ci(github): Add docker

ref: #33 #32

Author: jon-nfc

.centurion/project_status.json

@@ -0,0 +1,8 @@
+{
+  "schemaVersion": 1,
+  "label": "Project Status",
+  "message": "Active",
+  "namedLogo": "github",
+  "color": "green",
+  "style": "plastic"
+}

.github/workflows/docker.yaml

@@ -0,0 +1,119 @@
+---
+
+name: 'Docker'
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha }}
+  cancel-in-progress: true
+
+
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+
+env:
+  TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2    # see https://github.com/nofusscomputing/action_python/issues/10
+  DOCKER_BUILD_REGISTRY: ghcr.io
+  DOCKER_BUILD_IMAGE_NAME: "${{ github.repository }}"
+  DOCKER_BUILD_IMAGE_TAG: ${{ github.sha }}
+  DOCKER_PUBLISH_REGISTRY: "docker.io/nofusscomputing"
+  DOCKER_PUBLISH_IMAGE_NAME: "bind"
+  DOCKER_PUBLISH_USERNAME: ${{ secrets.NFC_DOCKERHUB_USERNAME }}
+  DOCKER_PUBLISH_PASSWORD: ${{ secrets.NFC_DOCKERHUB_TOKEN }}
+
+  DOCKER_FILE: dockerfile
+
+jobs:
+
+
+  docker-build:
+    runs-on: ubuntu-latest
+    name: Build Image
+    steps:
+
+
+      - uses: actions/checkout@v4
+
+
+      - name: Log into GHCR Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.DOCKER_BUILD_REGISTRY }}
+          username: ${{ env.DOCKER_BUILD_USERNAME }}
+          password: ${{ env.DOCKER_BUILD_PASSWORD }}
+
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:latest
+
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+
+      - name: Build and push
+        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.sha }}
+          provenance: false
+          sbom: false
+
+
+      - name: Log into Publish Registry
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.DOCKER_PUBLISH_REGISTRY }}
+          username: ${{ env.DOCKER_PUBLISH_USERNAME }}
+          password: ${{ env.DOCKER_PUBLISH_PASSWORD }}
+
+
+      - name: Build and push tagged
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.sha }}
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.ref_name }}
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:latest
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.sha }}
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.ref_name }}
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:latest
+          provenance: false
+          sbom: false
+
+
+  docker-publish:
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    needs:
+      - docker-build
+    name: Publish
+    steps:
+
+
+      - name: Append GH Release Body
+        id: release
+        uses: softprops/action-gh-release@v2
+        with:
+          append_body: true
+          draft: false
+          body: |
+            ### Images part of this release
+
+            The following images were built and published:
+
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ steps.tag-image.outputs.mutable_tag_name }}`
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ env.DOCKER_TAG_IMAGE_TAG_SOURCE }}`
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.ref_name }}`

.github/workflows/release.yaml

@@ -0,0 +1,67 @@
+---
+
+name: 'Release'
+
+
+on:
+  push:
+    tags:
+      - '*'
+
+
+env:
+  # ACTIONS_RUNNER_DEBUG: "true"
+  # ACTIONS_STEP_DEBUG: "true"
+  GITHUB_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
+
+
+jobs:
+
+
+  create:
+    name: 'Create'
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+
+
+      - name: Trace
+        shell: bash
+        run: |
+          export
+
+
+      - name: Install Commitizen
+        shell: bash
+        run: |
+          pip install \
+            commitizen==3.28.0
+
+
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          token: ${{ secrets.WORKFLOW_TOKEN }}
+          ref: ${{ github.ref_name }}
+
+
+      - name: Create Incremental Changelog
+        shell: bash
+        run: |
+          export PREV_GIT_TAG="$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1  --max-count=1`)";
+          export CURR_GIT_TAG="${{ github.ref_name }}";
+
+          cz changelog --dry-run --merge-prerelease --unreleased-version "$PREV_GIT_TAG" "$CURR_GIT_TAG" > changelog-release.md;
+
+
+      - name: Create Draft GH Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          body_path: changelog-release.md
+          make_latest: true
+          prerelease: false
+          draft: true