chore: first iteration

.docker/dockerfiles/backend

@@ -0,0 +1,22 @@
+FROM diamonds2_base:latest as base
+WORKDIR /app/packages/backend
+COPY --chown=1000:1000 packages/backend .
+
+FROM base AS develop
+ENV PORT=3000
+EXPOSE $PORT
+RUN npx prisma generate
+CMD ["yarn", "start:dev"]
+
+FROM develop AS build
+RUN npm run compile
+RUN yarn workspaces focus --all --production
+
+FROM node:20-alpine AS production
+ENV PORT=3000
+WORKDIR /app
+COPY --chown=1000:1000 --from=build /app/packages/backend/dist .
+COPY --chown=1000:1000 --from=build /app/node_modules ./node_modules
+COPY --chown=1000:1000 --from=build /app/packages ./packages
+EXPOSE $PORT
+CMD ["node", "index.js"]

.docker/dockerfiles/base

@@ -0,0 +1,30 @@
+FROM node:20-alpine as base
+WORKDIR /app
+RUN chown 1000:1000 .
+
+# Set yarn version
+RUN yarn set version 3.6.3
+
+# Copy root files
+COPY --chown=1000:1000 package.json  yarn.lock .yarnrc.yml ./
+
+# Copy yarn files
+COPY --chown=1000:1000 .yarn/cache .yarn/cache
+COPY --chown=1000:1000 .yarn/releases .yarn/releases
+COPY --chown=1000:1000 .yarn/plugins .yarn/plugins
+
+# Copy package.jsons from packages
+COPY --chown=1000:1000 packages/backend/package.json packages/backend/package.json
+COPY --chown=1000:1000 packages/frontend/package.json packages/frontend/package.json
+COPY --chown=1000:1000 packages/types/package.json packages/types/package.json
+
+# Install node_modules
+RUN yarn install || { cat /tmp/**/build.log; exit 1; }
+
+# Copy package sources
+COPY --chown=1000:1000 tsconfig.json ./
+COPY --chown=1000:1000 packages packages
+COPY --chown=1000:1000 scripts scripts
+
+# Build packages
+RUN npm run build

.docker/dockerfiles/frontend

@@ -0,0 +1,20 @@
+FROM diamonds2_base:latest as base
+WORKDIR /app/packages/frontend
+COPY --chown=1000:1000 packages/frontend .
+
+FROM base AS develop
+ENV PORT=8080
+EXPOSE $PORT
+CMD ["yarn", "dev"]
+
+FROM develop AS build
+RUN npm run build
+RUN yarn workspaces focus --all --production
+
+FROM nginx:1.18 AS production
+WORKDIR /usr/share/nginx/html/
+COPY --chown=1000:1000 .docker/resources/nginx.conf /etc/nginx/nginx.conf
+COPY --chown=1000:1000 .docker/resources/entrypoint.sh /entrypoint.sh
+COPY --chown=1000:1000 packages/frontend/.env.defaults /.env
+COPY --chown=1000:1000 --from=build /app/packages/frontend/dist ./admin2
+CMD [ "/entrypoint.sh"]

.docker/resources/entrypoint.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+echo "Working directory: $(pwd)"
+
+# Create a sed script-file for replacing "___ENV_VARS___" with "$ENV_VARS"
+# so that they can be replaced by the 'envsubst' program.
+touch /.env.sed
+variable_names=$(grep "^[^#]" /.env | cut -f1 -d= | xargs)
+for v in $variable_names; do
+  echo "s/___${v}___/\\\$${v}/g" >> /.env.sed
+done
+
+shopt -s globstar
+subst_variables=$(grep "^[^#]" /.env | cut -f1 -d= | xargs -I {} printf "\${} " | xargs)
+echo "Substitution variables: $subst_variables"
+
+substitute() {
+  echo "Substituting variables in $1"
+  sed -i -f /.env.sed "$1"
+  envsubst "$subst_variables" < "$1" > "$1.substituted"
+  mv -v "$1.substituted" "$1"
+}
+
+# Replace the variables with the actual environment variables
+for f in ./**/*.js; do
+  substitute "$f"
+done
+substitute /etc/nginx/nginx.conf
+
+echo "Starting nginx"
+nginx -g 'daemon off;'

.docker/resources/nginx.conf

@@ -0,0 +1,60 @@
+worker_processes  1;
+
+events {
+  worker_connections  1024;
+}
+
+http {
+  include             mime.types;
+  index               index.html;
+
+  server {
+    listen ___PORT___;
+    listen [::]:___PORT___;
+
+    root /usr/share/nginx/html;
+    index /___APP___/index.html;
+
+    # Harden security
+    server_tokens off;
+
+    # https://scotthelme.co.uk/hardening-your-http-response-headers
+    add_header Content-Security-Policy "default-src 'self'; img-src 'self' data: https://www.diamonds.etimo.se https://diamonds.etimo.se;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Xss-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Permissions-Policy "geolocation=(self), fullscreen=(self), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), payment=()" always;
+    add_header Cross-Origin-Embedder-Policy "require-corp" always;
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Resource-Policy "same-origin" always;
+
+    # Add Public Key Pins when we start using etimo-open.se
+    #add_header Public-Key-Pins "...; includeSubdomains; max-age=2592000" always;
+
+    location / {
+      expires -1;
+      try_files $uri /___APP___/index.html;
+    }
+
+
+    location = /___APP___/version {
+      alias /usr/share/nginx/html/version.json;
+    }
+  }
+
+  log_format json '{ "timestamp": "$time_iso8601", '
+    '"host": "$host", '
+    '"remote_addr": "$remote_addr", '
+    '"remote_user": "$remote_user", '
+    '"body_bytes_sent": "$body_bytes_sent", '
+    '"request_time": "$request_time", '
+    '"status": "$status", '
+    '"request": "$request", '
+    '"request_method": "$request_method", '
+    '"http_referrer": "$http_referer", '
+    '"http_user_agent": "$http_user_agent" }';
+
+  access_log /var/log/nginx/access.log json;
+}

.github/workflows/main.yml

@@ -48,7 +48,9 @@ jobs:
       - uses: actions/checkout@v1
 
       - name: Build docker image
-        run: docker-compose -f docker-compose.yml build
+        run: |
+          docker build -t diamonds2_base:latest -f ../../.docker/dockerfiles/base ..
+          docker-compose -f docker-compose.yml build
 
   # Build and push production images
   build-prod:
@@ -60,7 +62,9 @@ jobs:
     steps:
       - uses: actions/checkout@v1
       - name: Build docker image
-        run: docker-compose -f docker-compose.prod-build.yml build
+        run: |
+          docker build -t diamonds2_base:latest -f ../.docker/dockerfiles/base ..
+          docker-compose -f docker-compose.prod-build.yml build
       - name: Extract branch name
         shell: bash
         run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/} | sed 's/\//_/g')" >> $GITHUB_ENV

.vscode/settings.json

@@ -1,9 +1,9 @@
 {
   "debug.allowBreakpointsEverywhere": true,
   "editor.codeActionsOnSave": {
-    "source.fixAll": true,
-    "source.organizeImports": true,
-    "source.sortMembers": true
+    "source.fixAll": "explicit",
+    "source.organizeImports": "explicit",
+    "source.sortMembers": "explicit"
   },
   "editor.defaultFormatter": "esbenp.prettier-vscode",
   "editor.formatOnSave": true,