chore(ci): Caddy Setup (#37)

docker-compose.yml

@@ -6,18 +6,18 @@ x-var:
 # Postgres envars
 x-postgres-vars: &postgres-vars
   POSTGRES_DATABASE: postgres
-  POSTGRES_HOST: quackStack-db
+  POSTGRES_HOST: nr-nmp-db
   POSTGRES_PASSWORD: default
   POSTGRES_USER: *POSTGRES_USER
 
-name: quackstack-bb
+name: nr-nmp
 services:
   # DB
   database:
     build:
       context: ./database
       dockerfile: Dockerfile
-    container_name: quackStack-db
+    container_name: nr-nmp-db
     environment:
       <<: *postgres-vars
     ports: [5432:5432]
@@ -26,7 +26,7 @@ services:
 
   # PGAdmin
   pgadmin:
-    container_name: quackStack-pgadmin
+    container_name: nr-nmp-pgadmin
     environment:
       PGADMIN_DEFAULT_EMAIL: [email protected]
       PGADMIN_DEFAULT_PASSWORD: admin
@@ -40,7 +40,7 @@ services:
       context: ./backend
       dockerfile: Dockerfile
     command: npm run ${CMD:-dev}
-    container_name: quackStack-api
+    container_name: nr-nmp-api
     depends_on:
       database:
         condition: service_healthy
@@ -60,22 +60,38 @@ services:
 
   # Frontend
   frontend:
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile
-    command: npm run ${CMD:-dev}
-    container_name: quackStack-frontend
+    image: node:20.17.0
+    command: /bin/bash -c "cd ./app && npm install && npm run ${CMD:-dev}"
+    container_name: nr-nmp-frontend
     depends_on:
       backend:
         condition: service_healthy
-    develop:
-      watch:
-        - action: sync
-          path: ./frontend
-          target: /app
-          ignore: [node_modules]
+    # develop:
+    #   watch:
+    #     - action: sync
+    #       path: ./frontend
+    #       target: /app
+    #       ignore: [node_modules]
     environment:
       VITE_BACKEND_URL: http://localhost:3000/api
     healthcheck:
       test: curl --fail http://localhost:5173 || exit 1
-    ports: [5173:5173]
+    ports: ["5173:5173"]
+    volumes: ["./frontend:/app", "/app/node_modules"]
+
+  caddy:
+    container_name: caddy
+    profiles: ["caddy"]
+    build: ./frontend
+    environment:
+      NODE_ENV: development
+      PORT: 3000
+      BACKEND_URL: http://backend:3000
+      LOG_LEVEL: info
+    ports: ["3005:3000"]
+    volumes: ["./frontend/Caddyfile:/etc/caddy/Caddyfile"]
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:3005"]
+    depends_on:
+      backend:
+        condition: service_healthy

frontend/Caddyfile

@@ -0,0 +1,48 @@
+{
+	auto_https off
+	admin 0.0.0.0:3003
+	servers {
+		metrics
+	}
+}
+:3000 {
+	log {
+		output stdout
+		format console {
+			time_format iso8601
+			level_format color
+		}
+		level {$LOG_LEVEL}
+	}
+	root * /srv
+	encode zstd gzip
+	file_server
+	@spa_router {
+		not path /api*
+		file {
+			try_files {path} /index.html
+		}
+	}
+	rewrite @spa_router {http.matchers.file.relative}
+	# Proxy requests to API service
+	reverse_proxy /api* {$BACKEND_URL} {
+		header_up Host {http.reverse_proxy.upstream.hostport}
+		header_up X-Real-IP {remote_host}
+		header_up X-Forwarded-For {remote_host}
+	}
+	header {
+		X-Frame-Options "SAMEORIGIN"
+		X-XSS-Protection "1;mode=block"
+		Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate"
+		X-Content-Type-Options "nosniff"
+		Strict-Transport-Security "max-age=31536000"
+		Content-Security-Policy "default-src 'self' https://spt.apps.gov.bc.ca data:; script-src 'self' 'unsafe-eval' https://www2.gov.bc.ca ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://fonts.googleapis.com http://www.w3.org https://*.gov.bc.ca"
+		Referrer-Policy "same-origin"
+		Feature-Policy "fullscreen 'self'; camera 'none'; microphone 'none'"
+	}
+}
+:3001 {
+	handle /health {
+		respond "OK"
+	}
+}

frontend/Dockerfile

@@ -1,34 +1,51 @@
 # Base image for the container
-FROM node:20.17.0
+FROM node:20.17.0 AS build
 
