First commit

.github/workflows/build_and_publish_image.yml

@@ -0,0 +1,62 @@
+name: Build and Publish Image
+
+# Configures this workflow to run every time a change is pushed to the branch called `release`.
+on:
+  push:
+    branches: ['release']
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-publish-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that
+      # will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels
+      # that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in
+      # a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information,
+      # see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        id: push
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built.
+      # It increases supply chain security for people who consume the image. For more information,
+      # see "[Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true

Dockerfile

@@ -0,0 +1,18 @@
+FROM node:16-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    git
+
+COPY scripts /scripts
+
+WORKDIR /nextstrain/auspice
+
+RUN /scripts/download-repo https://github.com/BCCDC-PHL/auspice release . \
+    && npm install --omit dev . && npm link
+
+ENV HOST=0.0.0.0
+
+EXPOSE 4000
+
+ENTRYPOINT ["auspice", "view", "--datasetDir", "/nextstrain/auspice/datasets", "--narrativeDir", "/nextstrain/auspice/narratives"]

README.md

@@ -0,0 +1,40 @@
+# BCCDC-PHL Auspice Docker Image
+
+This repo contains a `Dockerfile` that can be used to build a container that runs [Auspice](https://docs.nextstrain.org/projects/auspice/en/stable/index.html), the web-based
+interactive phylogenetics application.
+
+This `Dockerfile` is configured to build code from [BCCDC-PHL/auspice](https://github.com/BCCDC-PHL/auspice), our fork of [nextstrain/auspice](https://github.com/nextstrain/auspice).
+
+
+## Building the container
+
+```
+git clone git@github.com:BCCDC-PHL/auspice-docker.git
+
+cd auspice-docker
+
+docker build . -t bccdc-phl/auspice
+```
+
+## Running the container
+
+Prepare a `datasets` and `narratives` dir somewhere on the host filesystem:
+
+```
+mkdir -p /path/to/datasets
+
+mkdir -p /path/to/narratives
+```
+
+Place any nextstrain dataset and narrative files there.
+
+```
+docker run -d\
+  --name auspice \
+  -p 4000:4000 \
+  -v /path/to/datasets:/nextstrain/auspice/datasets \
+  -v /path/to/narratives:/nextstrain/auspice/narratives \
+  bccdc-phl/auspice
+```
+
+The application should be available on [http://localhost:4000](http://localhost:4000).

scripts/build.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+docker build . -t dfornika/auspice

scripts/download-repo

@@ -0,0 +1,20 @@
+#!/bin/bash
+set -euo pipefail
+
+src="$1"
+ref="$2"
+dst="$3"
+
+# Create the destination directory and move into it
+mkdir -p "$dst"
+cd "$dst"
+
+# Clone the source repo into the destination, shallowly
+git clone --depth=20 --branch="$ref" "$src" .
+
+# Record the git revision (always a sha) and id (based on the closest tag)
+git rev-parse HEAD > .GIT_REVISION
+git describe --always --dirty > .GIT_ID
+
+# Clean up the git history; we needed it above but the image does not.
+rm -rf .git