Container application building

.dockerignore

@@ -0,0 +1,6 @@
+client/node_modules/
+client/build/
+target/
+.github/
+.ebextensions/
+.elasticbeanstalk/

.github/workflows/PR-validation.yml

@@ -5,9 +5,7 @@ on:
     branches:
       - master
 jobs:
-  test-api:
-    permissions:
-      id-token: write # Required for authentication through OIDC to AWS
+  reporting:
     runs-on: ubuntu-22.04
     steps:
       - name: Report workflow details
@@ -20,6 +18,13 @@ jobs:
         run: |
           git fetch -q origin ${{ github.base_ref }} ${{ github.head_ref }}
           git diff --name-only origin/${{ github.base_ref }} origin/${{ github.head_ref }}
+  test-api:
+    permissions:
+      id-token: write # Required for authentication through OIDC to AWS
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
       - name: Set up JDK 8
         uses: actions/setup-java@v3
         with:
@@ -50,5 +55,53 @@ jobs:
           clojure -Spom
       - name: Run Integration tests
         run: |
-          make run-tests GOOGLE_APP_PROFILE=dev
-  #TODO: add UI and API build and container packaging test
+          make run-tests APP_PROFILE=dev
+  build-and-run-container:
+    permissions:
+      id-token: write # Required for authentication through OIDC to AWS
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: AWS credentials configuration
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
+          role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-test-api
+          aws-region: us-east-1
+          mask-aws-account-id: true
+      - name: Build container image
+        run: |
+          make build-docker-image
+      - name: Launch test instance of container (connecting to test env DB)
+        run: |
+          make run-docker PROJ_NAME=wormbase-names-test
+          sleep 120
+      - name: Test API accessability
+        id: test-api-accessability
+        continue-on-error: true
+        run: |
+          curl --no-progress-meter -I http://localhost:3000/api/auth/identity
+      - name: Test UI accessability
+        id: test-ui-accessability
+        continue-on-error: true
+        run: |
+          curl --no-progress-meter -I http://localhost:3000/
+      - name: Report container logs if either accessibility test fails
+        if: ${{ steps.test-ui-accessability.outcome == 'failure' || steps.test-api-accessability.outcome == 'failure' }}
+        run: |
+          docker logs wormbase-names-test
+      - name: Report UI accessibility test failures
+        if: ${{ steps.test-ui-accessability.outcome == 'failure' }}
+        run: |
+          echo "UI accessability test step failed."
+      - name: Report API accessibility test failures
+        if: ${{ steps.test-api-accessability.outcome == 'failure' }}
+        run: |
+          echo "API accessability test step failed."
+      - name: Fail if either accessibility test fails
+        if: ${{ steps.test-ui-accessability.outcome == 'failure' || steps.test-api-accessability.outcome == 'failure' }}
+        run: |
+          exit 1

.gitignore

@@ -32,14 +32,14 @@ target/
 !.elasticbeanstalk/*.cfg.yml
 !.elasticbeanstalk/*.global.yml
 Dockerrun.aws.json
-/docker/app.jar
-/.dockerignore
+build/*
 
 #Local docker-compose env-variable files
 .env
 
 # secrets
 /resources/secrets/
+secrets.makedef
 
 # Generated assets
 /resources/client_build

Dockerfile

@@ -0,0 +1,55 @@
+ARG WORKDIR=/wb_names
+ARG APPJAR_BUILDPATH=build/wb-names-app.jar
+
+### Stage 1: build UI
+FROM node:12 AS BUILD_UI_STAGE
+
+ARG WORKDIR
+
+WORKDIR $WORKDIR
+COPY Makefile ./
+COPY client/ ./client/
+COPY scripts/ ./scripts/
+
+RUN --mount=type=secret,id=make-secrets-file,required=true \
+    make build-ui SECRETS_SRC=/run/secrets/make-secrets-file APP_PROFILE=prod
+
+### Stage 2: build API (and include UI components)
+FROM clojure:temurin-8-tools-deps-jammy as BUILD_API_STAGE
+
+ARG WORKDIR
+ARG APPJAR_BUILDPATH
+
+RUN apt update && apt upgrade -y && apt install -y maven unzip
+
+#Install clojure manually (com.datomic/datomic-pro 1.0.6165 is not stored on maven central)
+COPY build/datomic-pro-1.0.6165.zip datomic-pro-1.0.6165.zip
+RUN unzip datomic-pro-1.0.6165.zip \
+     && cd datomic-pro-1.0.6165/ \
+     && bin/maven-install
+
+WORKDIR $WORKDIR
+COPY Makefile ./
+COPY src/wormbase/ src/wormbase/
+COPY resources/ ./resources/
+COPY deps.edn ./
+COPY project.clj ./
+COPY scripts/ ./scripts/
+COPY --from=BUILD_UI_STAGE $WORKDIR/client/ $WORKDIR/client/
+
+RUN make build-app-jar APP_JAR_PATH=$APPJAR_BUILDPATH
+
+### Stage 3: build final application image
+FROM openjdk:8-jre-alpine as APPLICATION_IMAGE_STAGE
+
+ARG WORKDIR
+ARG APPJAR_BUILDPATH
+
+RUN apk update && apk upgrade
+
+COPY --from=BUILD_API_STAGE $WORKDIR/$APPJAR_BUILDPATH /srv/wb-names-app.jar
+
+# Expose necessary ports
+EXPOSE 3000
+
+CMD ["java", "-cp", "/srv/wb-names-app.jar", "clojure.main", "-m", "wormbase.names.service"]