entur · lindtvedtsebastian · Aug 30, 2023 · Aug 28, 2023 · Aug 29, 2023 · Aug 29, 2023
diff --git a/.github/workflows/deploy_beta_staging.yml b/.github/workflows/deploy_beta_staging.yml
@@ -0,0 +1,41 @@
+name: Deploy Beta staging
+
+on:
+    workflow_dispatch:
+    push:
+        branches:
+            - master
+        paths:
+            - "next-tavla/**"
+
+env:
+  PROJECT_ID: ${{ secrets.BETA_STAGING_ID }}
+  RUN_REGION:  ${{ secrets.BETA_RUN_REGION }}
+  ENABLED_FEATURES: ${{ secrets.ENABLED_FEATURES }}
+
+jobs:
+    deploy-staging:
+        runs-on: ubuntu-latest
+        defaults:
+            run:
+                working-directory: next-tavla
+        steps:
+           - uses: actions/checkout@v3
+
+           - uses: 'google-github-actions/auth@v1'
+             with:
+               credentials_json: "${{ secrets.FIREBASE_DEPLOY_CREDENTIALS_STAGING }}"
+
+           - name: 'Set up Cloud SDK'
+             uses: 'google-github-actions/setup-gcloud@v1'
+             with:
+               version: '>= 363.0.0'
+
+           - name: 'Build container image'
+             run: 'gcloud builds submit --tag eu.gcr.io/$PROJECT_ID/$PROJECT_ID:$GITHUB_SHA'
+
+           - name: 'Deploy'
+             run: >
+                gcloud run deploy $PROJECT_ID --image eu.gcr.io/$PROJECT_ID/PROJECT_ID:$GITHUB_SHA
+                --set-secrets=SERVICE_ACCOUNT=SERVICE_ACCOUNT:latest --region $RUN_REGION
+                --set-env-vars=ENABLED_FEATURES=$ENABLED_FEATURES
diff --git a/.github/workflows/deploy_next_tavla_staging.yml b/.github/workflows/deploy_next_tavla_staging.yml
@@ -2,11 +2,7 @@ name: Deploy Next Staging
 
 on:
   workflow_dispatch:
-  push:
-    branches:
-      - master
-    paths:
-      - "next-tavla/**"
+
 jobs:
   deploy-staging:
     runs-on: ubuntu-latest

diff --git a/next-tavla/.dockerignore b/next-tavla/.dockerignore
@@ -0,0 +1,12 @@
+Dockerfile*
+.dockerignore
+node_modules
+npm-debug.log
+README.md
+.next
+.git
+.jest_cache
+.docker-compose
+.vscode
+.terraform
+.husky
diff --git a/next-tavla/Dockerfile b/next-tavla/Dockerfile
@@ -1,60 +1,38 @@
-FROM node:18-alpine AS base
+FROM alpine AS base
+WORKDIR /app
+
+RUN apk add --update nodejs 
+RUN apk add --no-cache g++ make py3-pip libc6-compat yarn
 
-# Install dependencies only when needed
 FROM base AS deps
-# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
-RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
-# Install dependencies based on the preferred package manager
-COPY package.json yarn.lock* .yarnrc.yml package-lock.json* pnpm-lock.yaml* ./
-COPY .yarn/releases ./.yarn/releases
-RUN \
-  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
-  elif [ -f package-lock.json ]; then npm ci; \
-  elif [ -f pnpm-lock.yaml ]; then yarn global add pnpm && pnpm i --frozen-lockfile; \
-  else echo "Lockfile not found." && exit 1; \
-  fi
+COPY . ./
 
+RUN yarn --version
+COPY yarn.lock ./
+RUN yarn 
 
-# Rebuild the source code only when needed
-FROM base AS builder
-WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
-COPY . .
+FROM deps AS builder
 
-# Next.js collects completely anonymous telemetry data about general usage.
-# Learn more here: https://nextjs.org/telemetry
-# Uncomment the following line in case you want to disable telemetry during the build.
 ENV NEXT_TELEMETRY_DISABLED 1
 
 RUN yarn build
 
-# If using npm comment out above and use below instead
-# RUN npm run build
-
-# Production image, copy all the files and run next
 FROM base AS runner
-WORKDIR /app
 
