NAME: ${{ github.repository }} + TEST_TAG: triliumnext/notes:test + PLATFORMS: linux/arm64,linux/arm/v7 + +jobs: + test_docker: + name: Check Docker build + runs-on: ubuntu-latest + steps: + - name: Checkout the repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up node & dependencies + uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + + - run: npm ci + + - name: Run the TypeScript build + run: npx tsc + + - name: Create server-package.json + run: cat package.json | grep -v electron > server-package.json + + - name: Build and export to Docker + uses: docker/build-push-action@v6 + with: + context: . + load: true + tags: ${{ env.TEST_TAG }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Run the container in the background + run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }} + + - name: Wait for the healthchecks to pass + uses: stringbean/docker-healthcheck-action@v1 + with: + container: trilium_local + wait-time: 50 + require-status: running + require-healthy: true + + build_docker: + name: Build Docker images + runs-on: ubuntu-latest + needs: + - test_docker + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - uses: actions/checkout@v4 + - name: Extract metadata (tags, labels) for GHCR image + id: ghcr-meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=tag + type=sha + - name: Extract metadata (tags, labels) for DockerHub image + id: dh-meta + uses: docker/metadata-action@v4 + with: + images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=tag + type=sha + - name: Set up node & dependencies + uses: actions/setup-node@v4 + with: + node-version: 20 + cache: "npm" + - run: npm ci + - name: Run the TypeScript build + run: npx tsc + - name: Create server-package.json + run: cat package.json | grep -v electron > server-package.json + - name: Log in to the GHCR container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.GHCR_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: docker/setup-buildx-action@v3 + - name: Build and push container image to GHCR + uses: docker/build-push-action@v6 + id: ghcr-push + with: + file: ./Dockerfile-alpine + context: . + platforms: ${{ env.PLATFORMS }} + push: true + tags: ${{ steps.ghcr-meta.outputs.tags }} + labels: ${{ steps.ghcr-meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Generate and push artifact attestation to GHCR + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.ghcr-push.outputs.digest }} + push-to-registry: true + - name: Log in to the DockerHub container registry + uses: docker/login-action@v2 + with: + registry: ${{ env.DOCKERHUB_REGISTRY }} + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Build and push image to DockerHub + uses: docker/build-push-action@v6 + id: dh-push + with: + context: . + platforms: ${{ env.PLATFORMS }} + push: true + tags: ${{ steps.dh-meta.outputs.tags }} + labels: ${{ steps.dh-meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + - name: Generate and push artifact attestation to DockerHub + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.dh-push.outputs.digest }} + push-to-registry: true \ No newline at end of file diff --git a/.github/workflows/main-docker.yml b/.github/workflows/main-docker.yml index 70a3592b1..52421b969 100644 --- a/.github/workflows/main-docker.yml +++ b/.github/workflows/main-docker.yml @@ -16,7 +16,7 @@ env: DOCKERHUB_REGISTRY: docker.io IMAGE_NAME: ${{ github.repository }} TEST_TAG: triliumnext/notes:test - PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7 + PLATFORMS: linux/arm64,linux/arm/v7 jobs: test_docker: diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 000000000..7ace8e964 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,53 @@ +# !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!! +FROM node:20.15.1-alpine + +# Configure system dependencies +RUN apk add --no-cache --virtual .build-dependencies \ + autoconf \ + automake \ + g++ \ + gcc \ + libtool \ + make \ + nasm \ + libpng-dev \ + python3 + +# Create app directory +WORKDIR /usr/src/app + +# Bundle app source +COPY . . + +COPY server-package.json package.json + +# Copy TypeScript build artifacts into the original directory structure. +# Copy the healthcheck +RUN cp -R build/src/* src/. && \ + cp build/docker_healthcheck.js . && \ + rm -r build && \ + rm docker_healthcheck.ts + +# Install app dependencies +RUN set -x && \ + npm install && \ + apk del .build-dependencies && \ + npm run webpack && \ + npm prune --omit=dev && \ + cp src/public/app/share.js src/public/app-dist/. && \ + cp -r src/public/app/doc_notes src/public/app-dist/. && \ + rm -rf src/public/app && \ + rm src/services/asset_path.ts + + +# Some setup tools need to be kept +RUN apk add --no-cache su-exec shadow + +# Add application user and setup proper volume permissions +RUN adduser -s /bin/false node; exit 0 + +# Start the application +EXPOSE 8080 +CMD [ "./start-docker.sh" ] + +HEALTHCHECK --start-period=10s CMD exec su-exec node node docker_healthcheck.js