feat: add release container workflow (#2)

.github/workflows/release-container.yaml

@@ -0,0 +1,209 @@
+on:
+  workflow_call:
+
+    inputs:
+
+      runs-on:
+        description: "The Github Actions host runner to use for compute. i.e. ubuntu-latest is a Github hosted runner."
+        required: true
+        type: string
+
+      git-clone-dir:
+        description: "The directory context to clone the git commit into."
+        default: "."
+        type: string
+
+      path-filter:
+        description: "Filters used to detect if relevant files have changed."
+        default: |
+          src:
+            - '**'
+        type: string
+
+      release-dry-run:
+        description: "When true determines if a release should happen and what type without actually performing the release."
+        default: true
+        type: boolean
+
+      release-branches:
+        description: "JSON encoded list of regex patterns to select release branches."
+        default: |
+          [
+            '+([0-9])?(.{+([0-9]),x}).x',
+            'main'
+          ]
+        type: string
+
+      release-tag-format:
+        description: "Release tag format string (defers templating to release time)."
+        default: '${version}'
+        type: string
+
+      release-rules:
+        description: "JSON encoded list of semantic-release release rules."
+        default: |
+          [
+            {"type": "major", "release": "major"},
+            {"type": "minor", "release": "minor"},
+            {"type": "patch", "release": "patch"},
+            {"type": "no-release", "release": false},
+
+            {"type": "chore", "release": "patch"},
+            {"type": "refactor", "release": "patch"},
+            {"type": "style", "release": "patch"},
+
+            {"type": "docs", "release": false},
+            {"type": "test", "release": false},
+            {"type": "ci", "release": false},
+
+            {"type": "feat", "release": "minor"},
+
+            {"type": "revert", "release": "patch"},
+            {"type": "perf", "release": "patch"},
+            {"type": "fix", "release": "patch"},
+            {"type": "build", "release": "patch"},
+          ]
+        type: string
+
+      docker-context-dir:
+        description: "The directory context to execute the docker build within. i.e. Inside the Dockerfile RUN commands, this is the directory that they see as PWD."
+        default: "."
+        type: string
+
+      docker-file-path:
+        description: "Path to the Dockerfile to build the container from."
+        default: "Dockerfile"
+        type: string
+
+      docker-registry:
+        description: "Root url for the Docker registry to use. e.g. https://harbor.ukserp.ac.uk"
+        required: true
+        type: string
+
+      docker-registry-project:
+        description: "Name of the project within the registry that the containers should be pushed into. i.e. my-project."
+        required: true
+        type: string
+
+      docker-registry-repo:
+        description: "Name of the image within the project that the containers should named as. i.e. my-image."
+        required: true
+        type: string
+
+      docker-registry-tag-format:
+        description: "A json formatted list of Docker tag formats used by the semantic-release-docker plugin when pushing built containers to the registry."
+        default: '["latest", "{{version}}", "{{major}}-latest", "{{major}}.{{minor}}"]'
+        type: string
+
+      docker-registry-user:
+        description: "Authentication user for the docker registry."
+        required: true
+        type: string
+
+      github-app-id:
+        description: "App ID for Github App authentication."
+        required: true
+        type: string
+
+    secrets:
+
+      docker-registry-token:
+        description: "Authentication token for the docker registry."
+        required: true
+
+      github-app-private-key:
+        description: "Private key for Github App authentication."
+        required: true
+
+jobs:
+
+  release-container:
+    runs-on: ${{ inputs.runs-on }}
+
+    steps:
+
+      - name: clone repo
+        uses: actions/checkout@v3
+
+      - name: detect changed files
+        uses: dorny/paths-filter@v2
+        id: changes
+        with:
+          filters: ${{ inputs.path-filter }}
+
+      - name: generate token
+        if: steps.changes.outputs.src == 'true'
+        id: generate-token
+        uses: tibdex/github-app-token@v1.8.0
+        with:
+          app_id: ${{ inputs.github-app-id }}
+          private_key: ${{ secrets.github-app-private-key }}
+
+      - name: registry login
+        if: steps.changes.outputs.src == 'true'
+        run: |
+          echo "$DOCKER_REGISTRY_TOKEN" | docker login $DOCKER_REGISTRY -u $DOCKER_REGISTRY_USER --password-stdin
+        env:
+          DOCKER_REGISTRY: ${{ inputs.docker-registry }}
+          DOCKER_REGISTRY_USER: ${{ inputs.docker-registry-user }}
+          DOCKER_REGISTRY_TOKEN: ${{ secrets.docker-registry-token }}
+
+      - name: build container
+        if: steps.changes.outputs.src == 'true'
+        run: |
+          docker build -t image -f ${{ inputs.docker-file-path }} ${{ inputs.docker-context-dir }}
+
+      - name: release dry run
+        if: steps.changes.outputs.src == 'true'
+        uses: docker://ghcr.io/codfish/semantic-release-action:v2
+        id: dry-release
+        with:
+          dry_run: true
+          branches: ${{ inputs.release-branches }}
+          tag_format: ${{ inputs.release-tag-format }}
+
+          plugins: |-
+            [
+              ['@semantic-release/commit-analyzer', {
+                "releaseRules": ${{ inputs.release-rules }},
+              }]
+            ]
+
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
+
+      - name: tag and push container to registry
+        if: steps.dry-release.outputs.new-release-published == 'true'
+        run: |
+          docker tag image $TAG
+          docker push $TAG
+        env:
+          TAG: ${{ inputs.docker-registry }}/${{ inputs.docker-registry-project }}/${{ inputs.docker-registry-repo }}:${{ steps.dry-release.outputs.release-version }}
+
+      - name: release
+        if: steps.dry-release.outputs.new-release-published == 'true'
+        uses: docker://ghcr.io/codfish/semantic-release-action:v2
+        id: release
+        with:
+          dry_run: false
+          branches: ${{ inputs.release-branches }}
+          tag_format: ${{ inputs.release-tag-format }}
+
+          plugins: |-
+            [
+              ['@semantic-release/commit-analyzer', {
+                "releaseRules": ${{ inputs.release-rules }},
+              }], 
+            
+              ['@semantic-release/release-notes-generator', {
+                
+              }],
+            
+              ['@semantic-release/github', {
+                "successComment": false,
+                "failTitle": false
+              }]
+            ]
+
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}

.github/workflows/release-release-container.yaml

@@ -0,0 +1,36 @@
+name: Test and Release the release-container CI
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+
+  release-container:
+    uses: ./.github/workflows/release-container.yaml
+
+    with:
+      runs-on: ubuntu-latest
+
+      path-filter: |
+        src:
+          - './.github/workflows/release-release-container.yaml'
+          - './.github/workflows/release-container.yaml'
+          - './tests/container/**'
+
+      release-dry-run: false
+      release-tag-format: 'release-container-${version}'
+
+      github-app-id: ${{ vars.APP_ID }}
+
+      docker-file-path: ./tests/container/Dockerfile
+
+      docker-registry-user: ${{ vars.HARBOR_USER }}
+      docker-registry: ${{ vars.HARBOR_REGISTRY }}
+      docker-registry-project: ${{ vars.HARBOR_PROJECT }}
+      docker-registry-repo: whalesay
+
+    secrets:
+      github-app-private-key: ${{ secrets.APP_PRIVATE_KEY }}
+      docker-registry-token: ${{ secrets.HARBOR_TOKEN }}

.gitignore

@@ -1,3 +1,5 @@
+.idea
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

tests/container/Dockerfile

@@ -0,0 +1 @@
+FROM docker/whalesay