Build websites inside docker multi-stage build

.gitlab-ci.yml

@@ -1,11 +0,0 @@
-image: alpine:latest
-
-pages:
-    stage: deploy
-    script:
-        - echo 'Nothing to do...'
-    artifacts:
-        paths:
-            - public
-    only:
-        - master

caddy/Caddyfile

@@ -4,7 +4,6 @@
         -Date
 
         Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        Content-Security-Policy "default-src 'self' 'unsafe-inline';"
         Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"
         X-Content-Type-Options "nosniff"
         X-Frame-Options "DENY"
@@ -13,7 +12,7 @@
     }
 }
 
-localhost {
+simplenotes.be {
     @static {
         path *.css *.js
         file
@@ -30,22 +29,32 @@ localhost {
     handle_errors {
         rewrite @404 /404.html
         file_server
+        import security
     }
 
     route /api/* {
         uri strip_prefix /api
-        reverse_proxy http://localhost:8081
+        reverse_proxy http://api:8081
     }
 
     header @static Cache-Control "public, max-age=31536000"
+    header Content-Security-Policy "default-src 'self' 'unsafe-inline';"
 
     encode gzip
-    root * /home/hubert/Workspace/Notes-TFE/frontend/dist
+    root * /site
     log
 
     import security
 }
 
-www.localhost {
-    redir * https://localhost{path}
+www.simplenotes.be {
+    redir * https://simplenotes.be{path}
+}
+
+docs.simplenotes.be {
+    file_server
+    root * /docs
+    import security
+
+    header Content-Security-Policy "default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net;"
 }

caddy/Caddyfile.prod

@@ -1,58 +0,0 @@
-(security) {
-    header * {
-        -Server
-        -Date
-
-        Strict-Transport-Security "max-age=31536000; includeSubDomains"
-        Content-Security-Policy "default-src 'self' 'unsafe-inline';"
-        Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"
-        X-Content-Type-Options "nosniff"
-        X-Frame-Options "DENY"
-        X-XSS-Protection "1; mode=block"
-        Referrer-Policy "no-referrer-when-downgrade"
-    }
-}
-
-simplenotes.be {
-    @static {
-        path *.css *.js
-        file
-    }
-
-    @404 {
-        expression {http.error.status_code} == 404
-    }
-
-    route /* {
-        file_server
-    }
-
-    handle_errors {
-        rewrite @404 /404.html
-        file_server
-        import security
-    }
-
-    route /api/* {
-        uri strip_prefix /api
-        reverse_proxy http://api:8081
-    }
-
-    header @static Cache-Control "public, max-age=31536000"
-
-    encode gzip
-    root * /site
-    log
-
-    import security
-}
-
-www.simplenotes.be {
-    redir * https://simplenotes.be{path}
-}
-
-docs.simplenotes.be {
-    file_server
-    root * /docs
-    import security
-}

caddy/Dockerfile

@@ -1,9 +1,19 @@
+## Docker multi-stage build
+
+## Generate api documentation
+FROM quay.io/bukalapak/snowboard AS docbuilder
+RUN mkdir /out
+COPY api-doc /doc
+RUN /app/packages/snowboard/bin/run html api.apib -o /out
+
+## Generate website
+FROM node:latest AS builder
+COPY frontend /app
+WORKDIR /app
+RUN yarn install && yarn run generate
+
+## Main image
 FROM caddy:2.0.0
-
-COPY caddy/Caddyfile.prod /etc/caddy/Caddyfile
-
-# Copy main website
-COPY frontend/dist /site
-
-# Copy api docs website
-COPY public /docs
+COPY caddy/Caddyfile /etc/caddy/Caddyfile
+COPY --from=docbuilder /out /docs
+COPY --from=builder /app/dist /site