ci(web): dockerize web application

.github/workflows/build_web.yml

@@ -96,7 +96,8 @@ jobs:
           workflow: deploy-web-nightly
           token: ${{ steps.app-token.outputs.token }}
 
-  build-docker-image:
+  # TODO: Remove later after migrating to Cloud Run
+  build-docker-image-old:
     name: Build and push Docker image
     runs-on: ubuntu-latest
     needs: [release-nightly]
@@ -105,7 +106,7 @@ jobs:
       IMAGE_NAME: reearth/reearth-visualizer
     defaults:
       run:
-        working-directory: server
+        working-directory: web
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -163,6 +164,76 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
+  build-docker-image:
+    name: Build and push Docker image
+    runs-on: ubuntu-latest
+    needs: [release-nightly]
+    if: ${{ github.event.inputs.name != 'blank' || github.event.inputs.new_tag != 'blank' }}
+    env:
+      IMAGE_NAME: reearth/reearth-visualizer-web
+    defaults:
+      run:
+        working-directory: web
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Get options
+        id: options
+        env:
+          TAG: ${{ github.event.inputs.new_tag_short && github.event.inputs.new_tag_short != 'blank' && github.event.inputs.new_tag_short || '' }}
+          NAME: ${{ github.event.inputs.name }}
+          SHA: ${{ github.event.inputs.sha_short }}
+        run: |
+          if [[ -n $TAG ]]; then
+            PLATFORMS=linux/amd64,linux/arm64
+            VERSION=$TAG
+            TAGS=$IMAGE_NAME:$TAG
+            if [[ ! $TAG =~ '-' ]]; then
+              TAGS+=,${IMAGE_NAME}:${TAG%.*}
+              TAGS+=,${IMAGE_NAME}:${TAG%%.*}
+              TAGS+=,${IMAGE_NAME}:latest
+            fi
+          else
+            PLATFORMS=linux/amd64
+            VERSION=$SHA
+            TAGS=$IMAGE_NAME:$NAME
+          fi
+          echo "::set-output name=platforms::$PLATFORMS"
+          echo "::set-output name=version::$VERSION"
+          echo "::set-output name=tags::$TAGS"
+
+      # TODO: Comment in after removing build-docker-image-old job.
+      # - name: Fetch reearth-web release
+      #   uses: dsaltares/fetch-gh-release-asset@master
+      #   with:
+      #     repo: reearth/reearth
+      #     version: tags/${{ github.event.inputs.name && github.event.inputs.name != 'blank' && github.event.inputs.name || github.event.inputs.new_tag }}
+      #     file: reearth-web_${{ github.event.inputs.name && github.event.inputs.name != 'blank' && github.event.inputs.name || github.event.inputs.new_tag }}.tar.gz
+      #     token: ${{ secrets.GITHUB_TOKEN }}
+      #     target: server/reearth-web.tar.gz
+      # - name: Extract reearth/web
+      #   run: tar -xvf reearth-web.tar.gz; mv reearth-web web; ls
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: web
+          platforms: ${{ steps.options.outputs.platforms }}
+          push: true
+          build-args: VERSION=${{ steps.options.outputs.version }}
+          tags: ${{ steps.options.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
   release:
     name: Release
     runs-on: ubuntu-latest

.github/workflows/ci_docker_build_push.yml

@@ -18,8 +18,8 @@ on:
         description: "sha"
         required: true
 jobs:
-  build-docker-image:
-    name: Build and push Docker image
+  server:
+    name: Build and push server Docker image
     runs-on: ubuntu-latest
     if: github.event.inputs.name || github.event.inputs.new_tag
     env:
@@ -63,6 +63,7 @@ jobs:
           echo "::set-output name=platforms::$PLATFORMS"
           echo "::set-output name=version::$VERSION"
           echo "::set-output name=tags::$TAGS"
+      # TODO: Remove later after migrating to Cloud Run
       - name: Fetch reearth-web release
         uses: dsaltares/fetch-gh-release-asset@master
         with:
@@ -73,6 +74,7 @@ jobs:
           target: server/reearth-web.tar.gz
       - name: Extract reearth/web
         run: tar -xvf reearth-web.tar.gz; mv reearth-web web; ls
+
       - name: Build and push docker image
         uses: docker/build-push-action@v2
         with:
@@ -83,3 +85,61 @@ jobs:
           tags: ${{ steps.options.outputs.tags }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+
+  web:
+    name: Build and push web Docker image
+    runs-on: ubuntu-latest
+    if: github.event.inputs.name || github.event.inputs.new_tag
+    env:
+      IMAGE_NAME: reearth/reearth-visualizer-web
+    defaults:
+      run:
+        working-directory: web
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Get options
+        id: options
+        env:
+          TAG: ${{ github.event.inputs.new_tag_short }}
+          NAME: ${{ github.event.inputs.name }}
+          SHA: ${{ github.event.inputs.sha_short }}
+        run: |
+          if [[ -n $TAG ]]; then
+            PLATFORMS=linux/amd64,linux/arm64
+            VERSION=$TAG
+            TAGS=$IMAGE_NAME:$TAG
+            if [[ ! $TAG =~ '-' ]]; then
+              TAGS+=,${IMAGE_NAME}:${TAG%.*}
+              TAGS+=,${IMAGE_NAME}:${TAG%%.*}
+              TAGS+=,${IMAGE_NAME}:latest
+            fi
+          else
+            PLATFORMS=linux/amd64
+            VERSION=$SHA
+            TAGS=$IMAGE_NAME:$NAME
+          fi
+          echo "::set-output name=platforms::$PLATFORMS"
+          echo "::set-output name=version::$VERSION"
+          echo "::set-output name=tags::$TAGS"
+
+      - name: Build and push docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: web
+          platforms: ${{ steps.options.outputs.platforms }}
+          push: true
+          build-args: VERSION=${{ steps.options.outputs.version }}
+          tags: ${{ steps.options.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/deploiy_aws.yml

