From 162a158a857f4eb9fe1d635bc00e8da16e429e99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= <roman.krcek@tietoevry.com>
Date: Fri, 18 Jul 2025 09:45:09 +0200
Subject: [PATCH] Added CICD

---
 .gitea/workflows/release.yml | 75 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   | 19 +++++++++
 docker-compose-prod.yml      | 12 ++++++
 docker-compose.yml           |  7 ++++
 4 files changed, 113 insertions(+)
 create mode 100644 .gitea/workflows/release.yml
 create mode 100644 Dockerfile
 create mode 100644 docker-compose-prod.yml
 create mode 100644 docker-compose.yml

diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
new file mode 100644
index 0000000..fb7563c
--- /dev/null
+++ b/.gitea/workflows/release.yml
@@ -0,0 +1,75 @@
+name: Build Docker image
+run-name: ${{ gitea.actor }} is running the CI pipeline
+on:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "0 22 1 * *" # First of every month
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get date for image label
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y-%m-%d')"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.orebolt.cz
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: "${{ vars.DOCKER_IMAGE }}:latest,${{ vars.DOCKER_IMAGE }}:${{ steps.date.outputs.date }}"
+          platforms: linux/amd64
+          cache-to: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
+          cache-from: "mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ vars.DOCKER_IMAGE }}:cache"
+          labels: |
+            org.opencontainers.image.created=${{ steps.date.outputs.date }}
+            org.opencontainers.image.authors=Roman Krček
+            org.opencontainers.image.source=${{ env.GITHUB_REPOSITORY }}
+            org.opencontainers.image.revision=${{ env.GITHUB_SHA }}
+            org.opencontainers.image.vendor=Orebolt.cz
+            org.opencontainers.image.ref.name=${{ env.GITHUB_REF }}
+            org.opencontainers.image.title=${{ vars.APP_NAME }}
+
+  deploy:
+    needs: build
+    steps:
+      - name: Trigger Komodo Deploy
+        env:
+          URL:  ${{ secrets.KOMODO_URL }}
+          SECRET: ${{ secrets.KOMODO_SECRET }}
+          BODY_FILE: ${{ github.event_path }}
+        run: |
+          SIG="sha256=$(openssl dgst -sha256 -hmac "$SECRET" "$BODY_FILE" | cut -d' ' -f2)"
+          curl -fsSL -X POST "$URL" \
+              -H 'Content-Type: application/json' \
+              -H "X-Hub-Signature-256: $SIG" \
+              -H 'X-GitHub-Event: push' \
+              -H "X-GitHub-Delivery: $GITHUB_RUN_ID.$GITHUB_RUN_NUMBER" \
+              --data @"$BODY_FILE"
+
+  verify:
+    needs: build
+    steps:
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: '${{ vars.DOCKER_IMAGE }}:latest'
+          format: 'table'
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f448085
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+FROM node:22-alpine AS builder
+WORKDIR /app
+COPY package.json ./
+COPY package-lock.json ./
+RUN npm install
+COPY . ./
+RUN npm run build
+RUN npm prune --production
+
+
+FROM node:22-alpine
+USER node:node
+WORKDIR /app
+COPY --from=builder --chown=node:node /app/build build/
+COPY --from=builder --chown=node:node /app/node_modules node_modules/
+COPY package.json .
+EXPOSE 3000
+ENV NODE_ENV=production
+CMD [ "node", "build" ]
\ No newline at end of file
diff --git a/docker-compose-prod.yml b/docker-compose-prod.yml
new file mode 100644
index 0000000..2f1b512
--- /dev/null
+++ b/docker-compose-prod.yml
@@ -0,0 +1,12 @@
+services:
+  app:
+    image: ${DOCKER_REGISTRY}/${DOCKER_USER}/${DOCKER_IMAGE}:latest
+    restart: unless-stopped
+    env_file: .env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.esncard-generator.rule=Host(`esncards.orebolt.cz`)"
+      - "traefik.http.routers.esncard-generator.tls.certresolver=leresolver"
+      - "traefik.http.routers.esncard-generator.entrypoints=websecure"
+      - "traefik.http.services.esncard-generator.loadbalancer.server.port=3000"
+      - "traefik.http.routers.esncard-generator.middlewares=hsts"
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..82ba851
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,7 @@
+---
+services:
+  app:
+    image: ${DOCKER_REGISTRY}/${DOCKER_USER}/${DOCKER_IAMGE}:latest
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
\ No newline at end of file