OZG-4856 OZG-4895 Add Docker build process

alfa-client/.dockerignore

+# Files die während eines docker build nicht in den Build Context geladen werden sollen.
+.DS_Store
+.angular
+.dockerignore
+.editorconfig
+.eslintignore
+.eslintrc.json
+.git
+.gitattributes
+.gitignore
+.nx
+.settings
+.prettierignore
+.prettierrc
+.scannerwork
+.vscode
+Dockerfile.nx-build-base
+README.md
+coverage
+data
+dist
+jest.config.ts
+jest.preset.js
+node_modules
+pom.xml
+proxy.conf.mjs
+proxy.dev.conf.json
+sonar-project.properties
+test-report.xml
+tmp
+tools

alfa-client/Dockerfile.nx-build-base

+FROM node:18 as builder
+
+ARG NODE_ENV
+ARG BUILD_FLAG
+
+WORKDIR /app/builder
+COPY . .
+
+RUN npm install --registry=https://nexus.ozg-sh.de/repository/npm-proxy

alfa-client/README.md

@@ -24,3 +24,21 @@ Hinweise:
 
 * Parameter testResultsProcessor, collectCoverage, coverageReporters führen zu _Unknown option_ warnings während jeden Tests, wenn sie in der jeweiligen _jest.config.ts_ definiert sind. Werden sie dagegen als CLI Parameter beim Start der Tests übergeben, wird keine Warnung produziert.
 * Es können mehrere Tests parallel laufen mittel `nx run-many --target=test --parallel 8`. Tests sollten dann nicht zusätzlich mit Jest's _maxWorkers_ Parameter parallelisiert werden.
+
+## Docker build
+
+Base Image: Wird manuell von Entwicklern gebaut, nach Änderungen an package.json.
+
+```
+bin/nx-build-base.sh
+```
+
+Anwendungsimage - wird in der Regel vom Jenkins gebaut.
+- APPNAME: Name der App im Verzeichnis apps/
+- Versionierung steuert Jenkins
+- build-arg CONFIGURATION steuert production build
+
+```
+docker buildx build --push --platform linux/amd64 --tag docker.ozg-sh.de/APPNAME:x.x.x  --build-arg CONFIGURATION=production -f apps/APPNAME/Dockerfile .
+```
+

alfa-client/apps/admin/Dockerfile

+# Benutzt das vorher zu bauende Docker image "nx-build-base:x.y.z"
+# Siehe ../Dockerfile.nx-build-base
+FROM docker.ozg-sh.de/nx-build-base:1.0.0 AS builder
+
+ARG NODE_ENV
+ARG CONFIGURATION
+
+# Turn off Nx Daemon
+ENV CI=true
+
+WORKDIR /app/builder
+COPY . .
+
+RUN echo "Building configuration: $CONFIGURATION..."
+
+RUN npx nx build admin --outputHashing=all --configuration ${CONFIGURATION:-development} \
+    && ./node_modules/.bin/gzipper compress ./dist --verbose --exclude jpg,jpeg,png,ico,woff,woff2
+
+FROM nginx:stable-alpine
+
+WORKDIR /usr/share/nginx/html
+
+COPY --from=builder /app/builder/dist/apps/admin ./
+COPY --from=builder /app/builder/apps/admin/nginx.conf /etc/nginx/nginx.conf

