Build and Push Docker Image Workflow

.github/workflows/build-and-push-docker.yml

@@ -0,0 +1,88 @@
+name: Build and Push Docker Images
+
+on:
+  pull_request:
+    paths-ignore:
+    - 'README.md'
+    - 'CODE_OF_CONDUCT.md'
+    - 'CONTRIBUTING.md'
+    - 'LICENSE'
+    - 'SECURITY.md'
+    - 'docs/**'
+    - 'keycloakify/**'
+    - '.github/**'
+    - '!.github/workflows/build-and-push-docker-image.yml'
+    - '!.github/workflows/dev.yml'
+  push:
+    branches:
+      - develop
+
+jobs:
+  build:
+    name: ${{ matrix.path }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - dockerfile: ./webapp/Dockerfile
+            image: ls1intum/Hephaestus/webapp
+            context: ./webapp
+            path: webapp
+          - dockerfile: ./server/intelligence-service/Dockerfile
+            image: ls1intum/Hephaestus/intelligence-service
+            context: ./server/intelligence-service
+            path: intelligence-service
+          - dockerfile: ./server/webhook-ingest/Dockerfile
+            image: ls1intum/Hephaestus/webhook-ingest
+            context: ./server/webhook-ingest
+            path: webhook-ingest
+          - dockerfile: ./server/application-server/Dockerfile
+            image: ls1intum/Hephaestus/application-server
+            context: ./server/application-server
+            path: application-server
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+
+      - name: Install Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=sha,prefix=,format=long
+
+      - name: Build and push Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          context: ${{ matrix.context }}
+          file: ${{ matrix.dockerfile }}
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true
+          cache-from: type=gha,scope=${{ matrix.image }}
+          cache-to: type=gha,scope=${{ matrix.image }},mode=max

compose.yaml

@@ -1,6 +1,7 @@
 services:
   application-server:
-    image: hephaestus-application-server
+    build:
+      context: ./server/application-server
     ports:
       - '8080'
     environment:
@@ -43,4 +44,7 @@ services:
 
 networks:
   app-network:
-    driver: bridge`
+    driver: bridge
+
+volumes:
+  postgresql-data:

server/application-server/Dockerfile

@@ -0,0 +1,26 @@
+FROM maven:3.9.8-eclipse-temurin-21 AS build
+
+WORKDIR /app
+
+COPY pom.xml .
+
+# This step is to cache dependencies, avoiding re-downloading them every time
+RUN mvn dependency:go-offline
+
+COPY src ./src
+
+RUN mvn clean package -DskipTests
+
+FROM eclipse-temurin:21
+
+WORKDIR /app
+
+COPY --from=build /app/target/*.jar /app/server.jar
+
+RUN addgroup --system spring && adduser --system spring --ingroup spring
+
+USER spring:spring
+
+EXPOSE 8080
+
+ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "/app/server.jar"]

webapp/Dockerfile

@@ -1,55 +1,41 @@
-FROM node:latest as build
+FROM node:22 as build
 
 WORKDIR /app
 
-COPY ./ /app/
-
-# Ensure .env file exists
-RUN mv .env* .env || true
-RUN touch .env
-RUN cat .env
-
-# Fix buggy replacement of COOLIFY_URL in .env
-RUN COOLIFY_URL_VALUE=$(grep '^COOLIFY_URL=' .env | cut -d '=' -f2) && \
-    sed -i "s|\$COOLIFY_URL|$COOLIFY_URL_VALUE|g" .env
-
-# Export environment variables from .env
-# This assumes that .env contains lines like VARIABLE=value
-# and does not contain spaces around the '='
-RUN set -a && \
-    . /app/.env && \
-    set +a && \
-    echo "Generating environment.prod.ts" && \
-    cat > src/environments/environment.prod.ts <<EOF
-export const environment = {
-  clientUrl: '${APPLICATION_CLIENT_URL}',
-  serverUrl: '${APPLICATION_SERVER_URL}',
-  keycloak: {
-    url: '${KEYCLOAK_URL}',
-    realm: '${KEYCLOAK_REALM}',
-    clientId: '${KEYCLOAK_CLIENT_ID}',
-    skipLoginPage: ${KEYCLOAK_SKIP_LOGIN}
-  },
-  umami: {
-    enabled: '${UMAMI_ENABLED}',
-    scriptUrl: '${UMAMI_SCRIPT_URL}',
-    websiteId: '${UMAMI_WEBSITE_ID}',
-    domains: '${UMAMI_DOMAINS}'
-  },
-  legal: {
-    imprintHtml: '${LEGAL_IMPRINT_HTML}',
-    privacyHtml: '${LEGAL_PRIVACY_HTML}'
-  }
-};
-EOF
+COPY package.json package-lock.json ./
 
