-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 5c013e2
Showing
12 changed files
with
1,669 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
name: CI | ||
|
||
on: | ||
workflow_dispatch: | ||
push: | ||
pull_request: | ||
types: [opened, reopened] | ||
schedule: | ||
# * is a special character in YAML so you have to quote this string | ||
- cron: '30 15 * * *' | ||
jobs: | ||
publish: | ||
runs-on: ubuntu-latest | ||
env: | ||
APP_NAME: formsg-intl | ||
steps: | ||
- name: Checkout opengovsg/FormSG into the same local dir | ||
uses: actions/checkout@v4 | ||
with: | ||
repository: opengovsg/FormSG | ||
ref: refs/heads/release-al2 | ||
- name: Checkout this repo | ||
uses: actions/checkout@v4 | ||
with: | ||
path: repo | ||
- name: Move repo contents into local root | ||
run: mv repo/* . | ||
- name: Replace files with demo-specific ones | ||
run: | | ||
cp -rf replacements/* . | ||
rm -rf replacements | ||
- name: Substitute index.html OG params | ||
run: | | ||
cat frontend/public/index.html | \ | ||
sed 's/__OG_TITLE__/Form/' | \ | ||
sed 's/__OG_DESCRIPTION__/Secure forms from the government/' | \ | ||
sed 's/__OG_IMAGE__/og-img-metatag-publicform.png/' > frontend/public/index2.html && \ | ||
mv frontend/public/index2.html frontend/public/index.html | ||
- name: Set app version | ||
run: | | ||
echo "APP_VERSION=$(jq -r .version package.json)-$(echo ${GITHUB_REF##*/})-$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_ENV | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Login to Docker Hub | ||
uses: docker/login-action@v3 | ||
with: | ||
username: ${{ secrets.DOCKER_USER }} | ||
password: ${{ secrets.DOCKER_PASS }} | ||
|
||
- name: Build and push docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
push: true | ||
tags: | | ||
opengovsg/${{ env.APP_NAME }}:latest | ||
opengovsg/${{ env.APP_NAME }}:${{ env.APP_VERSION }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
# Logs | ||
logs | ||
*.log | ||
npm-debug.log* | ||
yarn-debug.log* | ||
yarn-error.log* | ||
lerna-debug.log* | ||
.pnpm-debug.log* | ||
|
||
# Diagnostic reports (https://nodejs.org/api/report.html) | ||
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json | ||
|
||
# Runtime data | ||
pids | ||
*.pid | ||
*.seed | ||
*.pid.lock | ||
|
||
# Directory for instrumented libs generated by jscoverage/JSCover | ||
lib-cov | ||
|
||
# Coverage directory used by tools like istanbul | ||
coverage | ||
*.lcov | ||
|
||
# nyc test coverage | ||
.nyc_output | ||
|
||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) | ||
.grunt | ||
|
||
# Bower dependency directory (https://bower.io/) | ||
bower_components | ||
|
||
# node-waf configuration | ||
.lock-wscript | ||
|
||
# Compiled binary addons (https://nodejs.org/api/addons.html) | ||
build/Release | ||
|
||
# Dependency directories | ||
node_modules/ | ||
jspm_packages/ | ||
|
||
# Snowpack dependency directory (https://snowpack.dev/) | ||
web_modules/ | ||
|
||
# TypeScript cache | ||
*.tsbuildinfo | ||
|
||
# Optional npm cache directory | ||
.npm | ||
|
||
# Optional eslint cache | ||
.eslintcache | ||
|
||
# Optional stylelint cache | ||
.stylelintcache | ||
|
||
# Microbundle cache | ||
.rpt2_cache/ | ||
.rts2_cache_cjs/ | ||
.rts2_cache_es/ | ||
.rts2_cache_umd/ | ||
|
||
# Optional REPL history | ||
.node_repl_history | ||
|
||
# Output of 'npm pack' | ||
*.tgz | ||
|
||
# Yarn Integrity file | ||
.yarn-integrity | ||
|
||
# dotenv environment variable files | ||
.env | ||
.env.development.local | ||
.env.test.local | ||
.env.production.local | ||
.env.local | ||
|
||
# parcel-bundler cache (https://parceljs.org/) | ||
.cache | ||
.parcel-cache | ||
|
||
# Next.js build output | ||
.next | ||
out | ||
|
||
# Nuxt.js build / generate output | ||
.nuxt | ||
dist | ||
|
||
# Gatsby files | ||
.cache/ | ||
# Comment in the public line in if your project uses Gatsby and not Next.js | ||
# https://nextjs.org/blog/next-9-1#public-directory-support | ||
# public | ||
|
||
# vuepress build output | ||
.vuepress/dist | ||
|
||
# vuepress v2.x temp and cache directory | ||
.temp | ||
.cache | ||
|
||
# Docusaurus cache and generated files | ||
.docusaurus | ||
|
||
# Serverless directories | ||
.serverless/ | ||
|
||
# FuseBox cache | ||
.fusebox/ | ||
|
||
# DynamoDB Local files | ||
.dynamodb/ | ||
|
||
# TernJS port file | ||
.tern-port | ||
|
||
# Stores VSCode versions used for testing VSCode extensions | ||
.vscode-test | ||
|
||
# yarn v2 | ||
.yarn/cache | ||
.yarn/unplugged | ||
.yarn/build-state.yml | ||
.yarn/install-state.gz | ||
.pnp.* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
# syntax=docker/dockerfile:1 | ||
|
||
FROM node:hydrogen-alpine3.18 as build | ||
|
||
