BrowserAssistant/Dockerfile at master · AdguardTeam/BrowserAssistant · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
FROM adguard/extension-builder:22.17--0.2--0 AS base

WORKDIR /browser-assistant

ENV npm_config_store_dir=/pnpm-store

# ============================================================================
# Stage: deps
# Install dependencies (--ignore-scripts: no postinstall hooks needed)
# ============================================================================
FROM base AS deps

COPY package.json pnpm-lock.yaml ./

RUN --mount=type=cache,target=/pnpm-store,id=browser-assistant-pnpm \
    pnpm install \
        --frozen-lockfile \
        --prefer-offline \
        --ignore-scripts

# ============================================================================
# Stage: source-deps
# ============================================================================
FROM deps AS source-deps

COPY . /browser-assistant

# ============================================================================
# Stage: test
# Runs: pnpm dev + pnpm lint + pnpm test
# Output: build/dev/ artifacts
# ============================================================================
FROM source-deps AS test

ARG TEST_RUN_ID

RUN --mount=type=cache,target=/pnpm-store,id=browser-assistant-pnpm \
    echo "${TEST_RUN_ID}" > /tmp/.test-run-id && \
    pnpm dev && \
    pnpm lint && \
    pnpm test && \
    mkdir -p /out/artifacts && \
    cp build/dev/build.txt /out/artifacts/ && \
    cp build/dev/chrome.zip /out/artifacts/ && \
    cp build/dev/firefox.zip /out/artifacts/ && \
    cp build/dev/edge.zip /out/artifacts/

FROM scratch AS test-output
COPY --from=test /out/ /

# ============================================================================
# Stage: build-beta
# Runs: pnpm lint + pnpm test + pnpm locales validate + pnpm artifacts:beta
# Requires private repo (extensions-private) for CRX signing
# Output: chrome.crx, update.xml, build.txt, chrome.zip
# ============================================================================
FROM source-deps AS build-beta

COPY --from=private . /browser-assistant/private

ARG TEST_RUN_ID

RUN --mount=type=cache,target=/pnpm-store,id=browser-assistant-pnpm \
    --mount=type=secret,id=CREDENTIALS_PASSWORD \
    echo "${TEST_RUN_ID}" > /tmp/.test-run-id && \
    export CREDENTIALS_PASSWORD="$(cat /run/secrets/CREDENTIALS_PASSWORD)" && \
    pnpm lint && \
    pnpm test && \
    pnpm locales validate --min && \
    pnpm artifacts:beta && \
    mkdir -p /out/artifacts && \
    cp build/beta/build.txt /out/artifacts/ && \
    cp build/beta/chrome.crx /out/artifacts/ && \
    cp build/beta/update.xml /out/artifacts/ && \
    cp build/beta/chrome.zip /out/artifacts/

FROM scratch AS build-beta-output
COPY --from=build-beta /out/ /

# ============================================================================
# Stage: build-beta-firefox
# Runs: pnpm lint + pnpm test + pnpm locales validate + pnpm artifacts:beta-firefox
# + creates source.zip via archive-source.sh
# + signs with go-webext
# No private repo needed
# Output: firefox.xpi, update.json, build.txt, firefox.zip, source.zip
# ============================================================================
FROM source-deps AS build-beta-firefox-base

ARG TEST_RUN_ID

RUN --mount=type=cache,target=/pnpm-store,id=browser-assistant-pnpm \
    --mount=type=secret,id=CREDENTIALS_PASSWORD \
    echo "${TEST_RUN_ID}" > /tmp/.test-run-id && \
    export CREDENTIALS_PASSWORD="$(cat /run/secrets/CREDENTIALS_PASSWORD)" && \
    pnpm lint && \
    pnpm test && \
    pnpm locales validate --min && \
    pnpm artifacts:beta-firefox && \
    ./bamboo-specs/scripts/archive-source.sh beta

FROM build-beta-firefox-base AS build-beta-firefox

RUN --mount=type=secret,id=FIREFOX_CLIENT_ID \
    --mount=type=secret,id=FIREFOX_CLIENT_SECRET \
    cd ./build/beta && \
    FIREFOX_CLIENT_ID="$(cat /run/secrets/FIREFOX_CLIENT_ID)" \
    FIREFOX_CLIENT_SECRET="$(cat /run/secrets/FIREFOX_CLIENT_SECRET)" \
    go-webext -v sign firefox -f 'firefox.zip' -s 'source.zip' -o 'firefox.xpi' && \
    mkdir -p /out/artifacts && \
    cp /browser-assistant/build/beta/build.txt /out/artifacts/ && \
    cp /browser-assistant/build/beta/firefox.xpi /out/artifacts/ && \
    cp /browser-assistant/build/beta/firefox.zip /out/artifacts/ && \
    cp /browser-assistant/build/beta/update.json /out/artifacts/ && \
    cp /browser-assistant/build/beta/source.zip /out/artifacts/

FROM scratch AS build-beta-firefox-output
COPY --from=build-beta-firefox /out/ /

# ============================================================================
# Stage: build-release
# Runs: pnpm lint + pnpm test + pnpm locales validate + pnpm artifacts:release
# Requires private repo (extensions-private) for CRX signing
# + creates source.zip via archive-source.sh
# Output: edge.zip, build.txt, chrome.crx, chrome.zip, firefox.zip, update.xml, source.zip
# ============================================================================
FROM source-deps AS build-release

COPY --from=private . /browser-assistant/private

ARG TEST_RUN_ID

RUN --mount=type=cache,target=/pnpm-store,id=browser-assistant-pnpm \
    --mount=type=secret,id=CREDENTIALS_PASSWORD \
    echo "${TEST_RUN_ID}" > /tmp/.test-run-id && \
    export CREDENTIALS_PASSWORD="$(cat /run/secrets/CREDENTIALS_PASSWORD)" && \
    pnpm lint && \
    pnpm test && \
    pnpm locales validate --min && \
    pnpm artifacts:release && \
    ./bamboo-specs/scripts/archive-source.sh release && \
    mkdir -p /out/artifacts && \
    cp build/release/build.txt /out/artifacts/ && \
    cp build/release/chrome.crx /out/artifacts/ && \
    cp build/release/chrome.zip /out/artifacts/ && \
    cp build/release/edge.zip /out/artifacts/ && \
    cp build/release/firefox.zip /out/artifacts/ && \
    cp build/release/update.xml /out/artifacts/ && \
    cp build/release/source.zip /out/artifacts/

FROM scratch AS build-release-output
COPY --from=build-release /out/ /