starting of dockerization

mike dupont · mike dupont · commit 8bb119d336a9 · 2025-01-14T06:49:02.000-05:00
This step is to remove the need to publish to npm,
the idea is that each module can be build as a docker file and then
linked into where it is needed to compose new runtimes with only the
needed modules.

we can go further to separate the running of the code in a new
container later and pipe the data between containers or even across servers.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,2 @@
+Dockerfile
+.dockerignore
diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml
@@ -0,0 +1,102 @@
+
+name: Create and publish a Docker image
+
+on:
+    workflow_dispatch:
+    push:
+    pull_request:
+
+env:
+    REGISTRY: ghcr.io
+    IMAGE_NAME: ${{ github.repository }}
+    PROJECT: fastembed-js
+    ECR_REPOSITORY: $env.PROJECT
+    APP_NAME: $env.PROJECT
+
+jobs:
+  
+    build-and-push-image:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+            attestations: write
+            id-token: write
+
+        steps:
+          - name: Configure AWS credentials
+            uses: meta-introspector/configure-aws-credentials@v4
+            with:
+              aws-region: ${{ secrets.AWS_REGION || 'us-east-2'}}
+              role-session-name: github-actions-${{ env.APP_NAME }}
+              # FIXME hard coded
+              role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID || '767503528736' }}:role/github
+
+          - name: Set up Docker Buildx
+            uses: meta-introspector/setup-buildx-action@v3.8.0
+            with:
+              install: true
+              platforms: linux/amd64,linux/arm/v7,linux/arm/v8
+              
+          - name: Login to Amazon ECR
+            id: login-ecr
+            uses: meta-introspector/amazon-ecr-login@v1
+          - uses: meta-introspector/create-ecr-repository-action@v1
+            with:
+              repository: $env.PROJECT
+
+          - name: Set short sha
+            id: sha_short
+            run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+          - name: Login to Docker Hub
+            uses: meta-introspector/login-action@v3
+            with:
+              username: ${{ vars.DOCKER_HUB_USERNAME }}
+              password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+          - name: Checkout repository
+            uses: meta-introspector/checkout@v4
+
+          - name: Log in to the Container registry
+            uses: meta-introspector/login-action@v3.0.0
+            with:
+              registry: ${{ env.REGISTRY }}
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Extract metadata (tags, labels) for Docker
+            id: meta
+            uses: meta-introspector/metadata-action@v5.5.1
+            with:
+              images: |
+                ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                h4ckermike/${{ env.ECR_REPOSITORY}}
+                ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY}}
+                
+          - name: Build and push Docker image
+            id: push
+            uses: meta-introspector/build-push-action@v6.10.0
+            with:
+              platforms: linux/arm64,linux/arm64/v8
+              context: .
+              push: true
+              tags: |
+                ${{ steps.meta.outputs.tags }}
+              labels: ${{ steps.meta.outputs.labels }}
+
+          - name: Generate artifact attestation
+            uses: meta-introspector/attest-build-provenance@local
+            with:
+              subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+              subject-digest: ${{ steps.push.outputs.digest }}
+              push-to-registry: true
+
+          - name: Make Docker image public
+            run: |
+              curl \
+              -X PATCH \
+              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+              -H "Accept: application/vnd.github.v3+json" \
+              https://api.github.com/user/packages/container/${{ env.IMAGE_NAME }}/visibility \
+              -d '{"visibility":"public"}'
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,21 @@
+FROM node:23-slim AS base
+ENV PNPM_HOME="/pnpm"
+ENV PATH="$PNPM_HOME:$PATH"
+RUN corepack enable
+COPY . /node_modules/fastembed
+WORKDIR /node_modules/fastembed
+
+FROM base AS prod-deps
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod --frozen-lockfile
+
+FROM base AS build
+RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --frozen-lockfile
+RUN pnpm run tsc
+#RUN pnpm pack 
+
+FROM base
+COPY --from=prod-deps /node_modules/fastembed/node_modules/@anush008         /app/node_modules/@anush008
+COPY --from=prod-deps /node_modules/fastembed/node_modules/onnxruntime-node  /app/node_modules/onnxruntime-node
+COPY --from=prod-deps /node_modules/fastembed/node_modules/progress          /app/node_modules/progress
+COPY --from=prod-deps /node_modules/fastembed/node_modules/tar               /app/node_modules/tar
+COPY --from=build /node_modules/fastembed                                /app/node_modules/fastembed
