Merge pull request #3 from kfit-dev/chore/listen-ipv4-only

bump base image and libs

.github/workflows/docker-publish.yml

@@ -1,31 +1,25 @@
-name: Docker
+name: Build relayman
 
 on:
   push:
-    # Publish `master` as Docker `latest` image.
     branches:
       - master
 
-    # Publish `v1.2.3` tags as releases.
-    tags:
-      - v*
-
   # Run tests for any PRs.
   pull_request:
 
 env:
-  # TODO: Change variable to your image's name.
-  IMAGE_NAME: relayman
+  ECR_REGISTRY: 606804169143.dkr.ecr.ap-southeast-1.amazonaws.com
+  ECR_BUILD_REPO: relayman
 
 jobs:
   # Run tests.
   # See also https://docs.docker.com/docker-hub/builds/automated-testing/
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
 
     steps:
       - uses: actions/checkout@v2
-
       - name: Run tests
         run: |
           if [ -f docker-compose.test.yml ]; then
@@ -34,37 +28,88 @@ jobs:
           else
             docker build . --file Dockerfile
           fi
-  # Push image to GitHub Packages.
-  # See also https://docs.docker.com/docker-hub/builds/
-  push:
-    # Ensure test job passes before pushing image.
-    needs: test
 
-    runs-on: ubuntu-latest
-    if: github.event_name == 'push'
+  setup_env:
+    if: ${{ github.event_name == 'push' }}
+    needs: test
+    environment: test
+    runs-on: ubuntu-20.04
+    outputs:
+      ecr_password: ${{ steps.ecr_password.outputs.ecr_password }}
+      container_image_uri: ${{ steps.image_tag.outputs.container_image_uri }}
+      image_tag: ${{ steps.image_tag.outputs.image_tag }}
+    steps:
+      - name: Set up AWS CLI
+        uses: chrislennon/[email protected]
+      - id: ecr_password
+        name: Retrieve ECR password
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ap-southeast-1
+        run: echo "ecr_password=$(aws ecr get-login-password)" >> $GITHUB_OUTPUT
+      - id: image_tag
+        name: Setup image tags
+        run: |
+          IMAGE_TAG=latest
+          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
+          echo "container_image_uri=$ECR_REGISTRY/$ECR_BUILD_REPO:$IMAGE_TAG" >> $GITHUB_OUTPUT
 
+  docker_build:
+    if: ${{ github.event_name == 'push' }}
+    timeout-minutes: 40
+    needs:
+      - setup_env
+    environment: test
+    runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v2
+      - name: Check Out Repo
+        uses: actions/checkout@v3
 
-      - name: Build image
-        run: docker build . --file Dockerfile --tag $IMAGE_NAME
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          buildkitd-flags: --debug
+          install: true
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache-${{ matrix.gemfile }}
+          key: ${{ runner.os }}-multi-buildx-${{ github.sha }}-${{ matrix.gemfile }}
+          restore-keys: |
+            ${{ runner.os }}-multi-buildx
 
-      - name: Log into GitHub Container Registry
-        # TODO: Create a PAT with `read:packages` and `write:packages` scopes and save it as an Actions secret `CR_PAT`
-        run: echo "${{ secrets.CR_PAT }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-southeast-1
+
+      - name: Login to ECR
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.ECR_REGISTRY }}
+
+      - name: Build image
+        uses: docker/build-push-action@v3
+        env:
+          CONTAINER_IMAGE_URI: ${{ needs.setup_env.outputs.container_image_uri }}
+        with:
+          context: .
+          builder: ${{ steps.buildx.outputs.name }}
+          file: Dockerfile
+          push: true
+          tags: ${{ env.CONTAINER_IMAGE_URI }}
+          cache-from: type=local,src=/tmp/.buildx-cache-${{ matrix.gemfile }}
+          # Note the mode=max here
+          # More: https://github.com/moby/buildkit#--export-cache-options
+          # And: https://github.com/docker/buildx#--cache-tonametypetypekeyvalue
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new-${{ matrix.gemfile }}
 
-      - name: Push image to GitHub Container Registry
+      - name: Move cache
         run: |
-          IMAGE_ID=ghcr.io/${{ github.repository_owner }}/$IMAGE_NAME
-          # Change all uppercase to lowercase
-          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
-          # Strip git ref prefix from version
-          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
-          # Strip "v" prefix from tag name
-          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
-          # Use Docker `latest` tag convention
-          [ "$VERSION" == "master" ] && VERSION=latest
-          echo IMAGE_ID=$IMAGE_ID
-          echo VERSION=$VERSION
-          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
-          docker push $IMAGE_ID:$VERSION
+          rm -rf /tmp/.buildx-cache-${{ matrix.gemfile }}
+          mv /tmp/.buildx-cache-new-${{ matrix.gemfile }} /tmp/.buildx-cache-${{ matrix.gemfile }}

Dockerfile

@@ -1,4 +1,4 @@
-FROM hexpm/elixir:1.11.1-erlang-22.2.1-alpine-3.12.0 AS build
+FROM hexpm/elixir:1.14.2-erlang-24.3.4.7-alpine-3.16.3 AS build
 
 ENV MIX_ENV=prod
 
@@ -24,9 +24,9 @@ COPY rel rel
 
 RUN mix release
 
-FROM alpine AS app
+FROM alpine:latest AS app
 
-RUN apk add --update bash openssl
+RUN apk add --update --no-cache bash libcrypto1.1 libstdc++
 
 WORKDIR /app
 
@@ -36,4 +36,4 @@ RUN chown -R nobody: /app
 USER nobody
 
 ENV HOME=/app
-ENV PATH $PATH:$HOME/bin
+ENV PATH $PATH:$HOME/bin