chore: add Barman base image

Now we build an image every week with the base packages required for
the sidecar, the idea is to reduce the amount of time of every CI
process requires to run.

Signed-off-by: Jonathan Gonzalez V. <[email protected]>

Author: sxd

.github/workflows/barman-base-image.yml

@@ -0,0 +1,62 @@
+name: Barman Base Image
+on:
+  pull_request:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * 0"
+
+env:
+  IMAGE_NAME: "ghcr.io/cloudnative-pg/plugin-barman-cloud-base"
+  PLATFORMS: "linux/amd64,linux/arm64"
+
+permissions:
+  contents: write
+  packages: write
+  security-events: write
+
+jobs:
+  build:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: ${{ env.PLATFORMS }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the GitHub Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker Image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ env.PLATFORMS }}
+          context: .
+          file: ./containers/Dockerfile.barmanbase
+          push: true
+          tags: ${{ env.IMAGE_NAME }}:latest
+
+      - name: Run Snyk to check Docker image for vulnerabilities
+        uses: snyk/actions/docker@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          image: "${{ env.IMAGE_NAME }}:latest"
+          args: --severity-threshold=high --file=./containers/Dockerfile.barmanbase
+      -
+        name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif

containers/Dockerfile.barmanbase

@@ -0,0 +1,6 @@
+FROM python:3.13-slim AS pythonbuilder
+RUN apt-get update && \
+    apt-get install -y postgresql-common build-essential && \
+    /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
+    apt-get install -y libpq-dev && \
+    pip install barman[azure,cloud,google,snappy]==3.11.1 setuptools

containers/Dockerfile.sidecar

@@ -33,17 +33,10 @@ COPY ../internal/ internal/
 RUN --mount=type=cache,target=/go/pkg/mod --mount=type=cache,target=/root/.cache/go-build \
     CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/manager/main.go
 
-# Build barman-cloud
+# Use plug-barman-cloud-base to get the dependencies
 # pip will build everything inside /usr/ since this is the case
-# we should build and then copy every file into a destination that will
-# then copy into the distroless container
-FROM python:3.13-slim-bookworm AS pythonbuilder
-COPY containers/sidecar-requirements.txt .
-RUN apt-get update && \
-    apt-get install -y postgresql-common build-essential && \
-    /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
-    apt-get install -y libpq-dev && \
-    pip install -r sidecar-requirements.txt
+# Copy every file into a destination that will then copy into the distroless container
+FROM ghcr.io/cloudnative-pg/plugin-barman-cloud-base:latest AS pythonbuilder
 # Prepare a new /usr/ directory with the files we'll need in the final image
 RUN mkdir /new-usr/ && \
     cp -r --parents /usr/local/lib/ /usr/lib/*-linux-gnu/ /usr/local/bin/ \