Use Dockerfile as source of truth instead of a GitHub action

.github/workflows/docker-ci.yaml

@@ -8,64 +8,92 @@ on:
       - "go.sum"
       - "ui/**"
       - "Dockerfile"
-  workflow_dispatch:  
-
+  workflow_dispatch:
 
 jobs:
-  docker:
-    permissions:
-      packages: write
-      contents: write
-      issues: write # to be able to comment on released issues
-      pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for npm provenance
+  # Job 1: Checkout code and set up common environment
+  setup:
     runs-on: ubuntu-latest
+    outputs:
+      ref_name: ${{ steps.get_ref.outputs.ref_name }}
     steps:
-      - name: Checkout
+      - name: Checkout code
+        id: get_ref
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+      - name: Get branch name
+        id: ref
+        run: echo "ref_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
 
+  # Job 2: Build the Docker image
+  build:
+    needs: setup
+    runs-on: ubuntu-latest
+    steps:
       - name: Build docker image
         uses: docker/build-push-action@v6
         with:
           load: true
 
+  # Job 3: Run Semantic Release
+  semantic-release:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         id: release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  
-
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  # Job 4: Login to Docker registries
+  docker-login:
+    needs: semantic-release
+    if: ${{ github.ref_name == 'main' && needs.semantic-release.outputs.new_release_published == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
       - name: Login to Docker registry
         uses: docker/login-action@v3
-        if: ${{ github.ref_name == 'main' }}
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Login to Docker Hub
         uses: docker/login-action@v3
-        if: ${{ github.ref_name == 'main' }}
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
-
+
+  # Job 5: Push Docker image
+  push-image:
+    needs: [semantic-release, docker-login]
+    if: ${{ github.ref_name == 'main' && needs.semantic-release.outputs.new_release_published == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
       - name: Push docker image
         uses: docker/build-push-action@v6
-        if: ${{ github.ref_name == 'main' && steps.release.outputs.new_release_published == 'true' }}
         with:
           push: true
           tags: |
             ${{ vars.DOCKERHUB_USERNAME }}/swarm-cd:latest
-            ${{ vars.DOCKERHUB_USERNAME }}/swarm-cd:${{ steps.release.outputs.new_release_version }}
+            ${{ vars.DOCKERHUB_USERNAME }}/swarm-cd:${{ needs.semantic-release.outputs.new_release_version }}
             ghcr.io/${{ github.repository }}:latest
-            ghcr.io/${{ github.repository }}:${{ steps.release.outputs.new_release_version }}
+            ghcr.io/${{ github.repository }}:${{ needs.semantic-release.outputs.new_release_version }}
 
+  # Job 6: Update Docker Hub repo description
+  update-dockerhub-description:
+    needs: push-image
+    if: ${{ github.ref_name == 'main' && needs.semantic-release.outputs.new_release_published == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
       - name: Update Docker Hub repo description
-        uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0
-        if: ${{ github.ref_name == 'main' && steps.release.outputs.new_release_published == 'true' }}
+        uses: peter-evans/[email protected]
         with:
           username: ${{ vars.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}

Dockerfile

@@ -1,22 +1,31 @@
-FROM node:22-alpine3.19 AS ui
+# Stage 1: Build the frontend
+FROM node:22-alpine3.19 AS frontend-build
 WORKDIR /ui
-COPY ui/package.json ui/package-lock.json .
+COPY ui/package.json ui/package-lock.json ./
 RUN npm install
-COPY ui/ .
-RUN npm run build && npm test run
+COPY ui/ ./
+RUN npm run build
+# Fail this stage if tests fail
+RUN npm run test
 
-FROM golang:1.22.5 AS backend
+# Stage 2: Build the backend
+FROM golang:1.22.5 AS backend-build
+WORKDIR /backend
 COPY go.mod go.sum ./
 RUN go mod download
 COPY cmd/ cmd/
 COPY util/ util/
-COPY web/  web/ 
+COPY web/ web/
 COPY swarmcd/ swarmcd/
 RUN CGO_ENABLED=0 GOOS=linux go build -o /swarm-cd ./cmd/
 
+# Stage 3: Final production image (depends on previous stages)
 FROM alpine:3.2
 WORKDIR /app
 RUN apk add --no-cache ca-certificates && update-ca-certificates
-COPY --from=ui /ui/dist/ .
-COPY --from=backend /swarm-cd .
+# Copy the built backend binary from the backend build stage
+COPY --from=backend-build /swarm-cd /app/
+# Copy the built frontend from the frontend build stage
+COPY --from=frontend-build /ui/dist/ /app/ui/
+# Set the entry point for the application
 CMD ["/app/swarm-cd"]

ui/package.json

@@ -9,7 +9,7 @@
     "build": "tsc -b && vite build",
     "lint": "eslint . --ext ts,tsx --report-unused-disable-directives --max-warnings 0",
     "preview": "vite preview",
-    "test": "vitest"
+    "test": "vitest run"
   },
   "dependencies": {
     "@chakra-ui/icons": "^2.2.4",