-ENV NODE_ENV production
-# Uncomment the following line in case you want to disable telemetry during runtime.
+ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED 1
 
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
+RUN addgroup --system --gid 1001 app
+RUN adduser --system --uid 1001 app
+USER app
 
-COPY --from=builder /app/public ./public
-
-# Automatically leverage output traces to reduce image size
-# https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-
-USER nextjs
-
-EXPOSE 3000
+COPY --chown=app:app --from=builder /app/.next/standalone src/
+COPY --chown=app:app --from=builder /app/public src/public
+COPY --chown=app:app --from=builder /app/.next/static src/.next/static
 
 ENV PORT 3000
+EXPOSE 3000
 
-CMD ["node", "server.js"]
+CMD ["node", "src/server.js"]
diff --git a/next-tavla/pages/api/login.ts b/next-tavla/pages/api/login.ts
@@ -1,8 +1,8 @@
-import { initializeOrGetAdminApp } from 'Admin/utils/firebase'
+import { initializeAdminApp } from 'Admin/utils/firebase'
 import { auth } from 'firebase-admin'
 import { NextApiRequest, NextApiResponse } from 'next'
 
-const app = initializeOrGetAdminApp()
+initializeAdminApp()
 
 export default async function handler(
     request: NextApiRequest,
@@ -11,11 +11,11 @@ export default async function handler(
     const authorization = request.headers.authorization
     if (authorization?.startsWith('Bearer ')) {
         const idToken = authorization.split('Bearer ')[1] ?? ''
-        const decodedToken = await auth(app).verifyIdToken(idToken)
+        const decodedToken = await auth().verifyIdToken(idToken)
 
         if (decodedToken) {
             const expiresIn = 60 * 60 * 24 * 10 // Ten days
-            const sessionCookie = await auth(app).createSessionCookie(idToken, {
+            const sessionCookie = await auth().createSessionCookie(idToken, {
                 expiresIn,
             })
 

diff --git a/next-tavla/pages/edit/[id].tsx b/next-tavla/pages/edit/[id].tsx
@@ -6,22 +6,21 @@ import classes from 'styles/pages/admin.module.css'
 import { Contrast } from '@entur/layout'
 import { upgradeSettings } from 'utils/converters'
 import { ToastProvider } from '@entur/alert'
-// import { IncomingNextMessage } from 'types/next'
-// import { verifySession } from 'Admin/utils/firebase'
+import { IncomingNextMessage } from 'types/next'
+import { verifySession } from 'Admin/utils/firebase'
 import { DecodedIdToken } from 'firebase-admin/lib/auth/token-verifier'
 
 export async function getServerSideProps({
     params,
-}: // req,
-{
+    req,
+}: {
     params: { id: string }
-    // req: IncomingNextMessage
+    req: IncomingNextMessage
 }) {
     const { id } = params
 
-    // const session = req.cookies['session']
-    // const user = await verifySession(session)
-    const user = null
+    const session = req.cookies['session']
+    const user = await verifySession(session)
     const settings: TSettings | undefined = await getBoardSettings(id)
 
     if (!settings) {

diff --git a/next-tavla/src/Admin/utils/firebase.ts b/next-tavla/src/Admin/utils/firebase.ts
@@ -1,21 +1,18 @@
 import admin, { auth } from 'firebase-admin'
-import { applicationDefault, getApp } from 'firebase-admin/app'
+import { cert } from 'firebase-admin/app'
 
-const app = initializeOrGetAdminApp()
-
-export function initializeOrGetAdminApp() {
+export function initializeAdminApp() {
     if (admin.apps.length <= 0) {
-        return admin.initializeApp({
-            credential: applicationDefault(),
+        admin.initializeApp({
+            credential: cert(JSON.parse(process.env.SERVICE_ACCOUNT ?? '')),
         })
     }
-    return getApp()
 }
 
 export async function verifySession(session?: string) {
     if (!session) return null
     try {
-        return await auth(app).verifySessionCookie(session, true)
+        return await auth().verifySessionCookie(session, true)
     } catch {
         return null
     }