ci: Add Docker support and deployment workflows (#12)

- Add Dockerfile for containerization
- Add GitHub workflow for automated Docker image publishing
- Add release workflow for managing releases

Author: d-teller

.github/workflows/docker-publish.yml

@@ -0,0 +1,55 @@
+name: Build and Publish Docker Image
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,format=short
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max 

.github/workflows/release.yml

@@ -0,0 +1,71 @@
+name: Create Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to release (e.g., v1.0.0)'
+        required: true
+        type: string
+
+jobs:
+  check-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if running on main branch
+        if: github.ref != 'refs/heads/main'
+        run: |
+          echo "This workflow can only be run on the main branch"
+          exit 1
+
+  release:
+    needs: check-branch
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install uv
+          uv pip install -e ".[dev]"
+
+      - name: Create GitHub Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          release_name: Release ${{ github.event.inputs.version }}
+          draft: false
+          prerelease: false
+
+      - name: Build and tag Docker image with release version
+        env:
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}
+        run: |
+          docker build -t $REGISTRY/$IMAGE_NAME:${{ github.event.inputs.version }} .
+          docker build -t $REGISTRY/$IMAGE_NAME:latest .
+
+      - name: Push Docker image
+        env:
+          REGISTRY: ghcr.io
+          IMAGE_NAME: ${{ github.repository }}
+        run: |
+          echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          docker push $REGISTRY/$IMAGE_NAME:${{ github.event.inputs.version }}
+          docker push $REGISTRY/$IMAGE_NAME:latest 

Dockerfile

@@ -0,0 +1,64 @@
+FROM python:3.12-slim AS builder
+
+# Install uv
+RUN pip install uv
+
+# Set work directory
+WORKDIR /app
+
+# Copy only what's needed for installation
+COPY pyproject.toml uv.lock ./
+COPY src/ ./src/
+
+# Install dependencies using uv with --system flag
+RUN uv pip install --system --no-cache-dir .
+
+# Create a lightweight runtime image
+FROM python:3.12-slim AS runtime
+
+# Set work directory
+WORKDIR /app
+
+# Copy only the installed packages and application code
+COPY --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+COPY --from=builder /app/src /app/src
+
+# Create log directory
+RUN mkdir -p /app/log
+
+# Define build arguments with default values
+ARG OPENAI_BASE_URL_INTERNAL=http://localhost:8000
+ARG OPENAI_BASE_URL=http://localhost:8080
+ARG OPENAI_API_KEY=sk-fakekey
+ARG API_ADAPTER_HOST=0.0.0.0
+ARG API_ADAPTER_PORT=8080
+ARG LOG_LEVEL=INFO
+ARG LOG_FILE_PATH=/app/log/api_adapter.log
+
+# Set environment variables from build arguments
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    # OpenAI API Configuration
+    OPENAI_BASE_URL_INTERNAL=${OPENAI_BASE_URL_INTERNAL} \
+    OPENAI_BASE_URL=${OPENAI_BASE_URL} \
+    OPENAI_API_KEY=${OPENAI_API_KEY} \
+    # Server Configuration
+    API_ADAPTER_HOST=${API_ADAPTER_HOST} \
+    API_ADAPTER_PORT=${API_ADAPTER_PORT} \
+    # Logging Configuration
+    LOG_LEVEL=${LOG_LEVEL} \
+    LOG_FILE_PATH=${LOG_FILE_PATH}
+
+# Create entrypoint script for proper environment variable handling
+RUN echo '#!/bin/sh\nexec uvicorn openai_responses_server.server:app --host $API_ADAPTER_HOST --port $API_ADAPTER_PORT "$@"' > /app/entrypoint.sh && \
+    chmod +x /app/entrypoint.sh
+
+# Create non-root user for security and set permissions
+RUN adduser --disabled-password --gecos "" appuser && \
+    chown -R appuser:appuser /app/log && \
+    chown appuser:appuser /app/entrypoint.sh
+USER appuser
+
+# Use JSON array format for CMD with entrypoint script
+CMD ["sh", "/app/entrypoint.sh"]