build: add workflow to publish images to DOCR (#54025)

docker/api-server/Dockerfile

@@ -0,0 +1,63 @@
+FROM node:20-bookworm AS builder
+# global installs need root permissions, so have to happen before we switch to
+# the node user
+RUN npm i -g pnpm@9
+# node images create a non-root user that we can use
+USER node
+WORKDIR /home/node/build
+
+COPY --chown=node:node *.* .
+COPY --chown=node:node api-server/ api-server/
+COPY --chown=node:node shared/ shared/
+COPY --chown=node:node tools/ tools/
+COPY --chown=node:node curriculum/ curriculum/
+# TODO: AFAIK it's just the intro translations. Those should be folded into the
+# curriculum and then we can remove this.
+COPY --chown=node:node client/ client/
+
+# We have to prevent pnpm from deduping peer dependencies because otherwise it
+# will install all of the packages, not just api-server. Also, pnpm deploy is
+# not useful since we need to install more than one package.
+
+RUN pnpm config set dedupe-peer-dependents false
+RUN pnpm -F=api-server -F=tools/scripts/build -F=challenge-parser -F=curriculum -F=shared \
+  install --frozen-lockfile --ignore-scripts
+
+# The api needs to source curriculum.json and build:curriculum relies on the
+# following env vars.
+ARG SHOW_UPCOMING_CHANGES=false
+ENV SHOW_UPCOMING_CHANGES=$SHOW_UPCOMING_CHANGES
+ARG SHOW_NEW_CURRICULUM=false
+ENV SHOW_NEW_CURRICULUM=$SHOW_NEW_CURRICULUM
+RUN pnpm build:curriculum
+
+RUN pnpm build:server
+
+FROM node:20-bookworm AS deps
+
+WORKDIR /home/node/build
+COPY --chown=node:node pnpm*.yaml .
+COPY --chown=node:node api-server/package.json api-server/package.json
+COPY --chown=node:node shared/package.json shared/package.json
+
+RUN npm i -g pnpm@9
+# Prevent pnpm installing unnecessary packages (see above)
+RUN pnpm config set dedupe-peer-dependents false
+RUN pnpm -F=api-server -F=shared install --prod --ignore-scripts
+
+FROM node:20-alpine
+RUN npm i -g pm2@4
+USER node
+WORKDIR /home/node/fcc
+COPY --from=builder --chown=node:node /home/node/build/api-server/config/ api-server/config/
+COPY --from=builder --chown=node:node /home/node/build/api-server/lib/ api-server/lib/
+COPY --from=builder --chown=node:node /home/node/build/api-server/ecosystem.config.js api-server/ecosystem.config.js
+COPY --from=builder --chown=node:node /home/node/build/api-server/package.json api-server/package.json
+COPY --from=builder --chown=node:node /home/node/build/shared/ shared/
+COPY --from=builder --chown=node:node /home/node/build/package.json package.json
+COPY --from=deps --chown=node:node /home/node/build/node_modules/ node_modules/
+COPY --from=deps --chown=node:node /home/node/build/api-server/node_modules/ api-server/node_modules/
+COPY --from=deps --chown=node:node /home/node/build/shared/node_modules/ shared/node_modules/
+
+CMD ["pm2-runtime", "start", "api-server/ecosystem.config.js"]
+

docker/api/Dockerfile

@@ -1,4 +1,5 @@
 FROM node:20-bookworm AS builder
+RUN apt-get update && apt-get install -y jq
 # global installs need root permissions, so have to happen before we switch to
 # the node user
 RUN npm i -g pnpm@9
@@ -7,7 +8,7 @@ USER node
 WORKDIR /home/node/build
 
 COPY --chown=node:node *.* .
-COPY --chown=node:node api-server/ api-server/
+COPY --chown=node:node api/ api/
 COPY --chown=node:node shared/ shared/
 COPY --chown=node:node tools/ tools/
 COPY --chown=node:node curriculum/ curriculum/
@@ -15,13 +16,14 @@ COPY --chown=node:node curriculum/ curriculum/
 # curriculum and then we can remove this.
 COPY --chown=node:node client/ client/
 
-# We have to prevent pnpm from deduping peer dependencies because otherwise it
-# will install all of the packages, not just api-server. Also, pnpm deploy is
-# not useful since we need to install more than one package.
-
 RUN pnpm config set dedupe-peer-dependents false
-RUN pnpm -F=api-server -F=tools/scripts/build -F=challenge-parser -F=curriculum -F=shared \
-  install --frozen-lockfile --ignore-scripts
+# While we want to ignore scripts generally, we do need to generate the prisma
+# client. Note: npx is the simplest way to generate the client without us having
+# to have prisma as a prod dependency. The jq tricks are to ensure we're using
+# the right version of prisma.
+RUN pnpm install -F=api -F=curriculum -F tools/scripts/build -F challenge-parser \
+  --frozen-lockfile --ignore-scripts
+RUN cd api && npx prisma@$(jq -r '.devDependencies.prisma' < package.json) generate
 
 # The api needs to source curriculum.json and build:curriculum relies on the
 # following env vars.
@@ -29,35 +31,36 @@ ARG SHOW_UPCOMING_CHANGES=false
 ENV SHOW_UPCOMING_CHANGES=$SHOW_UPCOMING_CHANGES
 ARG SHOW_NEW_CURRICULUM=false
 ENV SHOW_NEW_CURRICULUM=$SHOW_NEW_CURRICULUM
-RUN pnpm build:curriculum
 
