chore: add deployment

Author: Christoph Bühler

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Release
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Semantic Release
+        uses: cycjimmy/semantic-release-action@v2
+        with:
+          extra_plugins: |
+            @codedependant/semantic-release-docker
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/testing.yml

@@ -0,0 +1,40 @@
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  lint_and_test:
+    name: Linting and Testing
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - run: rustup component add clippy rustfmt
+
+      - uses: actions-rs/clippy-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          args: --all-features --no-deps
+          name: Lint Results
+
+      - uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
+
+      - uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --check
+
+      - uses: actions-rs/cargo@v1
+        with:
+          command: check
+
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.releaserc.json

@@ -0,0 +1,30 @@
+{
+  "branches": ["main"],
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false
+      }
+    ],
+    [
+      "@codedependant/semantic-release-docker",
+      {
+        "dockerImage": "contract-provider",
+        "dockerRegistry": "ghcr.io",
+        "dockerProject": "wirepact",
+        "dockerLogin": false,
+        "dockerContext": "./",
+        "dockerFile": "./Dockerfile",
+        "dockerTags": ["{{major}}.{{minor}}.{{patch}}", "{{major}}.{{minor}}", "{{major}}-latest", "{{git_sha}}", "latest"],
+        "dockerArgs": {
+          "BUILD_VERSION": "{{major}}.{{minor}}.{{patch}}",
+          "COMMIT_SHA": "{{git_sha}}"
+        }
+      }
+    ]
+  ]
+}

Dockerfile

@@ -0,0 +1,54 @@
+FROM rust:1.62-alpine as build
+
+ARG BUILD_VERSION=0.0.0-development
+
+RUN apk add --update --no-cache openssl-dev musl-dev protoc
+RUN rustup component add rustfmt
+
+WORKDIR /app
+
+COPY . .
+
+ENV RUSTFLAGS="-C target-feature=-crt-static"
+RUN sed -i -e "s/^version = .*/version = \"${BUILD_VERSION}\"/" Cargo.toml
+RUN cargo install --path .
+
+FROM alpine:3.16
+
+ARG BUILD_VERSION=0.0.0-development
+ARG COMMIT_SHA=NOT_AVAILABLE
+
+LABEL org.opencontainers.image.authors="cbuehler@rootd.ch" \
+    org.opencontainers.image.url="https://github.com/WirePact/k8s-contract-provider" \
+    org.opencontainers.image.documentation="https://github.com/WirePact/k8s-contract-provider/blob/main/README.md" \
+    org.opencontainers.image.source="https://github.com/WirePact/k8s-contract-provider/blob/main/Dockerfile" \
+    org.opencontainers.image.version="${BUILD_VERSION}" \
+    org.opencontainers.image.revision="${COMMIT_SHA}" \
+    org.opencontainers.image.licenses="Apache-2.0" \
+    org.opencontainers.image.title="WirePact Contract Provider" \
+    org.opencontainers.image.description="Module for WirePact that continuously fetches all valid contracts for its own trust zone and stores them in a local file or a Kubernetes secret."
+
+WORKDIR /app
+
+ENV USER=appuser \
+    UID=1000 \
+    BUILD_VERSION=${BUILD_VERSION} \
+    FETCH_INTERVAL=5min
+
+COPY --from=build /usr/local/cargo/bin/k8s-contract-provider /usr/local/bin/k8s-contract-provider
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}" && \
+    chown -R appuser:appuser /app && \
+    chmod +x /usr/local/bin/k8s-contract-provider && \
+    apk add --update --no-cache libgcc ca-certificates
+
+USER appuser:appuser
+
+ENTRYPOINT ["/usr/local/bin/k8s-contract-provider"]

renovate.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>WirePact/renovate-config"],
+  "git-submodules": {
+    "enabled": true,
+    "packageRules": [
+      {
+        "matchFiles": [".gitmodules"],
+        "groupName": "external submodules",
+        "groupSlug": "submodules",
+        "semanticCommitType": "chore",
+        "semanticCommitScope": "submodules"
+      }
+    ]
+  }
+}