# node-modules-builder stage installs/compiles the node_modules folder | ||
# Python version must be specified starting in alpine3.12 | ||
RUN apk update && apk upgrade && \ | ||
apk --no-cache add --virtual native-deps \ | ||
g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python3 git curl && \ | ||
npm install --quiet node-gyp -g | ||
WORKDIR /build | ||
|
||
COPY package.json package-lock.json ./ | ||
COPY shared/package.json shared/package-lock.json ./shared/ | ||
COPY frontend/package.json frontend/package-lock.json ./frontend/ | ||
COPY frontend/patches ./frontend/patches | ||
|
||
# Allow running of postinstall scripts | ||
# RUN npm config set unsafe-perm true | ||
# --legacy-peer-deps flag | ||
# A breaking change in the peer dependency resolution strategy was introduced in | ||
# npm 7. This resulted in npm throwing an error when installing packages: | ||
# npm ERR! code ERESOLVE | ||
# npm ERR! ERESOLVE unable to resolve dependency tree | ||
# See also: | ||
# * https://stackoverflow.com/questions/66239691/what-does-npm-install-legacy-peer-deps-do-exactly-when-is-it-recommended-wh | ||
# NOTE: This flag is used again later in the build process when calling npm prune. | ||
RUN npm ci --legacy-peer-deps | ||
|
||
COPY . ./ | ||
|
||
# --openssl-legacy-provider flag | ||
# A breaking change in the SSL provider was introduced in node 17. This caused | ||
# webpack 4 to break. This is an interim solution; we should investigate removing | ||
# this flag once angular has been removed and we have upgraded to CRA5 (which uses | ||
# webpack 5). | ||
# See also: | ||
# * https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported | ||
# * https://github.com/webpack/webpack/issues/14532#issuecomment-1304378535 | ||
# These options are only used in the build stage, not the start stage. | ||
ENV NODE_OPTIONS="--max-old-space-size=4096 --openssl-legacy-provider" | ||
|
||
RUN npm run build | ||
RUN cat ./assets/demo-watermark.css >> `ls ./dist/frontend/static/css/*.css` | ||
|
||
# Move mockpass to prod dependency since we need the static certs | ||
RUN npm install -P @opengovsg/mockpass | ||
|
||
RUN npm prune --production --legacy-peer-deps | ||
|
||
# This stage builds the final container | ||
FROM node:hydrogen-alpine3.18 | ||
LABEL maintainer="Demos at OGP<[email protected]>" | ||
WORKDIR /opt/formsg | ||
|
||
# Install build from backend-build | ||
COPY --from=build /build/node_modules /opt/formsg/node_modules | ||
COPY --from=build /build/package.json /opt/formsg/package.json | ||
COPY --from=build /build/dist /opt/formsg/dist | ||
|
||
# Grab Singpass RP jwks config from __tests__ | ||
COPY --from=build /build/__tests__/setup/certs /opt/formsg/__tests__/setup/certs | ||
|
||
# Built backend goes back to root working directory | ||
RUN mv /opt/formsg/dist/backend/src /opt/formsg/ | ||
RUN mv /opt/formsg/dist/backend/shared /opt/formsg/ | ||
|
||
# Install chromium from official docs | ||
# https://github.com/puppeteer/puppeteer/blob/master/docs/troubleshooting.md#running-on-alpine | ||
# Note that each alpine version supports a specific version of chromium | ||
# Note that chromium and puppeteer-core are released together and it is the only version | ||
# that is guaranteed to work. Upgrades must be done in lockstep. | ||
# https://www.npmjs.com/package/puppeteer-core?activeTab=versions for corresponding versions | ||
|
||
RUN apk add --no-cache \ | ||
# Compatible chromium versions can be found here https://pkgs.alpinelinux.org/packages?name=chromium&branch=v3.18&repo=&arch=&maintainer= | ||
chromium=119.0.6045.159-r0 \ | ||
nss \ | ||
freetype \ | ||
freetype-dev \ | ||
harfbuzz \ | ||
ca-certificates \ | ||
ttf-freefont \ | ||
tini | ||
|
||
# Tell Puppeteer to skip installing Chrome. We'll be using the installed package. | ||
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true | ||
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser | ||
|
||
# This package is needed to render Chinese characters in autoreply PDFs | ||
RUN apk add font-wqy-zenhei --repository https://dl-cdn.alpinelinux.org/alpine/edge/community | ||
|
||
ENV CHROMIUM_BIN=/usr/bin/chromium-browser | ||
|
||
# Run as non-privileged user | ||
RUN addgroup -S formsguser && adduser -S -g formsguser formsguser | ||
USER formsguser | ||
|
||
ENV NODE_ENV=production | ||
EXPOSE 5000 | ||
|
||
# tini is the init process that will adopt orphaned zombie processes | ||
# e.g. chromium when launched to create a new PDF | ||
ENTRYPOINT [ "tini", "-s", "--" ] | ||
CMD [ "npm", "start" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
MIT License | ||
|
||
Copyright (c) 2024 Open Government Products | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
# FormSG International Edition | ||
|
||
Builds and publishes a Docker image to | ||
opengovsg/formsg-intl | ||
|
Oops, something went wrong.