units-ui

valknar/units-ui

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sebastian Krüger	f2d2bd7e25	chore: streamline Docker workflow with attestation support Updated GitHub Actions workflow based on kit.pivoine.art template: Permissions: - Added id-token: write (required for attestations) - Added attestations: write (enables build provenance) Improvements: - Added workflow_dispatch trigger for manual runs - Updated docker/build-push-action from v5 to v6 - Added conditional login (skip on pull requests) - Added artifact attestation step with actions/attest-build-provenance@v2 - Generates and pushes build provenance to registry - Provides supply chain security and transparency Attestation benefits: - Verifiable build provenance - SLSA (Supply chain Levels for Software Artifacts) compliance - Cryptographically signed metadata about build process - Helps users verify image authenticity The workflow now matches modern Docker image publishing best practices with full attestation support for enhanced security. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-08 11:03:49 +01:00
Sebastian Krüger	365b8ed328	ci: add Docker build and GitHub Container Registry workflow Add complete Docker containerization and CI/CD setup: Docker Configuration: - Multi-stage Dockerfile with 3 stages (deps, builder, runner) - Stage 1: Install dependencies with pnpm in Alpine - Stage 2: Build Next.js static export - Stage 3: Serve static files with nginx:alpine - Health check endpoint on /health - Optimized for production with layer caching Nginx Configuration: - Custom nginx.conf for static file serving - Gzip compression enabled - Security headers (X-Frame-Options, X-Content-Type-Options, etc.) - Static asset caching with 1-year expiry - Client-side routing support (try_files) - Health check endpoint for container orchestration - Error page handling GitHub Workflow (docker-build-push.yml): - Triggers on push to main, tags, and pull requests - Multi-platform builds (linux/amd64, linux/arm64) - Pushes to GitHub Container Registry (ghcr.io) - Automatic tagging: latest, semver, sha, branch - Uses GitHub Actions cache for faster builds - Requires only GITHUB_TOKEN (no secrets needed) .dockerignore: - Excludes node_modules, .next, build artifacts - Excludes dev files, logs, and IDE configs - Keeps Docker image size minimal Image will be available at: ghcr.io/valknarness/units-ui:latest 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-11-08 09:32:42 +01:00

Author

SHA1

Message

Date

Sebastian Krüger

f2d2bd7e25

chore: streamline Docker workflow with attestation support

Updated GitHub Actions workflow based on kit.pivoine.art template:

Permissions:
- Added id-token: write (required for attestations)
- Added attestations: write (enables build provenance)

Improvements:
- Added workflow_dispatch trigger for manual runs
- Updated docker/build-push-action from v5 to v6
- Added conditional login (skip on pull requests)
- Added artifact attestation step with actions/attest-build-provenance@v2
- Generates and pushes build provenance to registry
- Provides supply chain security and transparency

Attestation benefits:
- Verifiable build provenance
- SLSA (Supply chain Levels for Software Artifacts) compliance
- Cryptographically signed metadata about build process
- Helps users verify image authenticity

The workflow now matches modern Docker image publishing best practices
with full attestation support for enhanced security.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-08 11:03:49 +01:00

Sebastian Krüger

365b8ed328

ci: add Docker build and GitHub Container Registry workflow

Add complete Docker containerization and CI/CD setup:

Docker Configuration:
- Multi-stage Dockerfile with 3 stages (deps, builder, runner)
- Stage 1: Install dependencies with pnpm in Alpine
- Stage 2: Build Next.js static export
- Stage 3: Serve static files with nginx:alpine
- Health check endpoint on /health
- Optimized for production with layer caching

Nginx Configuration:
- Custom nginx.conf for static file serving
- Gzip compression enabled
- Security headers (X-Frame-Options, X-Content-Type-Options, etc.)
- Static asset caching with 1-year expiry
- Client-side routing support (try_files)
- Health check endpoint for container orchestration
- Error page handling

GitHub Workflow (docker-build-push.yml):
- Triggers on push to main, tags, and pull requests
- Multi-platform builds (linux/amd64, linux/arm64)
- Pushes to GitHub Container Registry (ghcr.io)
- Automatic tagging: latest, semver, sha, branch
- Uses GitHub Actions cache for faster builds
- Requires only GITHUB_TOKEN (no secrets needed)

.dockerignore:
- Excludes node_modules, .next, build artifacts
- Excludes dev files, logs, and IDE configs
- Keeps Docker image size minimal

Image will be available at:
ghcr.io/valknarness/units-ui:latest

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-11-08 09:32:42 +01:00

2 Commits