Add Docker support and workflows for build image #1

.dockerignore

@@ -0,0 +1,34 @@
+# Include any files or directories that you don't want to be copied to your
+# container here (e.g., local build artifacts, temporary files, etc.).
+#
+# For more help, visit the .dockerignore file reference guide at
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+**/.DS_Store
+**/__pycache__
+**/.venv
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

.github/workflows/docker.yml

@@ -0,0 +1,112 @@
+name: Build & Publish Images
+
+on:
+  push:
+    tags:
+      - v[0-9]+.*
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    name: Build Image
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: [linux/amd64, linux/arm64]
+        bin: playground-api
+    steps:
+    - name: Set environment variable
+      run: echo "IMAGE_NAME=ghcr.io/${{ github.repository_owner }}/${{ matrix.bin }}" >> $GITHUB_ENV
+
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.IMAGE_NAME }}
+
+    - name: Build and push image by digest
+      id: build
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        platforms: ${{ matrix.platform }}
+        labels: ${{ steps.meta.outputs.labels }}
+        outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true
+        provenance: false
+        cache-from: type=gha
+        cache-to: type=gha
+
+    - name: Export digest
+      run: |
+        mkdir -p "/tmp/digests/${{ matrix.bin }}"
+        digest="${{ steps.build.outputs.digest }}"
+        touch "/tmp/digests/${{ matrix.bin }}/${digest#sha256:}"
+
+    - name: Upload digests
+      uses: actions/upload-artifact@v3
+      with:
+        name: ${{ matrix.bin }}-digests
+        path: /tmp/digests/${{ matrix.bin }}/*
+        if-no-files-found: error
+        retention-days: 1
+
+  merge:
+    name: Merge digests
+    runs-on: ubuntu-latest
+    needs: build
+    strategy:
+      fail-fast: false
+      matrix:
+        bin: playground-api
+    steps:
+    - name: Set environment variable
+      run: echo "IMAGE_NAME=ghcr.io/${{ github.repository_owner }}/${{ matrix.bin }}" >> $GITHUB_ENV
+
+    - name: Download digests
+      uses: actions/download-artifact@v3
+      with:
+        name: ${{ matrix.bin }}-digests
+        path: /tmp/digests/${{ matrix.bin }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.IMAGE_NAME }}
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Create manifest list and push
+      working-directory: /tmp/digests/${{ matrix.bin }}
+      run: |
+        docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+          $(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *)
+
+    - name: Inspect image
+      run: |
+        docker buildx imagetools inspect ${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}

Dockerfile

@@ -0,0 +1,63 @@
+# syntax=docker/dockerfile:1
+
+# Comments are provided throughout this file to help you get started.
+# If you need more help, visit the Dockerfile reference guide at
+# https://docs.docker.com/engine/reference/builder/
+
+################################################################################
+# Base image as the foundation for the other build stages in this file.
+FROM rust:slim AS chef
+
+# Set the environment variables for the build.
+ENV CARGO_UNSTABLE_SPARSE_REGISTRY=true
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+
+# We only pay the installation cost once,
+# it will be cached from the second build onwards
+RUN rustup default stable
+RUN rustup component add cargo rust-std rustc
+RUN cargo install cargo-chef
+
+WORKDIR /app
+
+################################################################################
+# Create a stage for cargo chef prepare recipe.
+FROM chef AS planner
+COPY . .
+# Compute a lock-like file for our project
+RUN cargo chef prepare  --recipe-path recipe.json
+
+################################################################################
+# Create a stage for building/compiling the application.
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+
+# Build our project dependencies, not our application.
+RUN cargo chef cook --release --recipe-path recipe.json
+# Up to this point, if our dependency tree stays the same,
+# all layers should be cached.
+
+COPY . .
+RUN cargo build --release --bin playground-api
+
+################################################################################
+# Create a final stage for running your application.
+#
+# The following commands copy the output from the "build" stage above and tell
+# the container runtime to execute it when the image is run. Ideally this stage
+# contains the minimal runtime dependencies for the application as to produce
+# the smallest image possible. This often means using a different and smaller
+# image than the one used for building the application, but for illustrative
+# purposes the "base" image is used here.
+FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
+
+# Copy the executable from the "building" stage.
+COPY --from=builder \
+     --chown=nonroot:nonroot \
+     /app/target/release/playground-api \
+     /usr/local/bin/
+
+EXPOSE 8080
+
+# What the container should run when it is started
+ENTRYPOINT ["/usr/local/bin/playground-api"]