chore: work on action

Signed-off-by: Jason C. Leach <[email protected]>

.github/actions/docker-build/action.yaml

@@ -0,0 +1,57 @@
+name: Docker Build
+description: Build Docker Image
+inputs:
+  context:
+    description: Docker context path
+    required: true
+    default: dist
+  dockerfile:
+    description: Dockerfile path
+    required: true
+  registry:
+    description: Docker registry
+    required: true
+  image_name:
+    description: Docker image name
+    required: true
+  docker_user:
+    description: Docker user
+    required: true
+  docker_password:
+    description: Docker password
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v2
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Log in to the Container registry
+      uses: docker/login-action@v2
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.docker_user }}
+        password: ${{ inputs.docker_password }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v3
+      with:
+        images: ${{ inputs.registry }}/${{ inputs.image_name }}
+        tags: |
+          type=sha,prefix=
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v4
+      with:
+        context: ${{ inputs.context }}
+        file: ${{ inputs.dockerfile }}
+        push: true
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

.github/actions/setup-node/action.yml

@@ -0,0 +1,32 @@
+# based on https://github.com/hyperledger/aries-framework-javascript-ext/blob/main/.github/actions/setup-node/action.yml
+name: Setup NodeJS
+description: Setup NodeJS with caching
+author: "[email protected]"
+
+inputs:
+  node-version:
+    description: Select the nodejs version to use
+    required: false
+    default: "18.18.2"
+
+runs:
+  using: composite
+  steps:
+    - name: Add package manager
+      shell: bash
+      run: |
+        corepack enable
+
+    - uses: pnpm/action-setup@v4
+
+    - name: Setup node v${{ inputs.node-version }}
+      uses: actions/setup-node@v4
+      with:
+        node-version: ${{ inputs.node-version }}
+        registry-url: "https://registry.npmjs.org/"
+        cache: "pnpm"
+
+    - name: Node Version
+      shell: bash
+      run: |
+        node -v && pnpm -v

.github/workflows/ci.yml → .github/workflows/quality.yml

@@ -1,4 +1,4 @@
-name: Continuous Integration
+name: Quality
 
 on:
   pull_request:
@@ -16,12 +16,10 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v4
 
-      - uses: pnpm/action-setup@v4
       - name: Setup NodeJS
-        uses: actions/setup-node@v4
+        uses: ./.github/actions/setup-node
         with:
           node-version: 20
-          cache: "pnpm"
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile

.github/workflows/release.yml

@@ -0,0 +1,67 @@
+name: Release
+
+on:
+  # push:
+  #   tags:
+  #     - v*
+  workflow_run:
+    workflows: [Quality]
+    branches: [main]
+    types:
+      - completed
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  release-image:
+    name: Publish Image
+    runs-on: ubuntu-20.04
+
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Build Docker image
+        uses: ./.github/actions/docker-build
+        with:
+          registry: ${{ env.REGISTRY }}
+          image_name: "${{ github.repository }}/mediator"
+          context: ./
+          dockerfile: "Dockerfile"
+          docker_user: ${{ github.actor }}
+          docker_password: ${{ secrets.GITHUB_TOKEN }}
+
+      # - name: Log in to the Container registry
+      #   uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      #   with:
+      #     registry: ${{ env.REGISTRY }}
+      #     username: ${{ github.actor }}
+      #     password: ${{ secrets.GITHUB_TOKEN }}
+
+      # - name: Extract metadata (tags, labels) for Docker
+      #   id: meta
+      #   uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+      #   with:
+      #     images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # - name: Build and push Docker image
+      #   id: push
+      #   uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+      #   with:
+      #     context: .
+      #     push: true
+      #     tags: ${{ steps.meta.outputs.tags }}
+      #     labels: ${{ steps.meta.outputs.labels }}
+
+      # - name: Generate artifact attestation
+      #   uses: actions/attest-build-provenance@v2
+      #   with:
+      #     subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+      #     subject-digest: ${{ steps.push.outputs.digest }}
+      #     push-to-registry: true

Dockerfile

@@ -1,10 +1,12 @@
-FROM node:20 as base
+FROM node:20 AS base
 
-workdir /app
+WORKDIR /app
 
-RUN corepack enable
+RUN apt-get update && \
+  apt-get upgrade -y && \ 
+  corepack enable
 
-FROM base as setup
+FROM base AS setup
 
 # Copy root package files
 COPY package.json /app/package.json
@@ -18,7 +20,7 @@ COPY . /app
 
 RUN pnpm build
 
-FROM base as final
+FROM base AS final
 
 WORKDIR /app
 
@@ -29,15 +31,15 @@ COPY package.json /app/package.json
 COPY pnpm-lock.yaml /app/pnpm-lock.yaml
 COPY patches /app/patches
 
-# Run yarn install
-RUN pnpm install --production
-
-# Clean cache to reduce image size
-RUN pnpm store prune
+# Package yarn install and prune to
+# reduce image size
+RUN pnpm install --production && \
+  pnpm store prune
 
 # Don't run production as root
-RUN addgroup --system --gid 1001 agent
-RUN adduser --system --uid 1001 agent
+RUN addgroup --system --gid 1001 agent && \
+  adduser --system --uid 1001 agent
+
 USER agent
 
 ENTRYPOINT [ "node", "build/index.js" ]