aottr.dev / paw
Free and open source ticket system written in python
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add Docker deployment

Dustin Kroeger 01f52091 5ff2bd89

+122 -2
+91
.github/workflows/docker-image.yml
··· 1 + name: Docker Image CI 2 + 3 + on: 4 + push: 5 + branches: 6 + - "main" 7 + - "staging" 8 + pull_request: 9 + branches: ["main"] 10 + 11 + env: 12 + REGISTRY: ghcr.io 13 + # github.repository as <account>/<repo> 14 + IMAGE_NAME: ${{ github.repository }} 15 + 16 + jobs: 17 + build: 18 + runs-on: ubuntu-latest 19 + permissions: 20 + contents: read 21 + packages: write # might need to use PAT instead 22 + id-token: write 23 + 24 + steps: 25 + - name: Checkout repository 26 + uses: actions/checkout@v3 27 + 28 + # Install the cosign tool except on PR 29 + # https://github.com/sigstore/cosign-installer 30 + - name: Install cosign 31 + if: github.event_name != 'pull_request' 32 + uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 33 + with: 34 + cosign-release: "v2.1.1" 35 + 36 + # Set up BuildKit Docker container builder to be able to build 37 + # multi-platform images and export cache 38 + # https://github.com/docker/setup-buildx-action 39 + - name: Set up Docker Buildx 40 + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 41 + 42 + # Login against a Docker registry except on PR 43 + # https://github.com/docker/login-action 44 + - name: Log into registry ghcr.io 45 + if: github.event_name != 'pull_request' 46 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 47 + with: 48 + registry: ${{ env.REGISTRY }} 49 + username: ${{ github.actor }} 50 + password: ${{ secrets.GITHUB_TOKEN }} # might need to use PAT instead 51 + 52 + # Extract metadata (tags, labels) for Docker 53 + # https://github.com/docker/metadata-action 54 + - name: Extract Docker metadata 55 + id: meta 56 + uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 57 + with: 58 + tags: | 59 + type=raw,value=latest,enable={{is_default_branch}} 60 + type=ref,event=branch 61 + type=raw,value={{branch}}-{{date 'X'}},enable=${{ github.event_name != 'pull_request' }} 62 + type=raw,value={{base_ref}}-{{date 'X'}},enable=${{ github.event_name == 'pull_request' }} 63 + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 64 + 65 + # Build and push Docker image with Buildx (don't push on PR) 66 + # https://github.com/docker/build-push-action 67 + - name: Build and push Docker image 68 + id: build-and-push 69 + uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 70 + with: 71 + context: . 72 + push: ${{ github.event_name != 'pull_request' }} 73 + tags: ${{ steps.meta.outputs.tags }} 74 + labels: ${{ steps.meta.outputs.labels }} 75 + cache-from: type=gha 76 + cache-to: type=gha,mode=max 77 + 78 + # Sign the resulting Docker image digest except on PRs. 79 + # This will only write to the public Rekor transparency log when the Docker 80 + # repository is public to avoid leaking data. If you would like to publish 81 + # transparency data even for private images, pass --force to cosign below. 82 + # https://github.com/sigstore/cosign 83 + - name: Sign the published Docker image 84 + if: ${{ github.event_name != 'pull_request' }} 85 + env: 86 + # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable 87 + TAGS: ${{ steps.meta.outputs.tags }} 88 + DIGEST: ${{ steps.build-and-push.outputs.digest }} 89 + # This step uses the identity token to provision an ephemeral certificate 90 + # against the sigstore community Fulcio instance. 91 + run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
+2 -1
.gitignore
··· 156 156 157 157 static/admin 158 158 static/colorfield 159 - media/* 159 + media/* 160 + .DS_Store
+28
Dockerfile
··· 1 + FROM python:3.12-bullseye as builder 2 + 3 + RUN pip install poetry==1.8.2 4 + 5 + ENV POETRY_NO_INTERACTION=1 \ 6 + POETRY_VIRTUALENVS_IN_PROJECT=1 \ 7 + POETRY_VIRTUALENVS_CREATE=1 \ 8 + POETRY_CACHE_DIR=/tmp/poetry_cache 9 + 10 + WORKDIR /app 11 + 12 + COPY pyproject.toml poetry.lock ./ 13 + 14 + RUN poetry install --no-root && rm -rf $POETRY_CACHE_DIR 15 + 16 + # The runtime image, used to just run the code provided its virtual environment 17 + FROM python:3.12-slim-bullseye as runtime 18 + 19 + RUN apt-get update && apt-get -y install --no-install-recommends libmagic1 && rm -rf /var/lib/apt/lists/* 20 + 21 + ENV VIRTUAL_ENV=/app/.venv \ 22 + PATH="/app/.venv/bin:$PATH" 23 + 24 + COPY --from=builder ${VIRTUAL_ENV} ${VIRTUAL_ENV} 25 + COPY . . 26 + 27 + ENTRYPOINT ["python3"] 28 + CMD ["manage.py", "runserver", "0.0.0.0:8000"]
+1 -1
paw/templates/core/settings.html
··· 5 5 {% load filters %} 6 6 <div class="w-full max-w-4xl mx-auto p-8"> 7 7 <h1 class="text-2xl font-bold mb-4">{% trans 'Settings' %}</h1> 8 - <form method="post"> 8 + <form method="post" enctype="multipart/form-data"> 9 9 {% csrf_token %} 10 10 <label class="form-control w-full mb-2"> 11 11 <div class="label">