auth-service

.github/workflows/build-auth.yaml

@@ -0,0 +1,56 @@
+name: Build and Push Auth
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+    paths:
+      - 'auth/**'
+      - '.github/workflows/build-auth.yaml'
+  release:
+    types: [published]
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  build-auth:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}-auth
+          tags: |
+            type=pep440,pattern={{version}},value=${{ github.ref_name }},enable=${{ github.event_name == 'release' }}
+            type=ref,event=branch
+            type=raw,value=latest,enable=${{ github.event_name == 'release' }}
+
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./auth
+          dockerfile: Dockerfile
+          push: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }} 

.github/workflows/build-and-push.yaml → .github/workflows/build-backend.yaml

@@ -1,4 +1,4 @@
-name: Build and Push Docker Image
+name: Build and Push Backend
 
 on:
   push:
@@ -7,22 +7,20 @@ on:
       - dev
     paths:
       - 'scribbl_backend/**'
-      - '.github/workflows/build-and-push.yaml'
+      - '.github/workflows/build-backend.yaml'
   release:
     types: [published]
+
 env:
   REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}-backend
 
 jobs:
-  build-and-push:
+  build-backend:
     runs-on: ubuntu-latest
-    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
     permissions:
       contents: read
       packages: write
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v2
 
@@ -40,22 +38,19 @@ jobs:
         id: meta
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
-          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          images: ${{ env.REGISTRY }}/${{ github.repository }}-backend
           tags: |
-            # minimal
             type=pep440,pattern={{version}},value=${{ github.ref_name }},enable=${{ github.event_name == 'release' }}
-            # branch event
             type=ref,event=branch
             type=raw,value=latest,enable=${{ github.event_name == 'release' }}
 
       - name: Build and Push Docker image
         uses: docker/build-push-action@v4
         with:
-          # build-args: 
           context: ./scribbl_backend
           dockerfile: Dockerfile
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
           tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          labels: ${{ steps.meta.outputs.labels }} 

auth/.gitignore

@@ -0,0 +1,34 @@
+# Binaries
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.test
+auth-service
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (vendor/)
+vendor/
+
+# IDE/editor files
+.vscode/
+.idea/
+*.swp
+
+# OS files
+.DS_Store
+Thumbs.db
+
+# Environment files
+.env
+.env.*
+
+# Docker
+*.log
+docker-compose.override.yml
+
+# Test cache
+go-test-cache/ 

auth/Dockerfile

@@ -0,0 +1,42 @@
+# syntax=docker/dockerfile:1
+FROM golang:1.23-alpine AS builder
+
+# Install git for private repos and ca-certificates for HTTPS
+RUN apk update && apk add --no-cache git ca-certificates
+
+WORKDIR /app
+
+# Copy go mod files and download dependencies first (better caching)
+COPY go.mod go.sum ./
+RUN go mod download && go mod verify
+
+# Copy source code
+COPY . .
+
+# Build the application with optimizations
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags='-w -s -extldflags "-static"' \
+    -o auth-service ./cmd/auth/main.go
+
+# Final stage - minimal Alpine image
+FROM alpine:3.21
+
+# Install CA certificates for HTTPS
+RUN apk add --no-cache ca-certificates
+
+# Create non-root user
+RUN addgroup -g 1001 -S appuser && \
+    adduser -u 1001 -S appuser -G appuser
+
+# Copy the binary
+COPY --from=builder /app/auth-service /auth-service
+
+# Change ownership and make executable
+RUN chown appuser:appuser /auth-service
+
+# Switch to non-root user
+USER appuser
+
+EXPOSE 8080
+
+CMD ["/auth-service"]