feat: docker packaging (#15)

Author: kapilt

.github/workflows/docker.yml

@@ -0,0 +1,41 @@
+name: Create and publish a Docker image
+
+on:
+  push:
+    branches: ['main']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/[email protected]
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/[email protected]
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/[email protected]
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,44 @@
+# syntax = docker/dockerfile:1.3
+ARG PYTHON_BUILD_IMAGE=python:3.10.0-bullseye
+ARG PYTHON_DIST_IMAGE=python:3.10.0-slim-bullseye
+
+# Build Container
+FROM $PYTHON_BUILD_IMAGE as build
+
+RUN adduser --disabled-login --gecos "" tfdevops
+
+RUN python3 -m venv /app && chown -R tfdevops: /app
+USER tfdevops
+
+ENV POETRY_VERSION=1.1.11 \
+    VIRTUAL_ENV="/app" \
+    PATH="/home/tfdevops/.local/bin:/app/bin:${PATH}"
+
+RUN curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py | python3 -
+
+COPY pyproject.toml poetry.lock /app
+WORKDIR /app
+
+RUN --mount=type=cache,target=/home/tfdevops/.cache,uid=1000 poetry install --no-root --no-dev
+
+ADD . /app
+RUN --mount=type=cache,target=/home/tfdevops/.cache,uid=1000 poetry install --no-dev
+
+FROM $PYTHON_DIST_IMAGE
+
+ENV PYTHONFAULTHANDLER=1 \
+  PYTHONUNBUFFERED=1 \
+  PYTHONHASHSEED=random \
+  AWS_RETRY_MODE=adaptive \
+  AWS_STS_REGIONAL_ENDPOINTS=regional \
+  AWS_MAX_ATTEMPTS=6 \
+  LC_ALL="C.UTF-8" LANG="C.UTF-8"
+
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+COPY --chown=tfdevops:tfdevops --from=build /app /app
+
+USER tfdevops
+WORKDIR /app
+ENTRYPOINT ["/app/bin/tfdevops"]
+CMD ["--help"]

justfile

@@ -5,3 +5,13 @@ lint:
 
 test:
   pytest -v tests/unit
+
+image:
+  DOCKER_BUILDKIT=1 docker buildx build \
+     --label "org.opencontainers.image.vendor=stacklet" \
+     --label "org.opencontainers.image.source=https://github.com/stacklet/tfdevops" \
+     --label "org.opencontainers.image.licenses=Apache-2.0" \
+     --label "org.opencontainers.image.title=Terraform Devops Guru" \
+     -t "tfdevops:latest" \
+     --progress plain \
+     --load .