Add multiplatform docker image build

.github/workflows/build_application_docker.yaml

@@ -1,7 +1,11 @@
 on:
   workflow_dispatch:
-  release:
-    types: [published]
+  workflow_run:
+    workflows:
+      - 'Publish Platform'
+      - 'Publish Platform Hotfix'
+    types:
+      - completed
 
 concurrency:
   group: ${{ github.workflow }}
@@ -17,16 +21,27 @@ jobs:
   build:
     name: datalens-us
     runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == '' || github.event.workflow_run.conclusion == 'success' }}
     permissions:
       contents: read
       packages: write
     steps:
+      - name: Download Artifacts
+        uses: dawidd6/action-download-artifact@v2
+        if: ${{ github.event.workflow_run.id != '' }}
+        with:
+          workflow: ${{ github.event.workflow_run.workflow_id }}
+          run_id: ${{ github.event.workflow_run.id }}
+      - name: Extract commit ref from workflow
+        run: |
+          echo "COMMIT_REF=$(cat workflow_ref/ref || echo '${{ github.ref }}')" >> "$GITHUB_ENV"
       - uses: actions/checkout@v4
-        # ? disabled due to a very long ARM build
-        # - uses: docker/setup-qemu-action@v3
-        #   with:
-        #     platforms: 'arm64'
-        # - uses: docker/setup-buildx-action@v3
+        with:
+          ref: ${{ env.COMMIT_REF || github.ref }}
+      - uses: docker/setup-qemu-action@v3
+        with:
+          platforms: 'arm64'
+      - uses: docker/setup-buildx-action@v3
       - name: 'Get release build version'
         run: |
           BUILD_VERSION=$(jq -r '.version' package.json)
@@ -57,7 +72,6 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-          # ? disabled due to a very long ARM build
-          # platforms: linux/amd64,linux/arm64
-          # cache-from: type=gha
-          # cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/publish_platform.yaml

@@ -76,3 +76,12 @@ jobs:
           prerelease: false
       - name: 'Success notify'
         run: echo "Version bumped to '$TAG_NEW_VERSION' and pushed to remote repository"
+      - name: Save workflow ref
+        run: |
+          mkdir -p ./workflow_ref
+          echo "${{ env.NEW_BRANCH }}" > ./workflow_ref/ref
+      - uses: actions/upload-artifact@v3
+        with:
+          name: workflow_ref
+          path: ./workflow_ref/
+          retention-days: 30

.github/workflows/publish_platform_hotfix.yaml

@@ -58,3 +58,12 @@ jobs:
           prerelease: false
       - name: 'Success notify'
         run: echo "Version bumped to '$TAG_NEW_VERSION' and pushed to remote repository"
+      - name: Save workflow ref
+        run: |
+          mkdir -p ./workflow_ref
+          echo "${{ env.NEW_BRANCH }}" > ./workflow_ref/ref
+      - uses: actions/upload-artifact@v3
+        with:
+          name: workflow_ref
+          path: ./workflow_ref/
+          retention-days: 30

Dockerfile

@@ -1,70 +1,102 @@
-FROM ubuntu:22.04
+# use native build platform for build js files only once
+FROM --platform=${BUILDPLATFORM} ubuntu:22.04 AS native-build-stage
+
+ARG NODE_MAJOR=20
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/cert.pem
+
+RUN apt-get update && apt-get -y upgrade
+
+# node
+RUN apt-get -y install ca-certificates curl gnupg
+RUN mkdir -p /etc/apt/keyrings
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+
+RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+
+RUN apt-get update && apt-get -y install nodejs g++ make
+
+RUN useradd -m -u 1000 app && mkdir /opt/app && chown app:app /opt/app
+
+WORKDIR /opt/app
+
+COPY package.json package-lock.json .npmrc /opt/app/
+RUN npm ci
+
+COPY ./dist /opt/app/dist
+COPY ./src /opt/app/src
+COPY ./typings /opt/app/typings
+COPY tsconfig.json /opt/app/
+
+RUN npm run build && chown app /opt/app/dist/run
+
+# runtime base image for both platform
+FROM ubuntu:22.04 AS base-stage
+
+ARG NODE_MAJOR=20
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get -y upgrade
+
+# node
+RUN apt-get -y install ca-certificates curl gnupg
+RUN mkdir -p /etc/apt/keyrings
+RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+
+RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+
+RUN apt-get update
+RUN apt-get -y install nodejs
+
+# install postgresql-client
+RUN apt-get -y install  postgresql-client
+
+# remove unnecessary packages
+RUN apt-get -y purge curl gnupg gnupg2 && \
+    apt-get -y autoremove && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
 # timezone setting
 ENV TZ="Etc/UTC"
-RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
+RUN ln -sf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
-# add node.js repository
-RUN apt-get update && \
-    apt-get install -y ca-certificates curl gnupg && \
-    mkdir -p /etc/apt/keyrings && \
-    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
-    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+# user app
+RUN useradd -m -u 1000 app && mkdir /opt/app && chown app:app /opt/app
 
