Skip to content

Commit

Permalink
Optimise and revamp microservice Docker builds to leverage cache, min…
Browse files Browse the repository at this point in the history 
…imise disk size etc.
  • Loading branch information
@n1koo
n1koo committed May 24, 2024
1 parent 132a81e commit 39ad3d7
Show file tree
Hide file tree
Showing 51 changed files with 907 additions and 778 deletions.
70 changes: 35 additions & 35 deletions .github/workflows/build-images-from-branch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,70 +32,70 @@ jobs:
- uses: actions/checkout@v4
if: github.event_name == 'push'

- name: Set version
id: set-version
- name: Set version and branch
id: set-version-and-branch
run: |
export VERSION=`git log -1 --pretty=format:%h`
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
- name: Get list of services
id: get-services
run: |
services=$(grep "^ [^ ]" docker-compose.yml | grep -v '#' | awk -F: '{print $1}' | sed -e 's/^ *//')
services=$(grep "^ [^ ]" docker-compose.yml | grep -v base| grep -v '#' | awk -F: '{print $1}' | sed -e 's/^ *//')
services_json=$(echo $services | tr '\n' ',' | sed 's/,$//' | jq -R 'split(" ")' | tr -d '\n')
# Set the list of service names as an output variable
echo "services=$services_json" >> $GITHUB_OUTPUT
echo "services=$services_json"
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
uses: docker/build-push-action@v5
with:
file: packages/Dockerfile.base
context: .
push: true
tags: 'opencrvs/ocrvs-base:${{ steps.set-version-and-branch.outputs.branch }}'
cache-from: type=registry,ref=opencrvs/ocrvs-base:${{ steps.set-version-and-branch.outputs.branch }}
cache-to: type=inline

outputs:
services: ${{ steps.get-services.outputs.services }}
version: ${{ steps.set-version.outputs.version }}
version: ${{ steps.set-version-and-branch.outputs.version }}
branch: ${{ steps.set-version-and-branch.outputs.branch }}

build:
needs: base
strategy:
fail-fast: false
matrix:
service: ${{ fromJSON(needs.base.outputs.services) }}
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
if: github.event_name == 'workflow_dispatch'
with:
ref: '${{ github.event.inputs.branch_name }}'

- uses: actions/checkout@v4
if: github.event_name == 'push'

- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}

- name: Build ${{ matrix.service }}
run: |
export VERSION="${{ needs.base.outputs.version }}"
echo ${{ matrix.service }}
docker compose build ${{ matrix.service }}
docker compose push ${{ matrix.service }}
security-scans:
needs: [base, build]
strategy:
fail-fast: false
matrix:
service: ${{ fromJSON(needs.base.outputs.services) }}
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build and push
uses: docker/build-push-action@v5
with:
sparse-checkout: |
trivy.yaml
.trivyignore.yaml
sparse-checkout-cone-mode: false
file: packages/${{ matrix.service }}/Dockerfile
build-args: |
VERSION=${{ needs.base.outputs.branch }}
push: true
context: .
tags: |
opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.version }}
opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.branch }}
cache-from: type=registry,ref=opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.branch }}
cache-to: type=inline
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.21.0
with:
image-ref: 'opencrvs/ocrvs-${{ matrix.service }}:${{ needs.base.outputs.version }}'
trivy-config: trivy.yaml
39 changes: 38 additions & 1 deletion docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,38 +9,53 @@
version: '3.3'

services:
base:
image: opencrvs/ocrvs-base:${VERSION}
build:
context: .
dockerfile: ./packages/Dockerfile.base
client:
image: opencrvs/ocrvs-client:${VERSION}
build:
context: .
dockerfile: ./packages/client/Dockerfile
restart: unless-stopped
depends_on:
- base

dashboards:
image: opencrvs/ocrvs-dashboards:${VERSION}
build:
context: ./packages/dashboards
context: .
dockerfile: ./Dockerfile
restart: unless-stopped
depends_on:
- base

