Merge pull request 'feat: initial container' (#2) from feature-initial-container into development

Reviewed-on: https://nofusscomputing.com/git/docker/mkdocs-ci/pulls/2

Author: Jon Lockwood

.github/workflows/docker.yaml

@@ -0,0 +1,121 @@
+---
+
+name: 'Docker'
+
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha }}
+  cancel-in-progress: true
+
+
+on:
+  push:
+    branches:
+      - '*'
+    tags:
+      - '*'
+
+env:
+  TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2    # see https://github.com/nofusscomputing/action_python/issues/10
+  DOCKER_BUILD_REGISTRY: ghcr.io
+  DOCKER_BUILD_IMAGE_NAME: "nofusscomputing/mkdocs-ci"
+  DOCKER_BUILD_IMAGE_TAG: ${{ github.sha }}
+  DOCKER_PUBLISH_REGISTRY: "docker.io"
+  DOCKER_PUBLISH_IMAGE_NAME: "nofusscomputing/mkdocs-ci"
+  DOCKER_BUILD_USERNAME: ${{ github.actor }}
+  DOCKER_BUILD_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+  DOCKER_PUBLISH_USERNAME: ${{ secrets.NFC_DOCKERHUB_USERNAME }}
+  DOCKER_PUBLISH_PASSWORD: ${{ secrets.NFC_DOCKERHUB_TOKEN }}
+
+  DOCKER_FILE: dockerfile
+
+jobs:
+
+
+  docker-build:
+    runs-on: ubuntu-latest
+    name: Build Image
+    steps:
+
+
+      - uses: actions/checkout@v4
+
+
+      - name: Log into GHCR Registry
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.DOCKER_BUILD_REGISTRY }}
+          username: ${{ env.DOCKER_BUILD_USERNAME }}
+          password: ${{ env.DOCKER_BUILD_PASSWORD }}
+
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:latest
+
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+
+      - name: Build and push
+        if: ${{ ! startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.sha }}
+          provenance: false
+          sbom: false
+
+
+      - name: Log into Publish Registry
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.DOCKER_PUBLISH_REGISTRY }}
+          username: ${{ env.DOCKER_PUBLISH_USERNAME }}
+          password: ${{ env.DOCKER_PUBLISH_PASSWORD }}
+
+
+      - name: Build and push tagged
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.sha }}
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:${{ github.ref_name }}
+            ${{ env.DOCKER_BUILD_REGISTRY }}/${{ env.DOCKER_BUILD_IMAGE_NAME }}:latest
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.sha }}
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.ref_name }}
+            ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:latest
+          provenance: false
+          sbom: false
+
+
+  docker-publish:
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+    runs-on: ubuntu-latest
+    needs:
+      - docker-build
+    name: Publish
+    steps:
+
+
+      - name: Append GH Release Body
+        id: release
+        uses: softprops/action-gh-release@v2
+        with:
+          append_body: true
+          draft: false
+          body: |
+            ### Images part of this release
+
+            The following images were built and published:
+
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ steps.tag-image.outputs.mutable_tag_name }}`
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ env.DOCKER_TAG_IMAGE_TAG_SOURCE }}`
+            - `docker pull ${{ env.DOCKER_PUBLISH_REGISTRY }}/${{ env.DOCKER_PUBLISH_IMAGE_NAME }}:${{ github.ref_name }}`