-# add postgresql repository
-RUN install -d /usr/share/postgresql-common/pgdg && \
-    curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc && \
-    echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt jammy-pgdg main" | tee /etc/apt/sources.list.d/pgdg.list
+# install package dependencies for production
+FROM base-stage AS install-stage
 
 # install system dependencies
-RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get -y install tzdata && \
-    apt-get -y install nginx supervisor nodejs postgresql-client-13 build-essential
+RUN apt-get update && apt-get -y install g++ make
 
-# cleanup tmp and defaults
-RUN rm -rf /etc/nginx/sites-enabled/default /var/lib/apt/lists/*
+WORKDIR /opt/app
 
-ARG app_version
-ARG CERT
-ARG USER=app
+COPY package.json package-lock.json .npmrc /opt/app/
 
-ENV APP_VERSION=$app_version
-ENV NODE_ENV=production
+RUN npm ci && npm prune --production
 
-RUN mkdir -p /opt/app
+# production running stage
+FROM base-stage AS runtime-stage
 
-RUN useradd -ms /bin/bash --uid 1000 ${USER}
+ARG USER=app
+ARG app_version
+ENV APP_VERSION=$app_version
 
 WORKDIR /opt/app
 
-
-COPY deploy/nginx /etc/nginx
-COPY deploy/supervisor /etc/supervisor/conf.d
 COPY package.json package-lock.json /opt/app/
-COPY . .
-
-# prepare rootless permissions for supervisor and nginx
-RUN chown -R ${USER} /var/log/supervisor/ && \
-    mkdir /var/run/supervisor && \
-    chown -R ${USER} /var/run/supervisor && \
-    mkdir -p /var/cache/nginx && chown -R ${USER} /var/cache/nginx && \
-    mkdir -p /var/log/nginx  && chown -R ${USER} /var/log/nginx && \
-    mkdir -p /var/lib/nginx  && chown -R ${USER} /var/lib/nginx && \
-    touch /run/nginx.pid && chown -R ${USER} /run/nginx.pid 
-
-# build app
-RUN npm ci -q --no-progress --include=dev --also=dev
-RUN npm run build
-RUN npm prune --production
-RUN rm -rf /tmp/*
 
-RUN chown -R ${USER} /opt/app/dist/run
+COPY --from=install-stage /opt/app/node_modules /opt/app/node_modules
+COPY --from=native-build-stage /opt/app/dist /opt/app/dist
 
-# adding certificate
-RUN echo $CERT > /usr/local/share/ca-certificates/cert.pem
-ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/cert.pem
-RUN update-ca-certificates
+RUN chown -R ${USER} /opt/app/dist/run
 
 USER app
 
-ENTRYPOINT [ "/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf" ]
+ENV NODE_ENV=production
+ENV APP_PORT=8083
+
+ENTRYPOINT ["./scripts/preflight.sh"]

scripts/preflight.sh

@@ -7,7 +7,7 @@ else
     echo "Start setting up extensions"
     node /opt/app/dist/server/db/scripts/extensions.js
     echo "Finish setting up extensions"
-fi;
+fi
 
 echo "Start migration"
 npm run db:migrate
@@ -31,5 +31,4 @@ if [ "$USE_E2E_MOCK_DATA" = "1" ]; then
     echo "Finish setting up e2e data"
 fi
 
-supervisorctl -c /etc/supervisor/conf.d/supervisor.conf start node
-supervisorctl -c /etc/supervisor/conf.d/supervisor.conf start nginx
+node dist/server