-RUN pnpm build:server
+RUN pnpm build:curriculum
+RUN pnpm -F=api build
 
 FROM node:20-bookworm AS deps
+RUN apt-get update && apt-get install -y jq
 
 WORKDIR /home/node/build
 COPY --chown=node:node pnpm*.yaml .
-COPY --chown=node:node api-server/package.json api-server/package.json
-COPY --chown=node:node shared/package.json shared/package.json
-
+COPY --chown=node:node api/ api/
+COPY --chown=node:node shared/ shared/
 RUN npm i -g pnpm@9
-# Prevent pnpm installing unnecessary packages (see above)
-RUN pnpm config set dedupe-peer-dependents false
-RUN pnpm -F=api-server -F=shared install --prod --ignore-scripts
 
-FROM node:20-alpine
+# Weirdly this config does not seem necessary for the new api (the same number
+# of deps are installed in both cases), but I'm including it just for
+# consistency.
+RUN pnpm config set dedupe-peer-dependents false
+RUN pnpm install --prod --ignore-scripts -F=shared -F=api --frozen-lockfile
+RUN cd api && npx prisma@$(jq -r '.devDependencies.prisma' < package.json) generate
+
+FROM node:20-bookworm
 RUN npm i -g pm2@4
 USER node
 WORKDIR /home/node/fcc
-COPY --from=builder --chown=node:node /home/node/build/api-server/config/ api-server/config/
-COPY --from=builder --chown=node:node /home/node/build/api-server/lib/ api-server/lib/
-COPY --from=builder --chown=node:node /home/node/build/api-server/ecosystem.config.js api-server/ecosystem.config.js
-COPY --from=builder --chown=node:node /home/node/build/api-server/package.json api-server/package.json
-COPY --from=builder --chown=node:node /home/node/build/shared/ shared/
-COPY --from=builder --chown=node:node /home/node/build/package.json package.json
+COPY --from=builder --chown=node:node /home/node/build/api/dist/ ./
+COPY --from=builder --chown=node:node /home/node/build/api/package.json api/
+COPY --from=builder --chown=node:node /home/node/build/shared/config/curriculum.json shared/config/
+
 COPY --from=deps --chown=node:node /home/node/build/node_modules/ node_modules/
-COPY --from=deps --chown=node:node /home/node/build/api-server/node_modules/ api-server/node_modules/
 COPY --from=deps --chown=node:node /home/node/build/shared/node_modules/ shared/node_modules/
+COPY --from=deps --chown=node:node /home/node/build/api/node_modules/ api/node_modules/
 
-CMD ["pm2-runtime", "start", "api-server/ecosystem.config.js"]
-
+CMD ["pm2-runtime", "start", "-i", "0","api/src/server.js"]

docker/new-api/Dockerfile

@@ -1,66 +0,0 @@
-FROM node:20-bookworm AS builder
-RUN apt-get update && apt-get install -y jq
-# global installs need root permissions, so have to happen before we switch to
-# the node user
-RUN npm i -g pnpm@9
-# node images create a non-root user that we can use
-USER node
-WORKDIR /home/node/build
-
-COPY --chown=node:node *.* .
-COPY --chown=node:node api/ api/
-COPY --chown=node:node shared/ shared/
-COPY --chown=node:node tools/ tools/
-COPY --chown=node:node curriculum/ curriculum/
-# TODO: AFAIK it's just the intro translations. Those should be folded into the
-# curriculum and then we can remove this.
-COPY --chown=node:node client/ client/
-
-RUN pnpm config set dedupe-peer-dependents false
-# While we want to ignore scripts generally, we do need to generate the prisma
-# client. Note: npx is the simplest way to generate the client without us having
-# to have prisma as a prod dependency. The jq tricks are to ensure we're using
-# the right version of prisma.
-RUN pnpm install -F=api -F=curriculum -F tools/scripts/build -F challenge-parser \
-  --frozen-lockfile --ignore-scripts
-RUN cd api && npx prisma@$(jq -r '.devDependencies.prisma' < package.json) generate
-
-# The api needs to source curriculum.json and build:curriculum relies on the
-# following env vars.
-ARG SHOW_UPCOMING_CHANGES=false
-ENV SHOW_UPCOMING_CHANGES=$SHOW_UPCOMING_CHANGES
-ARG SHOW_NEW_CURRICULUM=false
-ENV SHOW_NEW_CURRICULUM=$SHOW_NEW_CURRICULUM
-
-RUN pnpm build:curriculum
-RUN pnpm -F=api build
-
-FROM node:20-bookworm AS deps
-RUN apt-get update && apt-get install -y jq
-
-WORKDIR /home/node/build
-COPY --chown=node:node pnpm*.yaml .
-COPY --chown=node:node api/ api/
-COPY --chown=node:node shared/ shared/
-RUN npm i -g pnpm@9
-
-# Weirdly this config does not seem necessary for the new api (the same number
-# of deps are installed in both cases), but I'm including it just for
-# consistency.
-RUN pnpm config set dedupe-peer-dependents false
-RUN pnpm install --prod --ignore-scripts -F=shared -F=api --frozen-lockfile
-RUN cd api && npx prisma@$(jq -r '.devDependencies.prisma' < package.json) generate
-
-FROM node:20-bookworm
-RUN npm i -g pm2@4
-USER node
-WORKDIR /home/node/fcc
-COPY --from=builder --chown=node:node /home/node/build/api/dist/ ./
-COPY --from=builder --chown=node:node /home/node/build/api/package.json api/
-COPY --from=builder --chown=node:node /home/node/build/shared/config/curriculum.json shared/config/
-
-COPY --from=deps --chown=node:node /home/node/build/node_modules/ node_modules/
-COPY --from=deps --chown=node:node /home/node/build/shared/node_modules/ shared/node_modules/
-COPY --from=deps --chown=node:node /home/node/build/api/node_modules/ api/node_modules/
-
-CMD ["pm2-runtime", "start", "-i", "0","api/src/server.js"]