diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 441cbde..d6cc974 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -37,11 +37,28 @@ jobs: - name: Check out the repo uses: actions/checkout@v4 + # Setup Buildx + - name: Docker Setup Buildx + uses: docker/setup-buildx-action@v3 + with: + platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8 + - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} + ecr: auto + logout: true + + # Pull previous image from docker hub to use it as cache to improve the image build time. + - name: docker pull cache image + continue-on-error: true + run: docker pull ${{ matrix.repos.image }}:latest + + # Setup QEMU + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 - name: Extract metadata (tags, labels) for Docker id: meta @@ -58,6 +75,7 @@ jobs: push: true platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8 tags: ${{ steps.meta.outputs.tags }} + cache-from: ${{ matrix.repos.image }}:latest - name: Generate artifact attestation uses: actions/attest-build-provenance@v1 diff --git a/Notesnook.API/Dockerfile b/Notesnook.API/Dockerfile index 7a30e19..641c7b4 100644 --- a/Notesnook.API/Dockerfile +++ b/Notesnook.API/Dockerfile @@ -1,26 +1,50 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build - +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base WORKDIR /app +EXPOSE 80 +EXPOSE 443 + +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build +ARG TARGETARCH +ARG BUILDPLATFORM +ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" + +WORKDIR /src -# copy projects COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/ COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/ COPY Notesnook.API/*.csproj ./Notesnook.API/ # restore dependencies -RUN dotnet restore -v d /app/Notesnook.API/Notesnook.API.csproj --use-current-runtime +RUN dotnet restore -v d /src/Notesnook.API/Notesnook.API.csproj --use-current-runtime -# copy everything else COPY Streetwriters.Data/ ./Streetwriters.Data/ COPY Streetwriters.Common/ ./Streetwriters.Common/ COPY Notesnook.API/ ./Notesnook.API/ -WORKDIR /app/Notesnook.API/ -ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" -RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore +WORKDIR /src/Notesnook.API/ -# final stage/image -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +RUN dotnet build -c Release -o /app/build -a $TARGETARCH + +FROM build AS publish +RUN dotnet publish -c Release -o /app/publish \ + #--runtime alpine-x64 \ + --self-contained true \ + /p:PublishTrimmed=true \ + /p:PublishSingleFile=true \ + -a $TARGETARCH + +FROM --platform=$BUILDPLATFORM base AS final +ARG TARGETARCH +ARG BUILDPLATFORM + +# create a new user and change directory ownership +RUN adduser --disabled-password \ + --home /app \ + --gecos '' dotnetuser && chown -R dotnetuser /app + +# impersonate into the new user +USER dotnetuser WORKDIR /app -COPY --from=build /app/out . -ENTRYPOINT ["dotnet", "Notesnook.API.dll"] \ No newline at end of file + +COPY --from=publish /app/publish . +ENTRYPOINT ["./Notesnook.API"] \ No newline at end of file diff --git a/Streetwriters.Identity/Dockerfile b/Streetwriters.Identity/Dockerfile index e899430..a8f95e9 100644 --- a/Streetwriters.Identity/Dockerfile +++ b/Streetwriters.Identity/Dockerfile @@ -1,26 +1,50 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build - +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base WORKDIR /app +EXPOSE 80 +EXPOSE 443 + +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build +ARG TARGETARCH +ARG BUILDPLATFORM +ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" + +WORKDIR /src -# copy projects COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/ COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/ COPY Streetwriters.Identity/*.csproj ./Streetwriters.Identity/ # restore dependencies -RUN dotnet restore -v d /app/Streetwriters.Identity/Streetwriters.Identity.csproj --use-current-runtime +RUN dotnet restore -v d /src/Streetwriters.Identity/Streetwriters.Identity.csproj --use-current-runtime -# copy everything else COPY Streetwriters.Data/ ./Streetwriters.Data/ COPY Streetwriters.Common/ ./Streetwriters.Common/ COPY Streetwriters.Identity/ ./Streetwriters.Identity/ -WORKDIR /app/Streetwriters.Identity/ -ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" -RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore +WORKDIR /src/Streetwriters.Identity/ -# final stage/image -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +RUN dotnet build -c Release -o /app/build -a $TARGETARCH + +FROM build AS publish +RUN dotnet publish -c Release -o /app/publish \ + #--runtime alpine-x64 \ + --self-contained true \ + /p:PublishTrimmed=true \ + /p:PublishSingleFile=true \ + -a $TARGETARCH + +FROM --platform=$BUILDPLATFORM base AS final +ARG TARGETARCH +ARG BUILDPLATFORM + +# create a new user and change directory ownership +RUN adduser --disabled-password \ + --home /app \ + --gecos '' dotnetuser && chown -R dotnetuser /app + +# impersonate into the new user +USER dotnetuser WORKDIR /app -COPY --from=build /app/out . -ENTRYPOINT ["dotnet", "Streetwriters.Identity.dll"] \ No newline at end of file + +COPY --from=publish /app/publish . +ENTRYPOINT ["./Streetwriters.Identity"] \ No newline at end of file diff --git a/Streetwriters.Messenger/Dockerfile b/Streetwriters.Messenger/Dockerfile index 2711f24..2b87a04 100644 --- a/Streetwriters.Messenger/Dockerfile +++ b/Streetwriters.Messenger/Dockerfile @@ -1,26 +1,50 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build - +FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base WORKDIR /app +EXPOSE 80 +EXPOSE 443 + +FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build +ARG TARGETARCH +ARG BUILDPLATFORM +ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" + +WORKDIR /src -# copy projects COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/ COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/ COPY Streetwriters.Messenger/*.csproj ./Streetwriters.Messenger/ # restore dependencies -RUN dotnet restore -v d /app/Streetwriters.Messenger/Streetwriters.Messenger.csproj --use-current-runtime +RUN dotnet restore -v d /src/Streetwriters.Messenger/Streetwriters.Messenger.csproj --use-current-runtime -# copy everything else COPY Streetwriters.Data/ ./Streetwriters.Data/ COPY Streetwriters.Common/ ./Streetwriters.Common/ COPY Streetwriters.Messenger/ ./Streetwriters.Messenger/ -WORKDIR /app/Streetwriters.Messenger/ -ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true" -RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore +WORKDIR /src/Streetwriters.Messenger/ -# final stage/image -FROM mcr.microsoft.com/dotnet/aspnet:8.0 +RUN dotnet build -c Release -o /app/build -a $TARGETARCH + +FROM build AS publish +RUN dotnet publish -c Release -o /app/publish \ + #--runtime alpine-x64 \ + --self-contained true \ + /p:PublishTrimmed=true \ + /p:PublishSingleFile=true \ + -a $TARGETARCH + +FROM --platform=$BUILDPLATFORM base AS final +ARG TARGETARCH +ARG BUILDPLATFORM + +# create a new user and change directory ownership +RUN adduser --disabled-password \ + --home /app \ + --gecos '' dotnetuser && chown -R dotnetuser /app + +# impersonate into the new user +USER dotnetuser WORKDIR /app -COPY --from=build /app/out . -ENTRYPOINT ["dotnet", "Streetwriters.Messenger.dll"] \ No newline at end of file + +COPY --from=publish /app/publish . +ENTRYPOINT ["./Streetwriters.Messenger"] \ No newline at end of file