ci: publish docker images

closes #5

Author: alukach

.github/workflows/cicd.yaml

@@ -1,7 +1,10 @@
 name: CI/CD
 
 on:
-  - push
+  push:
+    branches: [ "main" ]
+  release:
+    types: [ published ]
 
 jobs:
   lint:

.github/workflows/publish-docker.yaml

@@ -0,0 +1,58 @@
+name: Publish Docker image
+
+on:
+  workflow_run:
+    workflows: ["CI/CD"]
+    types:
+      - completed
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=sha,format=long
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

README.md

@@ -18,9 +18,6 @@ STAC Auth Proxy is a proxy API that mediates between the client and your interna
 
 ## Usage
 
-> [!NOTE]
-> Currently, the project can only be installed by downloading the repository. It will eventually be available on Docker ([#5](https://github.com/developmentseed/stac-auth-proxy/issues/5)) and PyPi ([#30](https://github.com/developmentseed/stac-auth-proxy/issues/30)).
-
 ### Installation
 
 For local development, we use [`uv`](https://docs.astral.sh/uv/) to manage project dependencies and environment.
@@ -35,15 +32,27 @@ Otherwise, the application can be installed as a standard Python module:
 pip install -e .
 ```
 
+> [!NOTE]
+> This project will be available on PyPi in the near future ([#30](https://github.com/developmentseed/stac-auth-proxy/issues/30)).
+
 ### Running
 
-The simplest way to run the project is by calling the module directly:
+The simplest way to run the project is by invoking the application via Docker:
 
 ```sh
-python -m stac_auth_proxy
+docker run \
+  -it --rm \
+  -p 8000:8000 \
+  -e UPSTREAM_URL=https://google.com \
+  -e OIDC_DISCOVERY_URL=https://auth.openveda.cloud/realms/veda/.well-known/openid-configuration \
+  ghcr.io/developmentseed/stac-auth-proxy:latest
 ```
 
-Alternatively, the application's factory can be passed to Uvicorn:
+Alternatively, the module can be invoked directly or the application's factory can be passed to Uvicorn:
+
+```sh
+python -m stac_auth_proxy
+```
 
 ```sh
 uvicorn --factory stac_auth_proxy:create_app