.github/workflows/release.yaml

@@ -0,0 +1,67 @@
+---
+
+name: 'Release'
+
+
+on:
+  push:
+    tags:
+      - '*'
+
+
+env:
+  # ACTIONS_RUNNER_DEBUG: "true"
+  # ACTIONS_STEP_DEBUG: "true"
+  GITHUB_TOKEN: ${{ secrets.WORKFLOW_TOKEN }}
+
+
+jobs:
+
+
+  create:
+    name: 'Create'
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-latest
+    steps:
+
+
+      - name: Trace
+        shell: bash
+        run: |
+          export
+
+
+      - name: Install Commitizen
+        shell: bash
+        run: |
+          pip install \
+            commitizen==3.28.0
+
+
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          token: ${{ secrets.WORKFLOW_TOKEN }}
+          ref: ${{ github.ref_name }}
+
+
+      - name: Create Incremental Changelog
+        shell: bash
+        run: |
+          export PREV_GIT_TAG="$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1  --max-count=1`)";
+          export CURR_GIT_TAG="${{ github.ref_name }}";
+
+          cz changelog --dry-run --merge-prerelease --unreleased-version "$PREV_GIT_TAG" "$CURR_GIT_TAG" > changelog-release.md;
+
+
+      - name: Create Draft GH Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          body_path: changelog-release.md
+          make_latest: true
+          prerelease: false
+          draft: true

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "website-template"]
+	path = website-template
+	url = https://gitlab.com/nofusscomputing/infrastructure/website-template.git

README.md

@@ -6,7 +6,7 @@
 
 <br>
 
-![GitHub forks](https://img.shields.io/github/forks/NofussComputing/2Fdocker_mkdocs_ci?logo=github&style=plastic&color=000000&labell=Forks) ![GitHub stars](https://img.shields.io/github/stars/NofussComputing/2Fdocker_mkdocs_ci?color=000000&logo=github&style=plastic) ![Github Watchers](https://img.shields.io/github/watchers/NofussComputing/2Fdocker_mkdocs_ci?color=000000&label=Watchers&logo=github&style=plastic)
+![GitHub forks](https://img.shields.io/github/forks/NofussComputing/docker_mkdocs_ci?logo=github&style=plastic&color=000000&labell=Forks) ![GitHub stars](https://img.shields.io/github/stars/NofussComputing/docker_mkdocs_ci?color=000000&logo=github&style=plastic) ![Github Watchers](https://img.shields.io/github/watchers/NofussComputing/docker_mkdocs_ci?color=000000&label=Watchers&logo=github&style=plastic)
 
 links:
 

dockerfile

@@ -0,0 +1,75 @@
+
+ARG ALPINE_VERSION=3.23
+ARG PYTHON_VERSION=3.11
+
+FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION} AS build
+
+
+# RUN apk add --update \
+#     git;
+#     # gcc \
+#     # cmake \
+#     # libc-dev \
+#     # alpine-sdk \
+#     # libffi-dev \
+#     # build-base;
+
+
+COPY requirements.txt /tmp/requirements.txt
+
+COPY /website-template /website-template
+
+
+RUN mkdir -p /tmp/python_modules /tmp/python_builds
+
+
+RUN pip install --upgrade \
+        setuptools \
+        wheel \
+        setuptools-rust \
+        build \
+        twine; \
+    cd /tmp/python_modules; \
+    cat /tmp/requirements.txt; \
+    pip download --dest . --check-build-dependencies \
+        -r /tmp/requirements.txt; \
+    python -m build -w -o . /website-template/custom-plugins/*;
+
+
+RUN cd /tmp/python_modules; \
+    ls -la /tmp/python_modules; \
+    pip wheel --wheel-dir /tmp/python_builds --find-links . *.whl; \
+    pip wheel --wheel-dir /tmp/python_builds --find-links . *.tar.gz || true; \
+    ls -la /tmp/python_builds
+
+
+
+FROM python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
+
+
+COPY --from=build /tmp/python_builds /tmp/python_builds
+
+
+COPY includes/ /
+
+
+RUN apk update --no-cache; \
+    apk upgrade --no-cache; \
+    apk add --no-cache \
+        bash \
+        envsubst \
+        git \
+        npm \
+        yq; \
+    pip install --no-cache-dir /tmp/python_builds/*.*; \
+    rm -rf /tmp/python_builds; \
+    chmod +x /entrypoint.sh; \
+    npm install \
+        markdownlint-cli2@v0.18.1 \
+        markdownlint-cli2-formatter-junit \
+        markdownlint-cli2-formatter-template \
+        --global;
+
+RUN git config --global --add safe.directory '*'
+
+ENTRYPOINT ["/entrypoint.sh"]