alfa-client/apps/admin/nginx.conf

+# Verarbeitungsreihenfolge von location rules:
+# --------------------------------------------------------------------------------------------------------------------------------------------
+# Search-Order       Modifier       Description                                                        Match-Type        Stops-search-on-match
+# --------------------------------------------------------------------------------------------------------------------------------------------
+#     1st               =           The URI must match the specified pattern exactly                  Simple-string              Yes
+#     2nd               ^~          The URI must begin with the specified pattern                     Simple-string              Yes
+#     3rd             (None)        The URI must begin with the specified pattern                     Simple-string               No
+#     4th               ~           The URI must be a case-sensitive match to the specified Rx      Perl-Compatible-Rx      Yes (first match)
+#     4th               ~*          The URI must be a case-insensitive match to the specified Rx    Perl-Compatible-Rx      Yes (first match)
+#     N/A               @           Defines a named location block.                                   Simple-string              Yes
+# --------------------------------------------------------------------------------------------------------------------------------------------
+#
+# Regex Matches werden bevorzugt verwendet.
+# Mehr: https://stackoverflow.com/a/59846239/1546181
+
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server_tokens off;
+    access_log off;
+    error_log stderr crit;
+
+    server {
+        listen 80;
+        server_name localhost;
+
+        root   /usr/share/nginx/html;
+        index  index.html;
+        include /etc/nginx/mime.types;
+
+        gzip on;
+        gzip_min_length 1000;
+        gzip_proxied expired no-cache no-store private auth;
+        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+        # Add security related headers.
+		# TODO Fuehrt teilweise zu Content Security Policy Fehler (CSP). Cache deaktivieren beim Testen!
+        # see https://dri.es/headers?url=https://meine-domain.xy
+        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        #add_header X-Content-Type-Options "nosniff" always;
+        #add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        #add_header X-Frame-Options "SAMEORIGIN" always;
+        # Tricky for Angular, see https://github.com/angular/angular-cli/issues/3430#issuecomment-415063027
+        # Seit Angular 12 ist 'unsafe-inline' für script-src nötig, weil index.html:13 irgendwas geladen wird
+        # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
+        #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; manifest-src 'self'; font-src 'self'" always;
+
+        location ^~ /api {
+            proxy_pass http://admin:8080/api;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+        }
+
+        # Enable Path Routing (default for Angular)
+        location / {
+            try_files $uri$args $uri$args/ /index.html;
+        }
+    }
+}

alfa-client/apps/alfa/Dockerfile

+# Benutzt das vorher zu bauende Docker image "nx-build-base:x.y.z"
+# Siehe ../Dockerfile.nx-build-base
+FROM docker.ozg-sh.de/nx-build-base:1.0.0 AS builder
+
+ARG NODE_ENV
+ARG CONFIGURATION
+
+# Turn off Nx Daemon
+ENV CI=true
+
+WORKDIR /app/builder
+COPY . .
+
+RUN echo "Building configuration: $CONFIGURATION..."
+
+RUN npx nx build alfa --outputHashing=all --configuration ${CONFIGURATION:-development} \
+    && ./node_modules/.bin/gzipper compress ./dist --verbose --exclude jpg,jpeg,png,ico,woff,woff2
+
+FROM nginx:stable-alpine
+
+WORKDIR /usr/share/nginx/html
+
+COPY --from=builder /app/builder/dist/apps/alfa ./
+COPY --from=builder /app/builder/apps/alfa/nginx.conf /etc/nginx/nginx.conf

alfa-client/apps/alfa/nginx.conf

+# Verarbeitungsreihenfolge von location rules:
+# --------------------------------------------------------------------------------------------------------------------------------------------
+# Search-Order       Modifier       Description                                                        Match-Type        Stops-search-on-match
+# --------------------------------------------------------------------------------------------------------------------------------------------
+#     1st               =           The URI must match the specified pattern exactly                  Simple-string              Yes
+#     2nd               ^~          The URI must begin with the specified pattern                     Simple-string              Yes
+#     3rd             (None)        The URI must begin with the specified pattern                     Simple-string               No
+#     4th               ~           The URI must be a case-sensitive match to the specified Rx      Perl-Compatible-Rx      Yes (first match)
+#     4th               ~*          The URI must be a case-insensitive match to the specified Rx    Perl-Compatible-Rx      Yes (first match)
+#     N/A               @           Defines a named location block.                                   Simple-string              Yes
+# --------------------------------------------------------------------------------------------------------------------------------------------
+#
+# Regex Matches werden bevorzugt verwendet.
+# Mehr: https://stackoverflow.com/a/59846239/1546181
+
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server_tokens off;
+    access_log off;
+    error_log stderr crit;
+
+    server {
+        listen 80;
+        server_name localhost;
+
+        root   /usr/share/nginx/html;
+        index  index.html;
+        include /etc/nginx/mime.types;
+
+        gzip on;
+        gzip_min_length 1000;
+        gzip_proxied expired no-cache no-store private auth;
+        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+        # Add security related headers.
+		# TODO Fuehrt teilweise zu Content Security Policy Fehler (CSP). Cache deaktivieren beim Testen!
+        # see https://dri.es/headers?url=https://meine-domain.xy
+        #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+        #add_header X-Content-Type-Options "nosniff" always;
+        #add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+        #add_header X-Frame-Options "SAMEORIGIN" always;
+        # Tricky for Angular, see https://github.com/angular/angular-cli/issues/3430#issuecomment-415063027
+        # Seit Angular 12 ist 'unsafe-inline' für script-src nötig, weil index.html:13 irgendwas geladen wird
+        # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
+        #add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; manifest-src 'self'; font-src 'self'" always;
+
+        location ^~ /api {
+            proxy_pass http://alfa:8080/api;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection 'upgrade';
+            proxy_set_header Host $host;
+            proxy_cache_bypass $http_upgrade;
+        }
+
+        # Enable Path Routing (default for Angular)
+        location / {
+            try_files $uri$args $uri$args/ /index.html;
+        }
+    }
+}

