Use ghcr.io/dtcooper/nginx-certbot-jinja container

.github/actions/docker-build-push/action.yml

@@ -19,10 +19,6 @@ inputs:
     description: Do not use cache when building
     required: false
     default: 'false'
-  cache-tag:
-    description: "Tag to use for cache when building (default '<container>-<tag>'). Disabled when 'push: false'"
-    required: false
-    default: ''
   build-args:
     description: List of build-time variables
     required: false
@@ -45,11 +41,7 @@ runs:
       run: |
         USERNAME="$(echo "$GITHUB_REPOSITORY_OWNER" | tr '[:upper:]' '[:lower:]')"
         CACHE_CONTAINER=ghcr.io/${USERNAME}/tomato-build-cache
-        if [ "${{ inputs.cache-tag }}" ]; then
-          CACHE_TAG="${CACHE_CONTAINER}:${{ inputs.cache-tag }}"
-        else
-          CACHE_TAG="${CACHE_CONTAINER}:${{ inputs.container }}-${{ inputs.tag }}"
-        fi
+        CACHE_TAG="${CACHE_CONTAINER}:${{ inputs.container }}-${{ inputs.tag }}"
         echo "CACHE_TAG=${CACHE_TAG}" | tee -a "${GITHUB_ENV}"
         echo "REPO=ghcr.io/${USERNAME}/tomato-${{ inputs.container }}" | tee -a "${GITHUB_ENV}"
         echo "USERNAME=${USERNAME}" | tee -a "${GITHUB_ENV}"
@@ -73,7 +65,7 @@ runs:
         push: ${{ inputs.push  == 'true' && 'true' || 'false'}}
         pull: true
         platforms: ${{ inputs.platforms }}
-        context: ./${{ inputs.context == '' && inputs.container || inputs.context }}/
+        context: ./${{ inputs.container }}/
         tags: ${{ env.REPO }}:${{ inputs.tag }}
         build-args: ${{ inputs.build-args }}
         cache-from: ${{ inputs.no-cache == 'false' && inputs.push  == 'true' && format('type=registry,ref={0}', env.CACHE_TAG) || '' }}

.github/workflows/build-deploy-on-push.yml

@@ -21,29 +21,18 @@ jobs:
     name: Build container
     strategy:
       matrix:
-        include:
-          -
-            container: server
-            tag: dev
-          -
-            container: server
-            tag: latest
-          -
-            container: nginx
-            tag: latest
+        tag: [dev, latest]
     steps:
       -
         name: Checkout
         uses: actions/checkout@v4
       -
         name: Get version
         id: version
-        if: matrix.container == 'server'
         uses: ./.github/actions/version
       -
         name: Build container (server)
         uses: ./.github/actions/docker-build-push
-        if: matrix.container == 'server'
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           container: server
@@ -52,16 +41,6 @@ jobs:
           build-args: |
             DEBUG=${{ matrix.tag == 'dev' && '1' || '0' }}
             TOMATO_VERSION=${{ steps.version.outputs.version }}
-      -
-        name: Build container (nginx)
-        uses: ./.github/actions/docker-build-push
-        if: matrix.container == 'nginx'
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          container: nginx
-          context: server/nginx
-          push: ${{ github.ref_name == 'main' && 'true' || 'false' }}
-          tag: ${{ matrix.tag }}
 
 
   deploy:

.github/workflows/build-deploy-on-tag.yml

@@ -9,22 +9,17 @@ jobs:
   build:
     runs-on: ubuntu-22.04
     name: Build container
-    strategy:
-      matrix:
-        container: [server, nginx]
     steps:
       -
         name: Checkout
         uses: actions/checkout@v4
       -
         name: Get version
         id: version
-        if: matrix.container == 'server'
         uses: ./.github/actions/version
       -
         name: Set variables
         shell: bash
-        if: matrix.container == 'server'
         run: |
           DATE=$(date +%Y%m%d)
           YEAR=$(date +%Y)
@@ -43,7 +38,6 @@ jobs:
       -
         name: Build container
         uses: ./.github/actions/docker-build-push
-        if: matrix.container == 'server'
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           container: server
@@ -52,16 +46,6 @@ jobs:
           platforms: ${{ env.PLATFORMS }}
           build-args: |
             TOMATO_VERSION=${{ steps.version.outputs.version }}
-      -
-        name: Build container (nginx)
-        uses: ./.github/actions/docker-build-push
-        if: matrix.container == 'nginx'
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          container: nginx
-          context: server/nginx
-          cache-tag: nginx-latest
-          tag: ${{ github.ref_name }}
 
   deploy:
     runs-on: ubuntu-22.04

.gitignore

@@ -17,7 +17,7 @@ scratch/
 __pycache__/
 /server/.env
 /server/docker-compose.override.yml
-/server/nginx/local-ca/
+/server/local-ca/
 /server/serve/
 /server/tomato/static/vendor/node_modules/
 

server/.dockerignore

@@ -1 +1,2 @@
 /tomato/static/vendor/node_modules/
+/local-ca/

server/docker-compose.dev.yml

@@ -21,9 +21,7 @@ services:
   nginx:
     restart: 'no'
     volumes:
-      - ./nginx/local-ca:/etc/local_ca
-      - ./nginx/image/docker-entrypoint.d/25-jinja2-on-templates.sh:/docker-entrypoint.d/25-jinja2-on-templates.sh
-      - ./nginx/image/etc/nginx/templates/app.conf.j2:/etc/nginx/templates/app.conf.j2
+      - ./local-ca:/etc/local_ca
     environment:
       USE_LOCAL_CA: "${NGINX_DEBUG_MODE_ONLY_USE_LOCAL_CA:-0}"
       LOCAL_CA_ROOT_CERT_VALIDITY: 90  # 90 days instead of 30

server/docker-compose.yml

@@ -28,14 +28,13 @@ services:
 
   nginx:
     restart: always
-    image: "ghcr.io/dtcooper/tomato-nginx:${TOMATO_VERSION:-latest}"
-    build:
-      context: nginx
+    image: ghcr.io/dtcooper/nginx-certbot-jinja:5.4.0-nginx1.27.2
     depends_on:
       - app
       - api
       - logs
     volumes:
+      - ./nginx.conf.j2:/etc/nginx/templates/app.conf.j2
       - ./serve:/serve:ro
       - nginx_secrets:/etc/letsencrypt
     environment: