diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..dd87e2d7 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +node_modules +build diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml index b485edad..daa59490 100644 --- a/.github/workflows/pull_requests.yml +++ b/.github/workflows/pull_requests.yml @@ -33,6 +33,20 @@ jobs: if: success() run: npx grunt prod + - name: Production Image Build + if: success() + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + # Not being uploaded to any registry, use a simple name to allow Buildah to build correctly. + image: cyberchef + containerfiles: ./Dockerfile + platforms: linux/amd64 + oci: true + # Webpack seems to use a lot of open files, increase the max open file limit to accomodate. + extra-args: | + --ulimit nofile=10000 + - name: UI Tests if: success() run: | diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml index b1be78f9..421cb5cd 100644 --- a/.github/workflows/releases.yml +++ b/.github/workflows/releases.yml @@ -6,9 +6,17 @@ on: tags: - 'v*' +env: + REGISTRY: ghcr.io + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + IMAGE_NAME: ${{ github.repository }} + jobs: main: runs-on: ubuntu-latest + permissions: + packages: write steps: - uses: actions/checkout@v3 @@ -19,7 +27,7 @@ jobs: - name: Install run: | - npm install + npm ci npm run setheapsize - name: Lint @@ -31,17 +39,38 @@ jobs: npm run testnodeconsumer - name: Production Build - if: success() run: npx grunt prod - name: UI Tests - if: success() run: | sudo apt-get install xvfb xvfb-run --server-args="-screen 0 1200x800x24" npx grunt testui + - name: Image Metadata + id: image-metadata + uses: docker/metadata-action@v4 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=semver,pattern={{major}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{version}} + + - name: Production Image Build + id: build-image + uses: redhat-actions/buildah-build@v2 + with: + tags: ${{ steps.image-metadata.outputs.tags }} + labels: ${{ steps.image-metadata.outputs.labels }} + containerfiles: ./Dockerfile + platforms: linux/amd64 + oci: true + # Webpack seems to use a lot of open files, increase the max open file limit to accomodate. + extra-args: | + --ulimit nofile=10000 + + - name: Upload Release Assets - if: success() id: upload-release-assets uses: svenstaro/upload-release-action@v2 with: @@ -53,7 +82,14 @@ jobs: body: "See the [CHANGELOG](https://github.com/gchq/CyberChef/blob/master/CHANGELOG.md) and [commit messages](https://github.com/gchq/CyberChef/commits/master) for details." - name: Publish to NPM - if: success() uses: JS-DevTools/npm-publish@v1 with: token: ${{ secrets.NPM_TOKEN }} + + - name: Publish to GHCR + uses: redhat-actions/push-to-registry@v2 + with: + tags: ${{ steps.build-image.outputs.tags }} + registry: ${{ env.REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..be4c8bad --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM node:18-alpine AS build + +COPY . . +RUN npm ci +RUN npm run build + +FROM nginx:1.25-alpine3.18 AS cyberchef + +COPY --from=build ./build/prod /usr/share/nginx/html/ diff --git a/README.md b/README.md index 24f56e77..5549bda2 100755 --- a/README.md +++ b/README.md @@ -20,6 +20,22 @@ Cryptographic operations in CyberChef should not be relied upon to provide secur [A live demo can be found here][1] - have fun! +## Containers + +If you would like to try out CyberChef locally you can either build it yourself: + +```bash +docker build --tag cyberchef --ulimit nofile=10000 . +docker run -it -p 8080:80 cyberchef +``` + +Or you can use our image directly: + +```bash +docker run -it -p 8080:80 ghcr.io/gchq/cyberchef:latest +``` + +This image is built and published through our [GitHub Workflows](.github/workflows/releases.yml) ## How it works