alfa-client/bin/nx-build-base.sh

+#!/bin/bash
+#
+# Benötigt vorheriges `docker login docker.ozg-sh.de -u developer -p ******`
+
+# TODO Image-Version aus der package.json extrahieren
+VERSION="1.0.0"
+TAG="docker.ozg-sh.de/nx-build-base:${VERSION}"
+
+echo "Building ${TAG}..."
+docker buildx build --push --platform linux/amd64 --tag ${TAG} -f Dockerfile.nx-build-base .

alfa-client/package-lock.json

@@ -88,6 +88,7 @@
         "eslint": "8.46.0",
         "eslint-config-prettier": "9.0.0",
         "eslint-plugin-cypress": "2.15.1",
+        "gzipper": "^7.2.0",
         "jasmine-marbles": "~0.9.2",
         "jest": "^29.4.3",
         "jest-environment-jsdom": "^29.4.3",
@@ -5677,6 +5678,19 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@gfx/zopfli": {
+      "version": "1.0.15",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/@gfx/zopfli/-/zopfli-1.0.15.tgz",
+      "integrity": "sha512-7mBgpi7UD82fsff5ThQKet0uBTl4BYerQuc+/qA1ELTwWEiIedRTcD3JgiUu9wwZ2kytW8JOb165rSdAt8PfcQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "base64-js": "^1.3.0"
+      },
+      "engines": {
+        "node": ">= 8"
+      }
+    },
     "node_modules/@humanwhocodes/config-array": {
       "version": "0.11.13",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/@humanwhocodes/config-array/-/config-array-0.11.13.tgz",
@@ -21484,6 +21498,13 @@
         "node": ">=12"
       }
     },
+    "node_modules/duplex-maker": {
+      "version": "1.0.0",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/duplex-maker/-/duplex-maker-1.0.0.tgz",
+      "integrity": "sha512-KoHuzggxg7f+vvjqOHfXxaQYI1POzBm+ah0eec7YDssZmbt6QFBI8d1nl5GQwAgR2f+VQCPvyvZtmWWqWuFtlA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/duplexer": {
       "version": "0.1.2",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/duplexer/-/duplexer-0.1.2.tgz",
@@ -24066,6 +24087,36 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/gzipper": {
+      "version": "7.2.0",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/gzipper/-/gzipper-7.2.0.tgz",
+      "integrity": "sha512-qwYQr7GWBXIm9Cdzud+tyM/s9N+QFzGDZoF9YR8RYJbDKOYowzjMDPEinFtm78EQeeYMC/FJW2FXY0bHkyUgsA==",
+      "dev": true,
+      "license": "GPL-3.0",
+      "dependencies": {
+        "@gfx/zopfli": "^1.0.15",
+        "commander": "^7.2.0",
+        "deep-equal": "^2.0.5",
+        "simple-zstd": "^1.4.0",
+        "uuid": "^8.3.2"
+      },
+      "bin": {
+        "gzipper": "bin/index.js"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/gzipper/node_modules/commander": {
+      "version": "7.2.0",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/commander/-/commander-7.2.0.tgz",
+      "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 10"
+      }
+    },
     "node_modules/handle-thing": {
       "version": "2.0.1",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/handle-thing/-/handle-thing-2.0.1.tgz",
@@ -25796,6 +25847,13 @@
         "node": ">=8"
       }
     },
+    "node_modules/is-zst": {
+      "version": "1.0.0",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/is-zst/-/is-zst-1.0.0.tgz",
+      "integrity": "sha512-ZA5lvshKAl8z30dX7saXLpVhpsq3d2EHK9uf7qtUjnOtdw4XBpAoWb2RvZ5kyoaebdoidnGI0g2hn9Z7ObPbww==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/isarray": {
       "version": "2.0.5",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/isarray/-/isarray-2.0.5.tgz",
@@ -34345,6 +34403,18 @@
       "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