@@ -11,9 +11,13 @@ on:
         required: false
         default:
 env:
-  # server
-  IMAGE: reearth/reearth-visualizer:nightly
-  IMAGE_AWS: reearth-test-server:latest
+  # Server
+  IMAGE_API: reearth/reearth-visualizer:nightly
+  IMAGE_API_AWS: reearth-test-server:latest
+
+  # Web
+  IMAGE_WEB: reearth/reearth-visualizer-web:nightly
+  IMAGE_WEB_AWS: reearth-test-web:latest
 
 jobs:
   deploy_server:
@@ -33,6 +37,27 @@ jobs:
 
       - name: docker pull, push to ECR
         run: |
-          docker pull $IMAGE
-          docker tag $IMAGE ${{ steps.login-ecr.outputs.registry }}/$IMAGE_AWS
-          docker push ${{ steps.login-ecr.outputs.registry }}/$IMAGE_AWS
+          docker pull $IMAGE_API
+          docker tag $IMAGE_API ${{ steps.login-ecr.outputs.registry }}/$IMAGE_API_AWS
+          docker push ${{ steps.login-ecr.outputs.registry }}/$IMAGE_API_AWS
+
+  deploy_web:
+    name: Deploy web to AWS
+    runs-on: ubuntu-latest
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID || github.events.inputs.keyId }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY || github.events.inputs.secretAccessKey }}
+          aws-region: us-west-2
+
+      - name: Log in to AWS ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: docker pull, push to ECR
+        run: |
+          docker pull $IMAGE_WEB
+          docker tag $IMAGE_WEB ${{ steps.login-ecr.outputs.registry }}/$IMAGE_WEB_AWS
+          docker push ${{ steps.login-ecr.outputs.registry }}/$IMAGE_WEB_AWS

.github/workflows/deploy_web_nightly.yml

@@ -4,11 +4,15 @@ on:
 env:
   REEARTH_URL: visualizer.test.reearth.dev
   GCS_DEST: gs://reearth-visualizer-oss-static-bucket/
+
+  IMAGE: reearth/reearth-visualizer-web:nightly
+  IMAGE_GCP: us-central1-docker.pkg.dev/reearth-oss/reearth/reearth-visualizer-web:nightly
 concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true
 jobs:
-  deploy_test:
+  # TODO: Remove later after migrating to Cloud Run
+  deploy_test_old:
     name: Deploy test env
     runs-on: ubuntu-latest
     if: github.event.repository.full_name == 'reearth/reearth-visualizer'
@@ -27,3 +31,28 @@ jobs:
       - run: tar -xvf reearth-web_nightly.tar.gz
       - name: rsync
         run: gsutil -m -h "Cache-Control:no-store" rsync -x "^reearth_config\\.json$|^cesium_ion_token\\.txt$" -dr reearth-web/ $GCS_DEST
+
+  deploy_test:
+    name: Deploy app to test env
+    runs-on: ubuntu-latest
+    if: github.event.repository.full_name == 'reearth/reearth-visualizer'
+    steps:
+      - uses: google-github-actions/auth@v0
+        with:
+          credentials_json: ${{ secrets.GCP_SA_KEY }}
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v0
+      - name: Configure docker
+        run: gcloud auth configure-docker us-central1-docker.pkg.dev --quiet
+      - name: docker push
+        run: |
+          docker pull $IMAGE
+          docker tag $IMAGE $IMAGE_GCP
+          docker push $IMAGE_GCP
+      - name: Deploy to Cloud Run
+        run: |
+          gcloud run deploy reearth-visualizer-web \
+            --image $IMAGE_GCP \
+            --region $GCP_REGION \
+            --platform managed \
+            --quiet

web/.dockerignore

@@ -0,0 +1,13 @@
+*
+
+!docker/
+!src/
+
+!.yarnrc.yml
+!index.html
+!i18next-parser.config.js
+!tsconfig.json
+!package.json
+!published.html
+!vite.config.ts
+!yarn.lock