 RUN npm install
+
+COPY . ./
+
 RUN npm run build
 
-FROM nginx:latest
+FROM nginx:stable-alpine
+
+ENV APPLICATION_CLIENT_URL=https://default-client.url
+ENV APPLICATION_SERVER_URL=https://default-server.url
+
+ENV KEYCLOAK_URL=https://default-keycloak.url
+ENV KEYCLOAK_REALM=default-realm
+ENV KEYCLOAK_CLIENT_ID=default-client-id
+ENV KEYCLOAK_SKIP_LOGIN=false
+
+ENV LEGAL_IMPRINT_HTML="<p>Default Imprint</p>"
+ENV LEGAL_PRIVACY_HTML="<p>Default Privacy</p>"
+
+ENV UMAMI_ENABLED=false
+ENV UMAMI_SCRIPT_URL=""
+ENV UMAMI_WEBSITE_ID=""
+ENV UMAMI_DOMAINS=""
 
 COPY --from=build /app/dist/webapp/browser /usr/share/nginx/html
 
+COPY generate_config.sh /usr/local/bin/generate_config.sh
+RUN chmod +x /usr/local/bin/generate_config.sh
+
 COPY nginx.conf /etc/nginx/conf.d/default.conf
 
 EXPOSE 80
+
+ENTRYPOINT ["/usr/local/bin/generate_config.sh"]
+CMD ["nginx", "-g", "daemon off;"]

webapp/angular.json

@@ -60,12 +60,6 @@
           },
           "configurations": {
             "production": {
-              "fileReplacements": [
-                {
-                  "replace": "src/environments/environment.ts",
-                  "with": "src/environments/environment.prod.ts"
-                }
-              ],
               "budgets": [
                 {
                   "type": "initial",

webapp/generate_config.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+# This script generates the environment.json file for the webapp based on the environment variables during the docker container startup.
+
+cat <<EOF > /usr/share/nginx/html/environment.json
+{
+  "clientUrl": "${APPLICATION_CLIENT_URL}",
+  "serverUrl": "${APPLICATION_SERVER_URL}",
+  "keycloak": {
+    "url": "${KEYCLOAK_URL}",
+    "realm": "${KEYCLOAK_REALM}",
+    "clientId": "${KEYCLOAK_CLIENT_ID}",
+    "skipLoginPage": ${KEYCLOAK_SKIP_LOGIN}
+  },
+  "umami": {
+    "enabled": ${UMAMI_ENABLED},
+    "scriptUrl": "${UMAMI_SCRIPT_URL}",
+    "websiteId": "${UMAMI_WEBSITE_ID}",
+    "domains": "${UMAMI_DOMAINS}"
+  },
+  "legal": {
+    "imprintHtml": "$(echo "${LEGAL_IMPRINT_HTML}" | sed 's/"/\\"/g')",
+    "privacyHtml": "$(echo "${LEGAL_PRIVACY_HTML}" | sed 's/"/\\"/g')"
+  }
+}
+EOF
+
+exec "$@"

webapp/package.json

@@ -92,6 +92,7 @@
     "@storybook/test": "8.3.4",
     "@tailwindcss/typography": "0.5.15",
     "@types/jasmine": "5.1.4",
+    "@types/node": "22.10.1",
     "@typescript-eslint/eslint-plugin": "8.2.0",
     "@typescript-eslint/parser": "8.2.0",
     "chromatic": "11.7.1",

webapp/public/environment.json

@@ -0,0 +1,20 @@
+{
+  "clientUrl": "http://localhost:4200",
+  "serverUrl": "http://localhost:8080",
+  "keycloak": {
+    "url": "http://localhost:8081",
+    "realm": "hephaestus",
+    "clientId": "hephaestus",
+    "skipLoginPage": false
+  },
+  "umami": {
+    "enabled": false,
+    "scriptUrl": "",
+    "websiteId": "",
+    "domains": ""
+  },
+  "legal": {
+    "imprintHtml": "<p>This is the imprint.</p>",
+    "privacyHtml": "<p>This is the privacy policy.</p>"
+  }
+}

webapp/src/app/analytics.service.ts

@@ -1,14 +1,16 @@
-import { Injectable } from '@angular/core';
-import { environment } from 'environments/environment';
+import { inject, Injectable } from '@angular/core';
+import { EnvironmentService } from './environment.service';
 
 @Injectable({
   providedIn: 'root'
 })
 export class AnalyticsService {
+  private environmentService = inject(EnvironmentService);
+
   private scriptLoaded = false;
 
   initialize(): void {
-    if (environment.umami.enabled) {
+    if (this.environmentService.env.umami.enabled) {
       this.loadUmamiScript();
     }
   }
@@ -20,9 +22,9 @@ export class AnalyticsService {
 
     const script = document.createElement('script');
     script.defer = true;
-    script.src = environment.umami.scriptUrl;
-    script.setAttribute('data-website-id', environment.umami.websiteId);
-    script.setAttribute('data-domains', environment.umami.domains);
+    script.src = this.environmentService.env.umami.scriptUrl;
+    script.setAttribute('data-website-id', this.environmentService.env.umami.websiteId);
+    script.setAttribute('data-domains', this.environmentService.env.umami.domains);
 
     script.onload = () => {
       console.log('Umami analytics script loaded successfully.');