 # Set environment variables
-ENV npm_config_cache=/app/.npm
-ENV APP_USER=1011540000
+# ENV npm_config_cache=/app/.npm
+# ENV APP_USER=1011540000
 
 # Create user and group
-RUN groupadd --gid ${APP_USER} appGroup && \
-  useradd --uid ${APP_USER} --gid appGroup --home /app ${APP_USER}
+# RUN groupadd --gid ${APP_USER} appGroup && \
+#   useradd --uid ${APP_USER} --gid appGroup --home /app ${APP_USER}
 
 # Switch to the new user
-USER ${APP_USER}
+# USER ${APP_USER}
 
 # Set the working directory
 WORKDIR /app/
 
 # Copy package.json and package-lock.json first to leverage Docker cache
-COPY --chown=${APP_USER} package.json package-lock.json ./
+# COPY --chown=${APP_USER} package.json package-lock.json ./
+COPY package*.json ./
 
 # Install dependencies
 RUN npm install
 
 # Copy the rest of the application code
-COPY --chown=${APP_USER} . ./
+# COPY --chown=${APP_USER} . ./
+COPY . /app
 
 # Ensure TypeScript is installed and compile the project
 RUN npm run build
 
 # Expose the port that the app runs on
-EXPOSE 5173
+# EXPOSE 5173
 
 # Run the application in production mode
-CMD ["npm", "run", "serve", "--no-update-notifier", "--max-old-space-size=50"]
+# CMD ["npm", "run", "serve", "--no-update-notifier", "--max-old-space-size=50"]
+
+FROM caddy:2.8.4-alpine
+RUN apk add --no-cache ca-certificates
+
+# Copy static files, verify Caddyfile formatting
+COPY --from=build /app/dist /srv
+COPY Caddyfile /etc/caddy/Caddyfile
+RUN caddy fmt /etc/caddy/Caddyfile
+
+# Boilerplate, not used in OpenShift/Kubernetes
+EXPOSE 3000 3001
+HEALTHCHECK --interval=30s --timeout=3s CMD curl -f http://localhost:3001/health
+
+# Nonroot user
+USER 1001

frontend/openshift.deploy.yml

@@ -26,10 +26,10 @@ objects:
     spec:
       type: ClusterIP
       ports:
-        - port: 80
-          targetPort: 5173
+        - port: 3005
+          targetPort: 3000
           protocol: TCP
-          name: http-5173
+          name: http-3000
       selector:
         service: ${APP}-${TARGET}-${COMPONENT}
   - kind: Deployment
@@ -69,26 +69,26 @@ objects:
                 - name: http
                   containerPort: 5173
                   protocol: TCP
-              readinessProbe:
-                httpGet:
-                  path: /
-                  port: http
-                  scheme: HTTP
-                initialDelaySeconds: 90
-                periodSeconds: 10
-                timeoutSeconds: 10
-                successThreshold: 3
-                failureThreshold: 30
-              livenessProbe:
-                successThreshold: 1
-                failureThreshold: 3
-                httpGet:
-                  path: /
-                  port: http
-                  scheme: HTTP
-                initialDelaySeconds: 15
-                periodSeconds: 30
-                timeoutSeconds: 5
+              # readinessProbe:
+              #   httpGet:
+              #     path: /
+              #     port: http
+              #     scheme: HTTP
+              #   initialDelaySeconds: 90
+              #   periodSeconds: 10
+              #   timeoutSeconds: 10
+              #   successThreshold: 3
+              #   failureThreshold: 30
+              # livenessProbe:
+              #   successThreshold: 1
+              #   failureThreshold: 3
+              #   httpGet:
+              #     path: /
+              #     port: http
+              #     scheme: HTTP
+              #   initialDelaySeconds: 15
+              #   periodSeconds: 30
+              #   timeoutSeconds: 5
               resources: # this is optional
                 limits:
                   cpu: 150m
@@ -105,7 +105,7 @@ objects:
     spec:
       host: nr-nmp-${TARGET}.apps.silver.devops.gov.bc.ca
       port:
-        targetPort: http-5173
+        targetPort: http-3000
       to:
         kind: Service
         name: ${APP}-${TARGET}-${COMPONENT}