Skip to content

feat(ci): Publish UI as lightweight container image #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nfebe merged 3 commits into from
Apr 18, 2026
Merged

feat(ci): Publish UI as lightweight container image #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7fc2804
feat(ci): Publish UI as lightweight container image
nfebe Apr 18, 2026
ef622d6
refactor(ci): Drop redundant package visibility API call
nfebe Apr 18, 2026
e6f0ebf
refactor(ui): Relax static asset cache headers
nfebe Apr 18, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
node_modules
dist
.git
.github
.vscode
.idea
coverage
*.log
.env
.env.*
!.env.example
Dockerfile
.dockerignore
54 changes: 54 additions & 0 deletions .github/workflows/docker-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Docker Image

on:
push:
branches: [main]
release:
types: [published]

jobs:
build:
name: Build & Push
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/ui
tags: |
type=sha,format=short,enable=${{ github.event_name == 'push' }}
type=semver,pattern={{version}},enable=${{ github.event_name == 'release' }}
type=semver,pattern={{major}}.{{minor}},enable=${{ github.event_name == 'release' }}
type=raw,value=latest,enable=${{ github.event_name == 'release' && !github.event.release.prerelease }}
labels: |
org.opencontainers.image.title=FlatRun UI
org.opencontainers.image.description=Web interface for FlatRun container orchestration
org.opencontainers.image.vendor=FlatRun
org.opencontainers.image.licenses=MIT
org.opencontainers.image.documentation=https://github.com/${{ github.repository }}#readme

- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
22 changes: 22 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# syntax=docker/dockerfile:1

FROM node:22-alpine AS build
Copy link
Copy Markdown

@sourceant sourceant Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is recommended to use a specific SHA or a more granular version tag for the build stage to ensure build reproducibility over time. While 22-alpine is relatively stable, it can still receive updates that might break builds.

Suggested change
FROM node:22-alpine AS build
FROM node:22.11.0-alpine AS build

WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine

LABEL org.opencontainers.image.title="FlatRun UI" \
org.opencontainers.image.description="Web interface for FlatRun container orchestration" \
org.opencontainers.image.vendor="FlatRun" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.source="https://github.com/flatrun/ui" \
org.opencontainers.image.url="https://github.com/flatrun/ui" \
org.opencontainers.image.documentation="https://github.com/flatrun/ui#readme"

COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
20 changes: 20 additions & 0 deletions nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;

root /usr/share/nginx/html;
index index.html;

client_max_body_size 100M;

location / {
try_files $uri $uri/ /index.html;
add_header Cache-Control "no-cache";
}

location /assets/ {
expires 30d;
add_header Cache-Control "public";
Copy link
Copy Markdown

@sourceant sourceant Bot Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When using add_header, Nginx inherits headers from the outer scope only if no headers are defined in the current scope. Adding Cache-Control here might suppress other security headers if they were defined at the server level later. It's best to be explicit with the full policy.

Suggested change
add_header Cache-Control "public";
add_header Cache-Control "public, max-age=2592000, immutable";

}
}
Loading