feat: add docker images

telepace · Oct 6, 2024 · 1de0e7f · 1de0e7f
1 parent f9483e0
commit 1de0e7f
Show file tree

Hide file tree

Showing 23 changed files with 721 additions and 0 deletions.
diff --git a/.github/.codecov.yml b/.github/.codecov.yml
@@ -0,0 +1,9 @@
+coverage:
+  status:
+    project:
+      default: false
+      pkg:
+        paths:
+          - ai_commons
+        informational: true
+    patch: off
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,91 @@
+# Config for Dependabot updates. See Documentation here:
+# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  # Update GitHub actions in workflows
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+
+  # Enable version updates for Docker
+  # We need to specify each Dockerfile in a separate entry because Dependabot doesn't
+  # support wildcards or recursively checking subdirectories. Check this issue for updates:
+  # https://github.com/dependabot/dependabot-core/issues/2178
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/local/django` directory
+    directory: 'compose/local/django/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: '*'
+        update-types:
+          - 'version-update:semver-major'
+          - 'version-update:semver-minor'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/local/docs` directory
+    directory: 'compose/local/docs/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: '*'
+        update-types:
+          - 'version-update:semver-major'
+          - 'version-update:semver-minor'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/local/node` directory
+    directory: 'compose/local/node/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/production/aws` directory
+    directory: 'compose/production/aws/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/production/django` directory
+    directory: 'compose/production/django/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+    # Ignore minor version updates (3.10 -> 3.11) but update patch versions
+    ignore:
+      - dependency-name: '*'
+        update-types:
+          - 'version-update:semver-major'
+          - 'version-update:semver-minor'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/production/postgres` directory
+    directory: 'compose/production/postgres/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+
+  - package-ecosystem: 'docker'
+    # Look for a `Dockerfile` in the `compose/production/traefik` directory
+    directory: 'compose/production/traefik/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
+
+  # Enable version updates for Python/Pip - Production
+  - package-ecosystem: 'pip'
+    # Look for a `requirements.txt` in the `root` directory
+    # also 'setup.cfg', 'runtime.txt' and 'requirements/*.txt'
+    directory: '/'
+    # Every weekday
+    schedule:
+      interval: 'daily'
diff --git a/.github/labels.yml b/.github/labels.yml
@@ -0,0 +1,37 @@
+# Refer to Kubernetes for size/* Settings
+# https://github.com/Kubernetes/Kubernetes
+XS:
+  name: size/XS
+  lines: 0
+  color: 3CBF00
+S:
+  name: size/S
+  lines: 10
+  color: 5D9801
+M:
+  name: size/M
+  lines: 30
+  color: 7F7203
+L:
+  name: size/L
+  lines: 100
+  color: A14C05
+XL:
+  name: size/XL
+  lines: 500
+  color: C32607
+XXL:
+  name: size/XXL
+  lines: 1000
+  color: E50009
+  comment: |
+    ## 🤖 Whoa! Easy there, Partner!
+    This PR is too big. It's over 1000. Please break it up into smaller PRs.
+
+XXXL:
+  name: size/XXXL
+  lines: 5000
+  color: FF0000
+  comment: |
+    ## 🤖 Whoa! Easy there, Partner!
+    This PR is too big. It's over 5000. Please break it up into smaller PRs.
diff --git a/.github/weekly-digest.yml b/.github/weekly-digest.yml
@@ -0,0 +1,6 @@
+publishDay: sun
+canPublishIssues: true
+canPublishPullRequests: true
+canPublishContributors: true
+canPublishStargazers: true
+canPublishCommits: true
diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml
@@ -0,0 +1,112 @@
+name: Docker Build and Push
+
+on:
+  push:
+    tags:
+      - 'v*.*.*'       # 例如 v1.0.0, v2.1.3
+      - 'v*.*.*-*'     # 例如 v1.0.0-beta.1
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+          - project: django
+            context: .
+            dockerfile: ./compose/production/django/Dockerfile
+            architectures: linux/amd64,linux/arm64
+          - project: postgres
+            context: .
+            dockerfile: ./compose/production/postgres/Dockerfile
+            architectures: linux/amd64,linux/arm64
+          - project: traefik
+            context: .
+            dockerfile: ./compose/production/traefik/Dockerfile
+            architectures: linux/amd64,linux/arm64
+          - project: nginx
+            context: .
+            dockerfile: ./compose/production/nginx/Dockerfile
