Add github actions for cli build

.github/workflows/quality-trace-cli-release.yaml

@@ -0,0 +1,70 @@
+name: quality-trace-cli docker release
+on:
+  push:
+    tags:
+      - "v*.*.*"
+jobs:
+  push_to_registry:
+    name: Build and push Docker image github container registry.
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Set environment variable
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV
+
+      - name: Test environment variable
+        run: echo ${{ env.RELEASE_VERSION }}
+
+      - name: Check out GitHub repo
+        uses: actions/checkout@v3
+
+      - name: Build cli
+        run: make dist/quality-trace
+        env:
+          GO111MODULE: on
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          context: ./
+          file: ./dockerfiles/cli/Dockerfile
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }}
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ env.RELEASE_VERSION }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli-release.yaml@refs/tags/${{ env.RELEASE_VERSION }}  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }} # or ${{ secrets.github_pat_name }} if you're using a PAT

.github/workflows/quality-trace-cli.yaml

@@ -0,0 +1,96 @@
+name: Quality-Trace Cli Docker Image
+
+on:
+  push:
+    paths-ignore:
+      - '**.md'
+      - 'charts/**'
+    branches:
+      - 'main'
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      id-token: write
+      contents: read
+      actions: read
+      security-events: write
+    env:
+      REGISTRY: ghcr.io
+      GH_URL: https://github.com
+    steps:
+      - name: Checkout GitHub Action
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up Go environment
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.21.1'
+
+      - name: Build cli
+        run: make dist/quality-trace
+        env:
+          GO111MODULE: on
+
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}/cli
+          tags: |
+            type=raw,value=latest
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
+          flavor: |
+            latest=true
+            
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build image and push to GitHub Container Registry
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file:  ./dockerfiles/cli/Dockerfile
+          tags: |
+            ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }},
+            ${{ env.REGISTRY }}/${{ github.repository }}/cli:latest
+          labels: ${{ steps.metadata.outputs.labels }}
+
+          push: true
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+
+      - name: Sign the images
+        run: |
+          cosign sign -y ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }}
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Verify the pushed tags
+        run: cosign verify ${{ env.REGISTRY }}/${{ github.repository }}/cli:${{ github.run_id }} --certificate-identity ${{ env.GH_URL }}/${{ github.repository }}/.github/workflows/quality-trace-cli.yaml@refs/heads/main  --certificate-oidc-issuer https://token.actions.githubusercontent.com
+        env:
+          COSIGN_EXPERIMENTAL: 1
+
+      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'github'
+          output: 'dependency-results.sbom.json'
+          image-ref: '.'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}

dockerfiles/server/Dockerfile

@@ -4,9 +4,6 @@ WORKDIR /app
 
 COPY ./quality-trace-server /app/quality-trace-server
 
-# Adding /app folder on $PATH to allow users to call tracetest cli on docker
-ENV PATH="$PATH:/app"
-
 EXPOSE 11633/tcp
 
 ENTRYPOINT ["/app/quality-trace-server", "serve"]