components:
image: opencrvs/ocrvs-components:${VERSION}
build:
context: .
dockerfile: ./packages/components/Dockerfile
restart: unless-stopped
depends_on:
- base
login:
image: opencrvs/ocrvs-login:${VERSION}
build:
context: .
dockerfile: ./packages/login/Dockerfile
restart: unless-stopped
depends_on:
- base
gateway:
image: opencrvs/ocrvs-gateway:${VERSION}
build:
context: .
dockerfile: ./packages/gateway/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- REDIS_HOST=redis
- CONFIG_SMS_CODE_EXPIRY_SECONDS=600
Expand All @@ -66,6 +81,8 @@ services:
context: .
dockerfile: ./packages/workflow/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- NODE_ENV=development
- SEARCH_URL=http://search:9090/
Expand All @@ -84,6 +101,8 @@ services:
context: .
dockerfile: ./packages/search/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- HEARTH_MONGO_URL=mongodb://mongo1/hearth-dev
- NODE_ENV=development
Expand All @@ -96,6 +115,8 @@ services:
context: .
dockerfile: ./packages/metrics/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- INFLUX_HOST=influxdb
- INFLUX_PORT=8086
Expand All @@ -115,6 +136,8 @@ services:
build:
context: .
dockerfile: ./packages/scheduler/Dockerfile
depends_on:
- base
environment:
- NODE_ENV=development
- METRICS_URL=http://metrics:1050
Expand All @@ -125,6 +148,8 @@ services:
context: .
dockerfile: ./packages/auth/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- REDIS_HOST=redis
- USER_MANAGEMENT_URL=http://user-mgnt:3030/
Expand All @@ -138,6 +163,8 @@ services:
context: .
dockerfile: ./packages/user-mgnt/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- MONGO_URL=mongodb://mongo1/user-mgnt
- NOTIFICATION_SERVICE_URL=http://notification:2020/
Expand All @@ -150,6 +177,8 @@ services:
context: .
dockerfile: ./packages/webhooks/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- REDIS_HOST=redis://redis:6379
- MONGO_URL=mongodb://mongo1/webhooks
Expand All @@ -164,6 +193,8 @@ services:
context: .
dockerfile: ./packages/notification/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- COUNTRY=${COUNTRY:-bgd}
- HOST=0.0.0.0
Expand All @@ -174,6 +205,8 @@ services:
context: .
dockerfile: ./packages/config/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- AUTH_URL=http://auth:4040
- COUNTRY_CONFIG_URL=http://countryconfig:3040
Expand All @@ -193,6 +226,8 @@ services:
context: .
dockerfile: ./packages/migration/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- USER_MGNT_MONGO_URL=mongodb://mongo1/user-mgnt
- APPLICATION_CONFIG_MONGO_URL=mongodb://mongo1/application-config
Expand All @@ -210,6 +245,8 @@ services:
context: .
dockerfile: ./packages/documents/Dockerfile
restart: unless-stopped
depends_on:
- base
environment:
- NODE_ENV=development
- COUNTRY_CONFIG_URL=http://countryconfig:3040
2 changes: 1 addition & 1 deletion license-config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
"AUTHORS",
"LICENSE",
"license-header.txt",
"**/*Dockerfile",
"**/*Dockerfile*",
"**/packages/components/lib",
"**/packages/*/build",
"packages/gateway/src/graphql/schema.d.ts",
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"cov:client": "cd packages/client && yarn open:cov",
"cov:login": "cd packages/login && yarn open:cov",
"db:clear:all": "bash development-environment/clear-all-data.sh",
"build": "lerna run build --stream --concurrency=1 && lerna run build-storybook",
"build": "lerna run build --stream && lerna run build-storybook",
"build:image": "export VERSION=`git log -1 --pretty=format:%h` && docker build --build-arg VERSION=${VERSION} -t opencrvs-build . && unset VERSION",
"build:clean": "lerna run build:clean",
"check:license": "license-check-and-add check -f license-config.json",
Expand Down
15 changes: 15 additions & 0 deletions packages/Dockerfile.base
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
FROM node:18-slim

RUN apt-get update && apt-get upgrade -y

RUN apt-get clean && \
rm -rf /var/cache/apt/archives /var/lib/apt/lists/*

USER node

WORKDIR /app

COPY --chown=node:node *.json .
COPY --chown=node:node yarn.lock .

RUN yarn install --production --frozen-lockfile
2 changes: 0 additions & 2 deletions packages/auth/.dockerignore
View file

This file was deleted.

30 changes: 10 additions & 20 deletions packages/auth/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,17 @@
FROM node:hydrogen-alpine
ARG VERSION=dev
FROM opencrvs/ocrvs-base:${VERSION}

WORKDIR /app

RUN apk update && apk upgrade

COPY . .

RUN rm -rf /app/packages/*

COPY packages/auth /app/packages/auth
COPY packages/commons /app/packages/commons

RUN yarn install
USER node

WORKDIR /app/packages/commons
RUN yarn build
COPY --chown=node:node packages/commons /app/packages/commons
RUN yarn install --frozen-lockfile --ignore-scripts && yarn build


WORKDIR /app/packages/auth
COPY --chown=node:node packages/auth/*.json /app/packages/auth/
RUN yarn install --frozen-lockfile
COPY --chown=node:node packages/auth /app/packages/auth
RUN yarn build

# FIXME: to be replaced later with whole build running as node
RUN chown -R node:node /app

USER node

CMD yarn start:prod
CMD ["yarn", "start:prod"]
22 changes: 22 additions & 0 deletions packages/auth/Dockerfile.dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
*.md
*.yml
*.yaml
.vscode
**/.git
**/test
**/build

# From root
**/node_modules
**/coverage
**/.DS_Store
**/.env
**/*.log
.secrets/*
data
grafana

# Exclude unused packages
packages/*
!packages/commons
!packages/auth
10 changes: 0 additions & 10 deletions packages/client/.dockerignore
View file

This file was deleted.

Loading

0 comments on commit 39ad3d7

Please sign in to comment.