Add GitHub Actions CI/CD workflows

- go.yml: Run unit tests on push/PR to main
- docker.yml: Run integration tests, build and push to Docker Hub
  - Integration tests run against actual Docker container
  - Push to Docker Hub on main branch and version tags
  - Multi-platform builds (amd64, arm64)
- Update compose.yaml to use Docker Hub image

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: pierre-b

.github/workflows/docker.yml

@@ -0,0 +1,166 @@
+name: Docker Build, Test and Push
+
+on:
+  push:
+    branches: [main]
+    tags:
+      - "v*.*"
+      - "latest"
+  pull_request:
+    branches: [main]
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: notifuse/selfhost_s3
+
+jobs:
+  integration-tests:
+    name: Integration Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+          cache: true
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image for testing
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          load: true
+          tags: selfhost_s3:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Start selfhost_s3 container
+        run: |
+          docker run -d \
+            --name selfhost_s3-test \
+            -p 9000:9000 \
+            -e S3_BUCKET=test-bucket \
+            -e S3_ACCESS_KEY=testkey \
+            -e S3_SECRET_KEY=testsecret \
+            -e S3_PORT=9000 \
+            -e S3_REGION=us-east-1 \
+            selfhost_s3:test
+
+      - name: Wait for selfhost_s3 to be ready
+        run: |
+          echo "Waiting for selfhost_s3 to be ready..."
+          for i in {1..30}; do
+            if curl -f http://localhost:9000/health > /dev/null 2>&1; then
+              echo "selfhost_s3 is ready!"
+              break
+            fi
+            echo "Waiting for selfhost_s3... ($i/30)"
+            sleep 2
+          done
+          # Final check
+          curl -f http://localhost:9000/health || exit 1
+
+      - name: Run integration tests
+        env:
+          INTEGRATION_TEST_ENDPOINT: http://localhost:9000
+          INTEGRATION_TEST_BUCKET: test-bucket
+          INTEGRATION_TEST_ACCESS_KEY: testkey
+          INTEGRATION_TEST_SECRET_KEY: testsecret
+          INTEGRATION_TEST_REGION: us-east-1
+        run: |
+          go test -race -timeout=5m ./integration/... -v
+
+      - name: Show container logs on failure
+        if: failure()
+        run: docker logs selfhost_s3-test
+
+      - name: Cleanup
+        if: always()
+        run: docker rm -f selfhost_s3-test || true
+
+  build-and-push:
+    name: Build and Push
+    runs-on: ubuntu-latest
+    needs: integration-tests
+    if: github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main')
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get git commit info
+        id: git-info
+        run: |
+          echo "commit-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+          echo "commit-short-sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+          if [[ "$GITHUB_REF" == refs/tags/* ]]; then
+            echo "tag-name=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
+          else
+            echo "tag-name=latest" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=tag
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || github.ref_name == 'latest' }}
+          labels: |
+            org.opencontainers.image.revision=${{ steps.git-info.outputs.commit-sha }}
+            org.opencontainers.image.version=${{ steps.git-info.outputs.tag-name }}
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Generate artifact attestation
+        if: steps.build.outputs.digest != ''
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          subject-digest: ${{ steps.build.outputs.digest }}
+          push-to-registry: true
+
+      - name: Output image details
+        run: |
+          echo "🚀 Docker image successfully built and pushed!"
+          echo "📦 Registry: ${{ env.REGISTRY }}"
+          echo "🏷️  Image: ${{ env.IMAGE_NAME }}"
+          echo "🔖 Tags: ${{ steps.meta.outputs.tags }}"
+          echo "📝 Git commit: ${{ steps.git-info.outputs.commit-short-sha }}"
+          echo "🔗 Build URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"

.github/workflows/go.yml

@@ -0,0 +1,38 @@
+name: Go
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23"
+          cache: true
+
+      - name: Install dependencies
+        run: go mod download
+
+      - name: Run unit tests
+        run: |
+          # Run unit tests (exclude integration tests)
+          go test -race -coverprofile=coverage.txt -covermode=atomic $(go list ./... | grep -v '/integration') -v
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: coverage.txt
+          fail_ci_if_error: false
+          verbose: true

compose.yaml

@@ -2,9 +2,6 @@ name: selfhost_s3
 
 services:
   selfhost_s3:
-    build:
-      context: .
-      dockerfile: Dockerfile
     image: notifuse/selfhost_s3:latest
     container_name: selfhost_s3
     restart: unless-stopped