+            architectures: linux/amd64,linux/arm64
+          - project: awscli
+            context: .
+            dockerfile: ./compose/production/aws/Dockerfile
+            architectures: linux/amd64,linux/arm64
+
+    steps:
+      # 1. 检出代码
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # 确保获取所有标签
+
+      # 2. 设置 Docker Buildx
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # 3. 登录 Docker Hub
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # 4. 登录阿里云容器注册表
+      - name: Log in to AliYun Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: registry.cn-hangzhou.aliyuncs.com
+          username: ${{ secrets.ALIREGISTRY_USERNAME }}
+          password: ${{ secrets.ALIREGISTRY_TOKEN }}
+
+      # 5. 登录 GitHub Container Registry
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # 6. 获取 Docker 元数据
+      - name: Get Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/yourdockerhubusername/ai_feedback_production_${{ matrix.project }}
+            registry.cn-hangzhou.aliyuncs.com/youraliyunusername/ai_feedback_production_${{ matrix.project }}
+            ghcr.io/yourgithubusername/ai_feedback_production_${{ matrix.project }}
+          tags: |
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      # 7. 构建并推送 Docker 镜像
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          platforms: ${{ matrix.architectures }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # 8. 安全扫描（可选）
+      - name: Scan Docker image for vulnerabilities
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: yourdockerhubusername/ai_feedback_production_${{ matrix.project }}:${{ steps.metadata.outputs.version }}
+          format: 'table'
+          exit-code: '0'
+
+      # 9. 清理未使用的 Docker 镜像
+      - name: Clean up Docker
+        run: docker system prune -f
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,52 @@
+name: CI
+
+# Enable Buildkit and let compose use it to speed up image building
+env:
+  DOCKER_BUILDKIT: 1
+  COMPOSE_DOCKER_CLI_BUILD: 1
+
+on:
+  pull_request:
+    branches: ['main']
+    paths-ignore: ['docs/**']
+
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  linter:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+      - name: Run pre-commit
+        uses: pre-commit/action@v3.0.1
+
+  # With no caching at all the entire ci process takes 3m to complete!
+  pytest:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code Repository
+        uses: actions/checkout@v4
+
+      - name: Build the Stack
+        run: docker compose -f docker-compose.local.yml build django
+
+      - name: Build the docs
+        run: docker compose -f docker-compose.docs.yml build docs
+
+      - name: Run DB Migrations
+        run: docker compose -f docker-compose.local.yml run --rm django python manage.py migrate
+
+      - name: Run Django Tests
+        run: docker compose -f docker-compose.local.yml run django pytest
+
+      - name: Tear down the Stack
+        run: docker compose -f docker-compose.local.yml down
diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml
@@ -0,0 +1,33 @@
+name: e2e
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Test
+    runs-on: ubuntu-latest
+    env:
+      GO111MODULE: on
+    steps:
+
+      - name: Set up Go 1.21
+        uses: actions/setup-go@v5
+        with:
+          go-version: 1.21
+        id: go
+
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v4
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v4
+
+      - name: Create e2e test
+        run: |
+          echo "...test e2e"
diff --git a/compose/production/aws/Dockerfile b/compose/production/aws/Dockerfile
@@ -0,0 +1,9 @@
+FROM docker.io/amazon/aws-cli:2.17.0
+
+COPY ./compose/production/aws/maintenance /usr/local/bin/maintenance
+COPY ./compose/production/postgres/maintenance/_sourced /usr/local/bin/maintenance/_sourced
+
+RUN chmod +x /usr/local/bin/maintenance/*
+
+RUN mv /usr/local/bin/maintenance/* /usr/local/bin \
+    && rmdir /usr/local/bin/maintenance
diff --git a/compose/production/aws/maintenance/download b/compose/production/aws/maintenance/download
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+### Download a file from your Amazon S3 bucket to the postgres /backups folder
+###
+### Usage:
+###     $ docker compose -f docker-compose.production.yml run --rm awscli <1>
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+working_dir="$(dirname ${0})"
+source "${working_dir}/_sourced/constants.sh"
+source "${working_dir}/_sourced/messages.sh"
+
+export AWS_ACCESS_KEY_ID="${DJANGO_AWS_ACCESS_KEY_ID}"
+export AWS_SECRET_ACCESS_KEY="${DJANGO_AWS_SECRET_ACCESS_KEY}"
+export AWS_STORAGE_BUCKET_NAME="${DJANGO_AWS_STORAGE_BUCKET_NAME}"
+
+
+aws s3 cp s3://${AWS_STORAGE_BUCKET_NAME}${BACKUP_DIR_PATH}/${1} ${BACKUP_DIR_PATH}/${1}
+
+message_success "Finished downloading ${1}."