docker workflows (#6)

Author: fopina

.github/workflows/publish-dev.yml

@@ -20,3 +20,51 @@ jobs:
     secrets:
       twine_username: ${{ secrets.TESTPYPI_USERNAME }}
       twine_password: ${{ secrets.TESTPYPI_TOKEN }}
+
+  build_image:
+    # TODO: remove this entire job if an image does not make sense (ie: just a library, no CLI)
+    permissions: write-all
+    needs: test_and_publish
+    name: test image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+      
+      - name: Sanitize branch name
+        id: sanitize_branch
+        run: |
+          SANITIZED_BRANCH=$(echo -n "${{ github.ref_name }}" | tr '/' '-' | tr -c '[:alnum:]-' '-')
+          echo sanitized_branch=$SANITIZED_BRANCH >> $GITHUB_OUTPUT
+
+      - name: Build and push image - release
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-from: ghcr.io/${{ github.repository }}:latest-build-cache
+          tags: |
+            ghcr.io/${{ github.repository }}:${{ steps.sanitize_branch.outputs.sanitized_branch }}
+
+      - name: Show summary
+        run: |
+          echo 'Published:  ' >> ${GITHUB_STEP_SUMMARY}
+          echo '* `ghcr.io/${{ github.repository }}:${{ steps.sanitize_branch.outputs.sanitized_branch }}`' >> ${GITHUB_STEP_SUMMARY}

.github/workflows/publish-main.yml

@@ -14,3 +14,48 @@ jobs:
     secrets:
       twine_username: ${{ secrets.PYPI_USERNAME }}
       twine_password: ${{ secrets.PYPI_TOKEN }}
+
+  build_image:
+    # TODO: remove this entire job if an image does not make sense (ie: just a library, no CLI)
+    permissions: write-all
+    needs: test_and_publish
+    name: release image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+      
+      - name: Build and push image - release
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-from: ghcr.io/${{ github.repository }}:latest-build-cache
+          cache-to: ghcr.io/${{ github.repository }}:latest-build-cache
+          tags: |
+            ghcr.io/${{ github.repository }}:${{ github.ref_name }}
+            ghcr.io/${{ github.repository }}:latest
+
+      - name: Show summary
+        run: |
+          echo 'Published:  ' >> ${GITHUB_STEP_SUMMARY}
+          echo '* `ghcr.io/${{ github.repository }}:${{ github.ref_name }}`' >> ${GITHUB_STEP_SUMMARY}
+          echo '* `ghcr.io/${{ github.repository }}:latest`' >> ${GITHUB_STEP_SUMMARY}

Dockerfile

@@ -0,0 +1,21 @@
+# TODO: remove all file if no docker image is required (ie: just a python library)
+FROM python:3.10-alpine AS base
+
+# --- builder
+FROM base AS builder
+WORKDIR /app
+WORKDIR /
+
+COPY Pipfile.lock .
+RUN pip install pipenv
+RUN pipenv requirements > requirements.txt
+RUN pip install --target=/app -r requirements.txt
+
+# --- main
+FROM base
+COPY --from=builder /app /app
+ENV PYTHONPATH=/app
+# TODO: replace with your package name
+COPY example /app/example
+
+ENTRYPOINT ["python3", "-m", "example"]

README.md

@@ -7,8 +7,12 @@
 * [pyproject-pipenv](https://github.com/fopina/pyproject-pipenv) to make sure dependencies in pyproject.toml and Pipfile are in sync
 * `.github` with actions ready to be used
     * [test](.github/workflows/test.yml) runs lint checks, unit tests and pyproject-pipenv
-    * [publish-dev](.github/workflows/publish-dev.yml) publishes feature branches (`dev`/`dev-*`) to [testpypi](https://test.pypi.org) - more about this on [Notes](#feature-branch-publishing)
-    * [publish-main](.github/workflows/publish-main.yml) publishes semver tags to [pypi](https://pypi.org)
+    * [publish-dev](.github/workflows/publish-dev.yml) publishes feature branches (`dev`/`dev-*`) to:
+      * [testpypi](https://test.pypi.org) - more about this on [Notes](#feature-branch-publishing)
+      * docker image to ghcr.io - remove job if image makes no sense
+    * [publish-main](.github/workflows/publish-main.yml) publishes semver tags to:
+      * [pypi](https://pypi.org)
+      * docker image to ghcr.io
 
 ## New project checklist