feat(ci): improve container build process v2#9317
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR refactors the container build/deploy pipeline by introducing pre-built base images and a release image flow, while moving several frontend configuration values from build-time Vite envs to runtime-injected window.__ENV__ served by the backend.
Changes:
- Add runtime frontend env injection (
window.__ENV__) from the backend and update the frontend to consume it via a centralizedenvhelper. - Introduce
Dockerfile.base(build-base + runtime-base) and updateDockerfile.productionto build from those base images. - Update GitHub Actions workflows to (a) ensure base images exist, (b) optionally reuse pre-built release images, and (c) move Datadog sourcemap upload out of the Docker build.
Reviewed changes
Copilot reviewed 20 out of 20 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/shared/types/core.ts | Adds FrontendRuntimeEnv type shared between backend injection and frontend consumption. |
| apps/frontend/vite.config.ts | Adds a Vite plugin to replace @VITE_APP_* placeholders at build time. |
| apps/frontend/src/utils/formSdk.ts | Switches FormSG SDK mode selection to use centralized env. |
| apps/frontend/src/services/ApiService.ts | Switches API base URL to use centralized env. |
| apps/frontend/src/index.tsx | Switches GA tracking ID lookup to use centralized env. |
| apps/frontend/src/growthbook.ts | Switches app URL usage to use centralized env. |
| apps/frontend/src/features/public-form/utils/axiosDebugFlow.tsx | Uses centralized env for app URL and avoids variable shadowing. |
| apps/frontend/src/env.ts | New centralized runtime/build-time env resolver using window.__ENV__ with Vite fallbacks. |
| apps/frontend/src/app/AppHelmet.tsx | Uses centralized env for GA tracking ID. |
| apps/frontend/src/app/App.tsx | Updates Datadog Logs env selection to prefer runtime window.__ENV__. |
| apps/frontend/index.html | Adds <!-- __ENV_INJECTION__ --> placeholder for backend injection. |
| apps/frontend/datadog-chunk.ts | Moves Datadog RUM env/sample-rate/appUrl to runtime window.__ENV__ while keeping appId/token/version build-time. |
| apps/backend/src/app/modules/frontend/frontend.service.ts | Generates runtime env script + CSP hash for inline injection. |
| apps/backend/src/app/modules/frontend/frontend.controller.ts | Injects the runtime env script into index.html before serving. |
| apps/backend/src/app/loaders/express/constants.ts | Adds CSP allowlist entry for the injected env inline script hash. |
| Dockerfile.production | Builds from pre-built base images and passes required Vite build-time vars via build args. |
| Dockerfile.base | New build-base/runtime-base images for caching dependencies and standardizing runtime deps/user. |
| .github/workflows/deploy-ecs.yml | Ensures base images, optionally reuses release images, builds/pushes to ECR, uploads sourcemaps post-build. |
| .github/workflows/build-release-image.yml | New workflow to build/push a versioned “release-*” image to GHCR on tag. |
| .github/workflows/build-base-images.yml | New reusable workflow to build/push build-base and runtime-base images keyed by dependency hash. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
kevin9foong
approved these changes
Apr 20, 2026
Contributor
|
There are a couple of copilot review comments that seem to make sense shall we verify them before merging? |
Contributor
Author
|
yup will do! working on it. |
eliotlim
force-pushed
the
feat/ci/improve-container-build-process-v2
branch
from
9d04344 to
194e69c
Compare
# Conflicts: # Dockerfile.production
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
eliotlim
force-pushed
the
feat/ci/improve-container-build-process-v2
branch
from
194e69c to
8ee1c1e
Compare
Contributor
Author
|
Tested all TCs on staging! |
This was referenced Apr 22, 2026
Merged
eliotlim
added a commit
that referenced
this pull request
Apr 22, 2026
* feat(ci): improve container build process v2 (#9317) * feat(ci): extract base images # Conflicts: # Dockerfile.production * feat(frontend,backend,ci): streamline frontend and backend build * fix(frontend,backend): env script csp header hash computation * fix(ci): cache built image locally for asset upload step * fix(ci): use datadog-ci binaries instead of npx * fix(ci): pin datadog-ci version to v5.11.0 * feat(ci): update runtime-base image packages * fix(ci): use apk no-cache for upgrades * fix(ci): pin action versions * fix(ci): remove extra Dockerfile build commands * chore: apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix(frontend): address code review comments 2 * fix(frontend): env-free reconstruction of payment download url --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix(frontend): use formsgSdkMode in decryption worker (#9329) * chore: bump version to 7.12.0 --------- Co-authored-by: Kevin Foong <55353265+kevin9foong@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The CI pipeline is inefficient, because containers are built several times over and over for each environment.
Closes FRM-2351.
Related to #9276, #9286.
Solution
Breaking Changes
Improvements:
Bug Fixes:
Tests
TC1: Deployment and Versioning works correctly
TC2: Admins must be able to download results on the results page
Deploy Notes