refactor: Update deployment workflows and Dockerfiles for production

- Modified the GitHub Actions workflow to streamline the deployment process by installing Docker directly and using shell commands for building and pushing images. - Changed the base image for the backend Dockerfile from `python:3.11-slim` to `python:alpine` for a smaller footprint. - Updated the frontend Dockerfile to use `node:23-alpine` instead of `node:24-alpine`, and refactored the production stage to use `node:slim`. Added a script for runtime environment variable injection.
2025-06-01 14:37:09 +02:00 · 2025-06-01 14:37:09 +02:00 · 8ff31ecf91
commit 8ff31ecf91
parent 1c87170955
3 changed files with 37 additions and 43 deletions
--- a/.gitea/workflows/deploy-prod.yml
+++ b/.gitea/workflows/deploy-prod.yml
@ -3,42 +3,35 @@ name: Deploy to Production, build images and push to Gitea Registry
 on:
  push:
    branches:
-      - prod # Trigger deployment only on pushes to main
+      - prod

 jobs:
-  deploy:
+  build_and_push:
    runs-on: ubuntu-latest
+
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+      - name: Install Docker
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y docker.io

-      - name: Log in to Gitea Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: git.vinylnostalgia.com:5000 # IMPORTANT: Verify this is your Gitea registry URL (e.g., git.vinylnostalgia.com or with a different port).
-          username: ${{ gitea.actor }} # Uses the user that triggered the action. You can replace with 'mo' if needed.
-          password: ${{ secrets.GITEA_TOKEN }} # IMPORTANT: Create a Gitea repository secret named GITEA_TOKEN with your password or access token.
+      - name: Build and push backend image
+        env:
+          GITEA_USERNAME: ${{ secrets.ME_USERNAME }}
+          GITEA_PASSWORD: ${{ secrets.ME_PASSWORD }}
+        run: |
+          echo $GITEA_PASSWORD | docker login git.vinylnostalgia.com:5000 -u $GITEA_USERNAME --password-stdin
+          docker build -t git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest ./be -f ./be/Dockerfile.prod
+          docker push git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest

-      - name: Build and push backend image to Gitea Registry
-        uses: docker/build-push-action@v4
-        with:
-          context: ./be
-          file: ./be/Dockerfile.prod
-          push: true
-          tags: git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest # IMPORTANT: Verify registry URL matches the login step.
-          # Ensure gitea.repository_owner and gitea.repository_name resolve as expected for your image path.
-
-      - name: Build and push frontend image to Gitea Registry
-        uses: docker/build-push-action@v4
-        with:
-          context: ./fe
-          file: ./fe/Dockerfile.prod
-          push: true
-          tags: git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest # IMPORTANT: Verify registry URL matches the login step.
-          # Ensure gitea.repository_owner and gitea.repository_name resolve as expected for your image path.
-          build-args: |
-            VITE_API_URL=${{ secrets.VITE_API_URL }}
-            VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
+      - name: Build and push frontend image
+        env:
+          GITEA_USERNAME: ${{ secrets.ME_USERNAME }}
+          GITEA_PASSWORD: ${{ secrets.ME_PASSWORD }}
+        run: |
+          echo $GITEA_PASSWORD | docker login git.vinylnostalgia.com:5000 -u $GITEA_USERNAME --password-stdin
+          docker build -t git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest ./fe -f ./fe/Dockerfile.prod
+          docker push git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest
--- a/be/Dockerfile
+++ b/be/Dockerfile
@ -1,7 +1,7 @@
 # be/Dockerfile

 # Choose a suitable Python base image
-FROM python:3.11-slim
+FROM python:alpine

 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1  # Prevent python from writing pyc files
--- a/fe/Dockerfile.prod
+++ b/fe/Dockerfile.prod
@ -1,5 +1,5 @@
 # Multi-stage build for production
-FROM node:24-alpine AS base
+FROM node:23-alpine AS base

 # Install dependencies only when needed
 FROM base AS deps
@ -28,22 +28,14 @@ RUN npm ci
 # Copy source code
 COPY . .

-# Build arguments for environment variables
-ARG VITE_API_URL
-ARG VITE_SENTRY_DSN
-ARG VITE_ROUTER_MODE=history
-
 # Set environment variables for build
-ENV VITE_API_URL=$VITE_API_URL
-ENV VITE_SENTRY_DSN=$VITE_SENTRY_DSN
-ENV VITE_ROUTER_MODE=$VITE_ROUTER_MODE
 ENV NODE_ENV=production

 # Build the application
 RUN npm run build

 # Production stage
-FROM node:24-alpine AS production # Using node image to use serve
+FROM node:slim AS production

 # Install serve globally
 RUN npm install -g serve
@ -57,6 +49,15 @@ COPY --from=build /app/dist .
 # Create a default static.json for serve to handle SPA routing
 RUN echo '{ \n  "rewrites": [ \n    { "source": "**", "destination": "/index.html" } \n  ] \n}' > static.json

+# Create a script to inject environment variables at runtime
+RUN echo '#!/bin/sh\n\
+echo "window.ENV = { \
+  VITE_API_URL: \"$VITE_API_URL\", \
+  VITE_SENTRY_DSN: \"$VITE_SENTRY_DSN\", \
+  VITE_ROUTER_MODE: \"$VITE_ROUTER_MODE\" \
+}" > /app/env-config.js\n\
+serve -s . -l 3000' > /app/start.sh && chmod +x /app/start.sh
+
 # Expose port 3000 (serve default)
 EXPOSE 3000

@ -64,5 +65,5 @@ EXPOSE 3000
 # HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
 # CMD curl -f http://localhost:3000/ || exit 1

-# Start serve
-CMD ["serve", "-s", ".", "-l", "3000"] 
+# Start serve with environment variable injection
+CMD ["/app/start.sh"]