From 085d1b1c8f409f614da77ff05e2925ab21e51b96 Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 10:45:30 +0100
Subject: [PATCH 01/11] Create Dockerfile

---
 Dockerfile | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5b73511
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,20 @@
+# Use the official Node.js image.
+FROM node:14
+
+# Create and change to the app directory.
+WORKDIR /usr/src/app
+
+# Copy the package.json and package-lock.json files.
+COPY package*.json ./
+
+# Install the dependencies.
+RUN npm install
+
+# Copy the rest of the application code.
+COPY . .
+
+# Expose the port the app runs on.
+EXPOSE 3000
+
+# Command to run the app.
+CMD ["npm", "run", "start"]

From 569b24c269d165b02700e1c4d53a4c354cd28974 Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:05:16 +0100
Subject: [PATCH 02/11] Create docker-publish.yml

---
 .github/workflows/docker-publish.yml | 98 ++++++++++++++++++++++++++++
 1 file changed, 98 insertions(+)
 create mode 100644 .github/workflows/docker-publish.yml

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
new file mode 100644
index 0000000..7dd4fd8
--- /dev/null
+++ b/.github/workflows/docker-publish.yml
@@ -0,0 +1,98 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  schedule:
+    - cron: '25 14 * * *'
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
+        with:
+          cosign-release: 'v2.2.4'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

From b9e2eb5e1c271e6a152b21b53c1634b6d478ff1f Mon Sep 17 00:00:00 2001
From: Daniel THIRION <daniel.thirion@st.com>
Date: Mon, 16 Dec 2024 11:08:18 +0100
Subject: [PATCH 03/11] Create example docker-compose.yml

---
 docker-compose.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 docker-compose.yml

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..b994eff
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,13 @@
+version: '3.8'
+
+services:
+  brainzbot:
+    image: ghcr.io/defvs/brainzbot:latest
+    environment:
+      - TOKEN=${TOKEN}
+      - DATABASE_URL=${DATABASE_URL}
+      - LISTENBRAINZ_TOKEN=${LISTENBRAINZ_TOKEN}
+    volumes:
+      - ./config.json:/usr/src/app/config.json
+    ports:
+      - "3000:3000"

From b2cca7dfa1d836e58a81398e0afe31a517e3cd3e Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:20:09 +0100
Subject: [PATCH 04/11] Add a  builtin MongoDB container to docker-compose.yml

---
 docker-compose.yml | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index b994eff..39a8258 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,12 +2,23 @@ version: '3.8'
 
 services:
   brainzbot:
-    image: ghcr.io/defvs/brainzbot:latest
+    image: your-dockerhub-username/brainzbot:latest
     environment:
       - TOKEN=${TOKEN}
-      - DATABASE_URL=${DATABASE_URL}
+      - DATABASE_URL=mongodb://mongodb:27017/brainzbot
       - LISTENBRAINZ_TOKEN=${LISTENBRAINZ_TOKEN}
     volumes:
       - ./config.json:/usr/src/app/config.json
     ports:
       - "3000:3000"
+    depends_on:
+      - mongodb
+
+  mongodb:
+    image: mongo:latest
+    container_name: mongodb
+    volumes:
+      - mongo-data:/data/db
+
+volumes:
+  mongo-data:

From d3c3b77faaa45dca09d027102bb745747fcd1c22 Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:20:33 +0100
Subject: [PATCH 05/11] Fix docker-compose.yml image URL

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 39a8258..51afb0f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3.8'
 
 services:
   brainzbot:
-    image: your-dockerhub-username/brainzbot:latest
+    image: ghcr.io/defvs/brainzbot:latest
     environment:
       - TOKEN=${TOKEN}
       - DATABASE_URL=mongodb://mongodb:27017/brainzbot

From 0fda960637fffc5ebbc49fc90ca36dcc61445dd7 Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:32:24 +0100
Subject: [PATCH 06/11] docker-compose.yml: main instead of latest

---
 docker-compose.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 51afb0f..a44894f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,7 +2,7 @@ version: '3.8'
 
 services:
   brainzbot:
-    image: ghcr.io/defvs/brainzbot:latest
+    image: ghcr.io/defvs/brainzbot:main
     environment:
       - TOKEN=${TOKEN}
       - DATABASE_URL=mongodb://mongodb:27017/brainzbot

From 38f44c6ea37db24c298a325af9b92759f629032d Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:34:48 +0100
Subject: [PATCH 07/11] Update Dockerfile to Node 22

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 5b73511..d14f457 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Use the official Node.js image.
-FROM node:14
+FROM node:22
 
 # Create and change to the app directory.
 WORKDIR /usr/src/app

From 245e04feb5de70b2aea0a0e57bbb6e01be835bc3 Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 11:48:15 +0100
Subject: [PATCH 08/11] Dockerfile: Node 18? Maybe it'll work?

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index d14f457..1543f8b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Use the official Node.js image.
-FROM node:22
+FROM node:18
 
 # Create and change to the app directory.
 WORKDIR /usr/src/app

From e5381f31f3977e5c7bb17407ad479e56177eba3b Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Mon, 16 Dec 2024 12:11:52 +0100
Subject: [PATCH 09/11] Document docker-compose.yml

---
 docker-compose.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index a44894f..5c61cda 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,9 @@
-version: '3.8'
+# Example docker-compose file for BrainzBot
+# Make sure that either environment variables for TOKEN and LISTENBRAINZ_TOKEN are set,
+# or that you set them directly here.
+#
+# You may change the binding of the config.json file to point it to somewhere else.
+# Make sure it exists and contains what's in config.json.example
 
 services:
   brainzbot:
@@ -7,10 +12,8 @@ services:
       - TOKEN=${TOKEN}
       - DATABASE_URL=mongodb://mongodb:27017/brainzbot
       - LISTENBRAINZ_TOKEN=${LISTENBRAINZ_TOKEN}
-    volumes:
+    volumes: # Change the path before the `:` as needed
       - ./config.json:/usr/src/app/config.json
-    ports:
-      - "3000:3000"
     depends_on:
       - mongodb
 

From 02ee8f62d4106bf11cca8cff6f51cbfcb8884bfe Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Wed, 18 Dec 2024 11:44:40 +0100
Subject: [PATCH 10/11] docker-publish.yml: Remove cronjob for building docker
 images

---
 .github/workflows/docker-publish.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7dd4fd8..98bd621 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -6,8 +6,6 @@ name: Docker
 # documentation.
 
 on:
-  schedule:
-    - cron: '25 14 * * *'
   push:
     branches: [ "main" ]
     # Publish semver tags as releases.

From 58c95747dea9c8b99adc0ee3ce5e1605d939624f Mon Sep 17 00:00:00 2001
From: Daniel THIRION <defvs.daniel@gmail.com>
Date: Wed, 18 Dec 2024 11:45:11 +0100
Subject: [PATCH 11/11] Dockerfile: no need to expose port 3000

---
 Dockerfile | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1543f8b..1abdbc4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,8 +13,5 @@ RUN npm install
 # Copy the rest of the application code.
 COPY . .
 
-# Expose the port the app runs on.
-EXPOSE 3000
-
 # Command to run the app.
 CMD ["npm", "run", "start"]