From 08a4b2d19a52bdc91c77bbd685b3b3632151fc9c Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Mon, 19 Aug 2024 22:24:13 +0000
Subject: [PATCH 1/6] add new alpine files

---
 .github/workflows/main-docker-alpine.yml | 152 +++++++++++++++++++++++
 Dockerfile-alpine                        |  56 +++++++++
 2 files changed, 208 insertions(+)
 create mode 100644 .github/workflows/main-docker-alpine.yml
 create mode 100644 Dockerfile-alpine

diff --git a/.github/workflows/main-docker-alpine.yml b/.github/workflows/main-docker-alpine.yml
new file mode 100644
index 000000000..766366613
--- /dev/null
+++ b/.github/workflows/main-docker-alpine.yml
@@ -0,0 +1,152 @@
+on:
+  push:
+    branches:
+      - "develop"
+      - "feature/update**"
+      - "feature/server_esm**"
+    paths-ignore:
+      - "docs/**"
+      - "bin/**"
+    tags:
+      - "v*"
+  workflow_dispatch:  
+
+env:
+  GHCR_REGISTRY: ghcr.io
+  DOCKERHUB_REGISTRY: docker.io
+  IMAGE_NAME: ${{ github.repository }}
+  TEST_TAG: triliumnext/notes:test
+  PLATFORMS: linux/amd64,linux/arm64
+
+jobs:
+  test_docker:
+    name: Check Docker build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up node & dependencies
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: "npm"
+      
+      - run: npm ci
+      
+      - name: Run the TypeScript build
+        run: npx tsc
+      
+      - name: Create server-package.json
+        run: cat package.json | grep -v electron > server-package.json
+
+      - name: Build and export to Docker
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          load: true
+          tags: ${{ env.TEST_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Run the container in the background
+        run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
+
+      - name: Wait for the healthchecks to pass
+        uses: stringbean/docker-healthcheck-action@v1
+        with:
+          container: trilium_local
+          wait-time: 50
+          require-status: running
+          require-healthy: true
+
+  build_docker:
+    name: Build Docker images
+    runs-on: ubuntu-latest
+    needs:
+      - test_docker
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+    steps:                        
+      - uses: actions/checkout@v4
+      - name: Extract metadata (tags, labels) for GHCR image
+        id: ghcr-meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+      - name: Extract metadata (tags, labels) for DockerHub image
+        id: dh-meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+      - name: Set up node & dependencies
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: "npm"
+      - run: npm ci
+      - name: Run the TypeScript build
+        run: npx tsc
+      - name: Create server-package.json
+        run: cat package.json | grep -v electron > server-package.json
+      - name: Log in to the GHCR container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.GHCR_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-buildx-action@v3
+      - name: Build and push container image to GHCR
+        uses: docker/build-push-action@v6
+        id: ghcr-push
+        with:
+          context: .
+          platforms: ${{ env.PLATFORMS }}
+          push: true              
+          tags: ${{ steps.ghcr-meta.outputs.tags }}
+          labels: ${{ steps.ghcr-meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Generate and push artifact attestation to GHCR
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.ghcr-push.outputs.digest }}
+          push-to-registry: true
+      - name: Log in to the DockerHub container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.DOCKERHUB_REGISTRY }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build and push image to DockerHub
+        uses: docker/build-push-action@v6
+        id: dh-push
+        with:
+          context: .
+          platforms: ${{ env.PLATFORMS }}
+          push: true
+          tags: ${{ steps.dh-meta.outputs.tags }}
+          labels: ${{ steps.dh-meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+      - name: Generate and push artifact attestation to DockerHub
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.dh-push.outputs.digest }}
+          push-to-registry: true
\ No newline at end of file
diff --git a/Dockerfile-alpine b/Dockerfile-alpine
new file mode 100644
index 000000000..c986800a0
--- /dev/null
+++ b/Dockerfile-alpine
@@ -0,0 +1,56 @@
+# !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!!
+FROM node:20.15.1-alpine
+
+# Configure system dependencies
+RUN apk add --no-cache --virtual .build-dependencies \
+    autoconf \
+    automake \
+    g++ \
+    gcc \
+    libtool \
+    make \
+    nasm \
+    libpng-dev \
+    python3 
+
+# Create app directory
+WORKDIR /usr/src/app
+
+# Bundle app source
+COPY . .
+
+COPY server-package.json package.json
+
+# Copy TypeScript build artifacts into the original directory structure.
+RUN ls
+RUN cp -R build/src/* src/.
+
+# Copy the healthcheck
+RUN cp build/docker_healthcheck.js .
+RUN rm docker_healthcheck.ts
+
+RUN rm -r build
+
+# Install app dependencies
+RUN set -x
+RUN npm install
+RUN apk del .build-dependencies
+RUN npm run webpack
+RUN npm prune --omit=dev
+RUN cp src/public/app/share.js src/public/app-dist/.
+RUN cp -r src/public/app/doc_notes src/public/app-dist/.
+RUN rm -rf src/public/app
+RUN rm src/services/asset_path.ts
+
+
+# Some setup tools need to be kept
+RUN apk add --no-cache su-exec shadow
+
+# Add application user and setup proper volume permissions
+RUN adduser -s /bin/false node; exit 0
+
+# Start the application
+EXPOSE 8080
+CMD [ "./start-docker.sh" ]
+
+HEALTHCHECK --start-period=10s CMD exec su-exec node node docker_healthcheck.js