       "license": "MIT"
     },
+    "node_modules/process-streams": {
+      "version": "1.0.1",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/process-streams/-/process-streams-1.0.1.tgz",
+      "integrity": "sha512-Z+FHhxiBhiQ4t/xTY3Bo2SxZG/CehflyckFsQirAXFRf/BfVnDePzpo58eq9JI4XfFu1RnX5C5EAE6V4sce1+g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "duplex-maker": "^1.0.0",
+        "quotemeta": "0.0.0",
+        "tempfile": "^1.1.0"
+      }
+    },
     "node_modules/progress": {
       "version": "2.0.3",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/progress/-/progress-2.0.3.tgz",
@@ -34710,6 +34780,13 @@
       ],
       "license": "MIT"
     },
+    "node_modules/quotemeta": {
+      "version": "0.0.0",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/quotemeta/-/quotemeta-0.0.0.tgz",
+      "integrity": "sha512-1XGObUh7RN5b58vKuAsrlfqT+Rc4vmw8N4pP9gFCq1GFlTdV0Ex/D2Ro1Drvrqj++HPi3ig0Np17XPslELeMRA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/ramda": {
       "version": "0.29.0",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/ramda/-/ramda-0.29.0.tgz",
@@ -36310,6 +36387,29 @@
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
       }
     },
+    "node_modules/simple-zstd": {
+      "version": "1.4.2",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/simple-zstd/-/simple-zstd-1.4.2.tgz",
+      "integrity": "sha512-kGYEvT33M5XfyQvvW4wxl3eKcWbdbCc1V7OZzuElnaXft0qbVzoIIXHXiCm3JCUki+MZKKmvjl8p2VGLJc5Y/A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "is-zst": "^1.0.0",
+        "peek-stream": "^1.1.3",
+        "process-streams": "^1.0.1",
+        "through2": "^4.0.2"
+      }
+    },
+    "node_modules/simple-zstd/node_modules/through2": {
+      "version": "4.0.2",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/through2/-/through2-4.0.2.tgz",
+      "integrity": "sha512-iOqSav00cVxEEICeD7TjLB1sueEL+81Wpzp2bY17uZjZN0pWZPuo4suZ/61VujxmqSGFfgOcNuTZ85QJwNZQpw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "readable-stream": "3"
+      }
+    },
     "node_modules/sisteransi": {
       "version": "1.0.5",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/sisteransi/-/sisteransi-1.0.5.tgz",
@@ -37897,6 +37997,28 @@
         "rimraf": "bin.js"
       }
     },
+    "node_modules/tempfile": {
+      "version": "1.1.1",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/tempfile/-/tempfile-1.1.1.tgz",
+      "integrity": "sha512-NjT12fW6pSEKz1eVcADgaKfeM+XZ4+zSaqVz46XH7+CiEwcelnwtGWRRjF1p+xyW2PVgKKKS2UUw1LzRelntxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "os-tmpdir": "^1.0.0",
+        "uuid": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
+    "node_modules/tempfile/node_modules/uuid": {
+      "version": "2.0.3",
+      "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/uuid/-/uuid-2.0.3.tgz",
+      "integrity": "sha512-FULf7fayPdpASncVy4DLh3xydlXEJJpvIELjYjNeQWYUZ9pclcpvCZSr2gkmN2FrrGcI7G/cJsIEwk5/8vfXpg==",
+      "deprecated": "Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/tempy": {
       "version": "1.0.1",
       "resolved": "http://nexus.ozg-sh.de/repository/npm-proxy/tempy/-/tempy-1.0.1.tgz",

alfa-client/package.json

@@ -121,6 +121,7 @@
     "eslint": "8.46.0",
     "eslint-config-prettier": "9.0.0",
     "eslint-plugin-cypress": "2.15.1",
+    "gzipper": "^7.2.0",
     "jasmine-marbles": "~0.9.2",
     "jest": "^29.4.3",
     "jest-environment-jsdom": "^29.4.3",