diff --git a/.github/workflows/build_and_publish_image.yml b/.github/workflows/build_and_publish_image.yml new file mode 100644 index 0000000..79fcb5c --- /dev/null +++ b/.github/workflows/build_and_publish_image.yml @@ -0,0 +1,62 @@ +name: Build and Publish Image + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['release'] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build-and-publish-image: + runs-on: ubuntu-latest + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that + # will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels + # that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in + # a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, + # see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. + # It increases supply chain security for people who consume the image. For more information, + # see "[Using artifact attestations to establish provenance for builds](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e79ec09 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM node:16-slim + +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + git + +COPY scripts /scripts + +WORKDIR /nextstrain/auspice + +RUN /scripts/download-repo https://github.com/BCCDC-PHL/auspice release . \ + && npm install --omit dev . && npm link + +ENV HOST=0.0.0.0 + +EXPOSE 4000 + +ENTRYPOINT ["auspice", "view", "--datasetDir", "/nextstrain/auspice/datasets", "--narrativeDir", "/nextstrain/auspice/narratives"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..1b44820 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +# BCCDC-PHL Auspice Docker Image + +This repo contains a `Dockerfile` that can be used to build a container that runs [Auspice](https://docs.nextstrain.org/projects/auspice/en/stable/index.html), the web-based +interactive phylogenetics application. + +This `Dockerfile` is configured to build code from [BCCDC-PHL/auspice](https://github.com/BCCDC-PHL/auspice), our fork of [nextstrain/auspice](https://github.com/nextstrain/auspice). + + +## Building the container + +``` +git clone git@github.com:BCCDC-PHL/auspice-docker.git + +cd auspice-docker + +docker build . -t bccdc-phl/auspice +``` + +## Running the container + +Prepare a `datasets` and `narratives` dir somewhere on the host filesystem: + +``` +mkdir -p /path/to/datasets + +mkdir -p /path/to/narratives +``` + +Place any nextstrain dataset and narrative files there. + +``` +docker run -d\ + --name auspice \ + -p 4000:4000 \ + -v /path/to/datasets:/nextstrain/auspice/datasets \ + -v /path/to/narratives:/nextstrain/auspice/narratives \ + bccdc-phl/auspice +``` + +The application should be available on [http://localhost:4000](http://localhost:4000). diff --git a/scripts/build.sh b/scripts/build.sh new file mode 100755 index 0000000..f079ee5 --- /dev/null +++ b/scripts/build.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker build . -t dfornika/auspice diff --git a/scripts/download-repo b/scripts/download-repo new file mode 100755 index 0000000..10abc46 --- /dev/null +++ b/scripts/download-repo @@ -0,0 +1,20 @@ +#!/bin/bash +set -euo pipefail + +src="$1" +ref="$2" +dst="$3" + +# Create the destination directory and move into it +mkdir -p "$dst" +cd "$dst" + +# Clone the source repo into the destination, shallowly +git clone --depth=20 --branch="$ref" "$src" . + +# Record the git revision (always a sha) and id (based on the closest tag) +git rev-parse HEAD > .GIT_REVISION +git describe --always --dirty > .GIT_ID + +# Clean up the git history; we needed it above but the image does not. +rm -rf .git