From 6b916c1494e6c968bf9ad7ac6452305d5a830391 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Sat, 24 Aug 2024 00:10:46 +0000
Subject: [PATCH 2/6] add other CI/CD step

---
 .github/workflows/main-docker-alpine.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/main-docker-alpine.yml b/.github/workflows/main-docker-alpine.yml
index 766366613..f9d4caf2c 100644
--- a/.github/workflows/main-docker-alpine.yml
+++ b/.github/workflows/main-docker-alpine.yml
@@ -114,6 +114,7 @@ jobs:
         uses: docker/build-push-action@v6
         id: ghcr-push
         with:
+          file: ./Dockerfile-alpine
           context: .
           platforms: ${{ env.PLATFORMS }}
           push: true              

From 6eb6bfa25da4d5389829b48789cc6cae6e8cef83 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Sat, 24 Aug 2024 00:21:10 +0000
Subject: [PATCH 3/6] have debian be only for arm

---
 .github/workflows/main-docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main-docker.yml b/.github/workflows/main-docker.yml
index 70a3592b1..52421b969 100644
--- a/.github/workflows/main-docker.yml
+++ b/.github/workflows/main-docker.yml
@@ -16,7 +16,7 @@ env:
   DOCKERHUB_REGISTRY: docker.io
   IMAGE_NAME: ${{ github.repository }}
   TEST_TAG: triliumnext/notes:test
-  PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7
+  PLATFORMS: linux/arm64,linux/arm/v7
 
 jobs:
   test_docker:

From a769aef0597e142760c25ca008bf610a5a51c7c7 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Sat, 24 Aug 2024 00:22:30 +0000
Subject: [PATCH 4/6] have alpine be only for amd64

---
 .github/workflows/main-docker-alpine.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/main-docker-alpine.yml b/.github/workflows/main-docker-alpine.yml
index f9d4caf2c..612d626ad 100644
--- a/.github/workflows/main-docker-alpine.yml
+++ b/.github/workflows/main-docker-alpine.yml
@@ -16,7 +16,7 @@ env:
   DOCKERHUB_REGISTRY: docker.io
   IMAGE_NAME: ${{ github.repository }}
   TEST_TAG: triliumnext/notes:test
-  PLATFORMS: linux/amd64,linux/arm64
+  PLATFORMS: linux/arm64,linux/arm/v7
 
 jobs:
   test_docker:

From fcbb178096877792438c087f0da1630938905f48 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Wed, 28 Aug 2024 17:07:25 +0000
Subject: [PATCH 5/6] change Dockerfile.alpine name

---
 Dockerfile-alpine => Dockerfile.alpine | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)
 rename Dockerfile-alpine => Dockerfile.alpine (73%)

diff --git a/Dockerfile-alpine b/Dockerfile.alpine
similarity index 73%
rename from Dockerfile-alpine
rename to Dockerfile.alpine
index c986800a0..e7678db45 100644
--- a/Dockerfile-alpine
+++ b/Dockerfile.alpine
@@ -22,8 +22,8 @@ COPY . .
 COPY server-package.json package.json
 
 # Copy TypeScript build artifacts into the original directory structure.
-RUN ls
-RUN cp -R build/src/* src/.
+RUN ls && \ 
+    cp -R build/src/* src/.
 
 # Copy the healthcheck
 RUN cp build/docker_healthcheck.js .
@@ -32,15 +32,15 @@ RUN rm docker_healthcheck.ts
 RUN rm -r build
 
 # Install app dependencies
-RUN set -x
-RUN npm install
-RUN apk del .build-dependencies
-RUN npm run webpack
-RUN npm prune --omit=dev
-RUN cp src/public/app/share.js src/public/app-dist/.
-RUN cp -r src/public/app/doc_notes src/public/app-dist/.
-RUN rm -rf src/public/app
-RUN rm src/services/asset_path.ts
+RUN set -x && \
+    npm install && \
+    apk del .build-dependencies && \
+    npm run webpack && \
+    npm prune --omit=dev && \
+    cp src/public/app/share.js src/public/app-dist/. && \
+    cp -r src/public/app/doc_notes src/public/app-dist/. && \
+    rm -rf src/public/app && \
+    rm src/services/asset_path.ts
 
 
 # Some setup tools need to be kept

From da20a377c14a2abf45dc98fd0e9e7e204c6c8ce7 Mon Sep 17 00:00:00 2001
From: perf3ct <jonfuller2012@gmail.com>
Date: Wed, 28 Aug 2024 18:24:00 +0000
Subject: [PATCH 6/6] have alpine more closely match deb dockerfile

---
 Dockerfile.alpine | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/Dockerfile.alpine b/Dockerfile.alpine
index e7678db45..7ace8e964 100644
--- a/Dockerfile.alpine
+++ b/Dockerfile.alpine
@@ -22,14 +22,11 @@ COPY . .
 COPY server-package.json package.json
 
 # Copy TypeScript build artifacts into the original directory structure.
-RUN ls && \ 
-    cp -R build/src/* src/.
-
 # Copy the healthcheck
-RUN cp build/docker_healthcheck.js .
-RUN rm docker_healthcheck.ts
-
-RUN rm -r build
+RUN cp -R build/src/* src/. && \
+    cp build/docker_healthcheck.js . && \
+    rm -r build && \
+    rm docker_healthcheck.ts
 
 # Install app dependencies
 RUN set -x && \