web/Dockerfile

@@ -0,0 +1,69 @@
+FROM node:20.18.0-slim AS builder
+WORKDIR /app
+
+ARG NODE_OPTIONS="--max-old-space-size=4096"
+ARG GITHUB_SHA
+ENV NODE_OPTIONS=$NODE_OPTIONS
+ENV GITHUB_SHA=$GITHUB_SHA
+
+RUN --mount=type=bind,source=package.json,target=package.json \
+    --mount=type=cache,target=/root/.npm,sharing=locked \
+    corepack enable
+
+RUN --mount=type=bind,source=.yarnrc.yml,target=.yarnrc.yml \
+    --mount=type=bind,source=package.json,target=package.json \
+    --mount=type=bind,source=yarn.lock,target=yarn.lock \
+    --mount=type=cache,target=/root/.yarn,sharing=locked \
+    yarn install --frozen-lockfile
+
+RUN --mount=type=bind,source=.yarnrc.yml,target=.yarnrc.yml \
+    --mount=type=bind,source=package.json,target=package.json \
+    --mount=type=bind,source=yarn.lock,target=yarn.lock \
+    --mount=type=bind,source=index.html,target=index.html \
+    --mount=type=bind,source=published.html,target=published.html \
+    --mount=type=bind,source=tsconfig.json,target=tsconfig.json \
+    --mount=type=bind,source=vite.config.ts,target=vite.config.ts \
+    --mount=type=bind,source=src,target=src \
+    --mount=type=cache,target=/root/.yarn,sharing=locked \
+    yarn build
+
+FROM nginx:1.27-alpine
+WORKDIR /usr/share/nginx/html
+
+# Quite the Nginx startup logs.
+ENV NGINX_ENTRYPOINT_QUIET_LOGS=true
+
+# Default to Cloud Run port.
+# Ref: https://cloud.google.com/run/docs/reference/container-contract#port
+ENV PORT=8080
+
+# Defaults Google Cloud Load Balancer header.
+# Ref: https://cloud.google.com/load-balancing/docs/https#target-proxies
+ENV REAL_IP_HEADER=X-Forwarded-For
+
+# Default values.
+ENV REEARTH_WEB_API=null
+ENV REEARTH_WEB_AUTH0_AUDIENCE=null
+ENV REEARTH_WEB_AUTH0_CLIENT_ID=null
+ENV REEARTH_WEB_AUTH0_DOMAIN=null
+ENV REEARTH_WEB_CESIUM_ION_ACCESS_TOKEN=null
+ENV REEARTH_WEB_CLOUD_API=null
+ENV REEARTH_WEB_CURRENT_TOS=null
+ENV REEARTH_WEB_DEVELOPER_MODE=null
+ENV REEARTH_WEB_DOCUMENTATION_URL=null
+ENV REEARTH_WEB_EARLY_ACCESS_ADMINS=[]
+ENV REEARTH_WEB_EXTENSION_URLS=[]
+ENV REEARTH_WEB_IP=null
+ENV REEARTH_WEB_MARKETPLACE_URL=null
+ENV REEARTH_WEB_PASSWORD_POLICY=null
+ENV REEARTH_WEB_PLUGINS=null
+ENV REEARTH_WEB_POLICY=null
+ENV REEARTH_WEB_PUBLISHED=null
+
+COPY --from=builder --chown=nginx:nginx /app/dist /usr/share/nginx/html
+COPY --chown=nginx:nginx docker/nginx.conf.template /etc/nginx/templates/nginx.conf.template
+COPY --chown=nginx:nginx docker/40-envsubst-on-reearth-config.sh /docker-entrypoint.d
+COPY --chown=nginx:nginx docker/reearth_config.json.template /opt/reearth/reearth_config.json.template
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["nginx", "-g", "daemon off;"]

web/docker/40-envsubst-on-reearth-config.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -e
+
+# rewrite index.html to change title and favicon
+_REEARTH_HTML_FILE="/usr/share/nginx/html/index.html"
+
+# generate reearth_config.json
+_REEARTH_CONFIG_TEMPLATE_FILE="/opt/reearth/reearth_config.json.template"
+_REEARTH_CONFIG_OUTPUT_FILE="/usr/share/nginx/html/reearth_config.json"
+
+# Wrap with "" if the value doesn't start with '{[' and end with ']}' (JSON) or "null".
+wrap_reearth_variables() {
+    for var in $(env | grep '^REEARTH_WEB' | cut -d= -f1); do
+        value=$(printenv "$var")
+        if [ -z "$value" ]; then
+            eval "export $var='\"\"'"
+        elif [ "$value" != "null" ] && [ "$value" != "true" ] && [ "$value" != "false" ] && ! echo "$value" | grep -qE '^\{.*\}$|^\[.*\]$'; then
+            eval "export $var='\"${value}\"'"
+        fi
+    done
+}
+
+wrap_reearth_variables "$@"
+envsubst < "$_REEARTH_CONFIG_TEMPLATE_FILE" > "$_REEARTH_CONFIG_OUTPUT_FILE"