Mise en prod

.dockerignore

@@ -0,0 +1,11 @@
+dist
+node_modules
+test
+.dockerignore
+.env
+.env.example
+.eslintrc.js
+.gitignore
+.prettierrc
+Dockerfile
+README.md

.github/workflows/build.yml

@@ -0,0 +1,72 @@
+name: 🐳 Build And Push Docker Image
+on:
+  workflow_call:
+    inputs:
+      tag:
+        type: string
+        description: The tag to push to the Docker registry.
+        # required: true
+        # default: latest
+
+jobs:
+  build:
+    name: 🐳 Build
+    # only build/deploy main branch on pushes
+    if: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: ⬇️ Checkout repo
+        uses: actions/[email protected]
+
+      - name: 🧑‍💻 Login to Docker Hub
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          logout: true
+
+      - name: 🐳 Set up Docker Buildx
+        uses: docker/[email protected]
+
+      # Setup cache
+      - name: ⚡️ Cache Docker layers
+        uses: actions/[email protected]
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ github.ref_name }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: 🐳 Build Production Image
+        if: ${{ github.ref == 'refs/heads/main' }}
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          tags: algomax/nestjs-chat-api:production
+          build-args: |
+            COMMIT_SHA=${{ github.sha }} \
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      - name: 🐳 Build Staging Image
+        if: ${{ github.ref == 'refs/heads/dev' }}
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          tags: algomax/nestjs-chat-api:latest
+          build-args: |
+            COMMIT_SHA=${{ github.sha }} \
+
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
+
+      # This ugly bit is necessary if you don't want your cache to grow forever
+      # till it hits GitHub's limit of 5GB.
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: 🚚 Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache

.github/workflows/ci.yml

@@ -0,0 +1,74 @@
+name: 🚀 Deploy
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request: {}
+
+permissions:
+  actions: write
+  contents: read
+
+jobs:
+  build:
+    name: 🐳 build
+    uses: ./.github/workflows/build.yml
+    secrets: inherit
+
+  deploy:
+    name: 🚀 Deploy
+    runs-on: [self-hosted]
+    needs: [build]
+    # needs: [build]
+    # only build/deploy main branch on pushes
+    if: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && github.event_name == 'push' }}
+    env:
+      JWT_SECRET: ${{ secrets.JWT_SECRET }}
+      PORT: ${{ secrets.PORT }}
+      RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
+      FRONTEND_URL: ${{ secrets.FRONTEND_URL }}
+      DATABASE_URL: ${{ secrets.DATABASE_URL }}
+      AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
+      AWS_SECRET: ${{ secrets.AWS_SECRET }}
+      AWS_BUCKET_NAME: ${{ secrets.AWS_BUCKET_NAME }}
+      AWS_REGION: ${{ secrets.AWS_REGION }}
+      STRIPE_SECRET_KEY: ${{ secrets.STRIPE_SECRET_KEY }}
+      STRIPE_WEBHOOK_SECRET: ${{ secrets.STRIPE_WEBHOOK_SECRET }}
+
+    steps:
+      - name: Cache node modules
+        uses: actions/[email protected]
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+
+      - name: ⬇️ Checkout repo
+        uses: actions/[email protected]
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # - name: 🚀 Run Docker Compose on Staging
+      #   if: ${{ github.ref == 'refs/heads/dev' }}
+      #   env:
+      #     DATABASE_URL: ${{ secrets.DATABASE_URL_STAGING }}
+      #     FRONTEND_URL: ${{ secrets.FRONTEND_URL_STAGING }}
+      #   run: |
+      #     docker pull algomax/nestjs-chat-api:latest
+      #     docker compose -f docker-compose.dev.yaml up -d
+      #     docker system prune --all --volumes --force
+
+      - name: 🚀 Run Docker Compose on Production
+        if: ${{ github.ref == 'refs/heads/main' }}
+        # env:
+        #   FRONTEND_URL: ${{ secrets.FRONTEND_URL }}
+        #   DATABASE_URL: ${{ secrets.DATABASE_URL }}
+        run: |
+          docker pull algomax/nestjs-chat-api:production
+          docker compose -f docker-compose.prod.yaml up -d
+          docker system prune --all --volumes --force

Dockerfile

@@ -0,0 +1,58 @@
+# https://www.tomray.dev/nestjs-docker-production
+# BUILD FOR PRODUCTION
+FROM node:20-alpine As base
+
+ENV NODE_ENV="production"
+
+FROM base AS installer
+
+RUN apk add --no-cache libc6-compat
+# Set working directory
+WORKDIR /app
+
+COPY --chown=node:node ./package*.json ./
+COPY --chown=node:node ./start.sh ./start.sh
+COPY --chown=node:node . .
+
+RUN npm install --include=dev
+
+ADD prisma prisma
+
+RUN npx prisma generate
+
+RUN npm run build
+
+FROM base as prunner
+WORKDIR /app
+
+COPY --from=installer /app/node_modules ./node_modules
+COPY ./package*.json ./
+
+RUN npm prune --omit=dev
+
+FROM base AS runner
+WORKDIR /app
+
+ENV TZ=Europe/Paris
+
+RUN apk add --no-cache tzdata \
+    && cp /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone \
+    && apk del tzdata
+
+# Don't run production as root
+RUN addgroup --system --gid 1024 nodejs
+RUN adduser --system --uid 1024 nestjs
+
+USER nestjs
+
+COPY --chown=nestjs:nodejs --from=prunner /app/package.json ./package.json
+COPY --chown=nestjs:nodejs --from=installer /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=prunner /app/node_modules ./node_modules
+COPY --chown=nestjs:nodejs --from=installer /app/start.sh ./start.sh
+COPY --chown=nestjs:nodejs --from=installer /app/prisma ./prisma
+
+# CMD ["sh", "-c", "while :; do echo 'Container is running...'; sleep 60; done"]
+
+CMD ["sh", "start.sh"]
+# ENTRYPOINT ["start.sh"]

docker-compose.dev.yaml

@@ -0,0 +1,23 @@
+services:
+  nestjs-chat-api_dev:
+    environment:
+      - DATABASE_URL
+      - JWT_SECRET
+      - PORT
+      - RESEND_API_KEY
+      - FRONTEND_URL
+      - AWS_ACCESS_KEY
+      - AWS_SECRET
+      - AWS_BUCKET_NAME
+      - AWS_REGION
+      - STRIPE_SECRET_KEY
+      - STRIPE_WEBHOOK_SECRET
+
+
+    container_name: nestjs-chat-api_dev
+    build:
+      context: .
+      dockerfile: Dockerfile
+    restart: always
+    ports:
+      - 8000:8000