chore: added docker files and some workflows for better automation.

Author: timhauke

.dockerignore

@@ -0,0 +1,13 @@
+.git
+.github
+.venv
+.mypy_cache
+__pycache__
+*.pyc
+.env
+.env.local
+.env.*.backup
+docs/
+tests/
+node_modules/
+*.log

.env.example

@@ -0,0 +1,15 @@
+# Copy this file to `.env` and populate the secrets before running the bot
+
+# Discord bot token (https://discord.com/developers/applications)
+DISCORD_TOKEN=YOUR_DISCORD_BOT_TOKEN
+
+# Lavalink connection overrides (optional if values already exist in config.yml)
+LAVALINK_HOST=lavalink.example.com
+LAVALINK_PORT=2333
+LAVALINK_PASSWORD=supersecret
+LAVALINK_HTTPS=false
+LAVALINK_NAME=main
+LAVALINK_REGION=eu
+
+# Optional: specify an alternate configuration file
+# CONFIG_PATH=config.yml

.github/release-drafter.yml

@@ -0,0 +1,35 @@
+name-template: "v$NEXT_PATCH_VERSION"
+tag-template: "v$NEXT_PATCH_VERSION"
+categories:
+  - title: "🚀 Features"
+    labels:
+      - feature
+      - enhancement
+  - title: "🐛 Fixes"
+    labels:
+      - bug
+      - fix
+      - bugfix
+  - title: "🛠 Maintenance"
+    labels:
+      - chore
+      - maintenance
+      - refactor
+  - title: "📖 Documentation"
+    labels:
+      - docs
+      - documentation
+  - title: "🧪 Testing"
+    labels:
+      - test
+      - tests
+change-template: "- $TITLE (#$NUMBER) @$AUTHOR"
+no-changes-template: "No changes in this release."
+template: |
+  ## What's Changed
+
+  $CHANGES
+
+  ## Contributors
+
+  $CONTRIBUTORS

.github/workflows/build.yml

@@ -1,29 +1,36 @@
-name: 🏗️ Build
+name: 🏗️ Build Container
 
 on:
   push:
-    branches: [main]
+    branches:
+      - main
+      - develop
+  pull_request:
+    branches:
+      - main
+      - develop
   workflow_dispatch:
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
-      - uses: actions/checkout@v4
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r requirements.txt
-      - name: Build package
-        run: |
-          mkdir -p dist
-          zip -r dist/vectobeat.zip src config.yml requirements.txt .env
-      - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build container image
+        uses: docker/build-push-action@v5
         with:
-          name: vectobeat-build
-          path: dist/vectobeat.zip
+          context: .
+          file: Dockerfile
+          push: false
+          load: true
+          tags: vectobeat:ci
+
+      - name: Smoke test container
+        run: docker run --rm vectobeat:ci python -m compileall src

.github/workflows/deploy.yml

@@ -1,32 +1,82 @@
-name: 🚀 Deploy VectoBeat
+name: 🚀 Release & Publish
 
 on:
   release:
     types: [published]
   workflow_dispatch:
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+permissions:
+  contents: read
+  packages: write
+
 jobs:
+  publish-image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=release
+            type=ref,event=tag
+            type=raw,value=latest
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
   deploy:
+    needs: publish-image
     runs-on: ubuntu-latest
+    if: ${{ secrets.DEPLOY_SSH_HOST != '' && secrets.DEPLOY_SSH_USER != '' && secrets.DEPLOY_SSH_KEY != '' && secrets.DEPLOY_TARGET_PATH != '' }}
     steps:
-      - uses: actions/checkout@v4
+      - name: Sync container to server
+        uses: appleboy/scp-action@v0.1.7
+        with:
+          host: ${{ secrets.DEPLOY_SSH_HOST }}
+          username: ${{ secrets.DEPLOY_SSH_USER }}
+          key: ${{ secrets.DEPLOY_SSH_KEY }}
+          source: docker-compose.yml
+          target: ${{ secrets.DEPLOY_TARGET_PATH }}
 
-      - name: Setup Python
-        uses: actions/setup-python@v5
+      - name: Trigger remote deployment
+        uses: appleboy/ssh-action@v1.0.3
         with:
-          python-version: "3.11"
-
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r requirements.txt
-
-      - name: Deploy to Production
-        env:
-          DISCORD_TOKEN: ${{ secrets.DISCORD_TOKEN }}
-          LAVALINK_HOST: ${{ secrets.LAVALINK_HOST }}
-          LAVALINK_PORT: ${{ secrets.LAVALINK_PORT }}
-          LAVALINK_PASSWORD: ${{ secrets.LAVALINK_PASSWORD }}
-        run: |
-          echo "🚀 Deploying VectoBeat..."
-          python -m src.main
+          host: ${{ secrets.DEPLOY_SSH_HOST }}
+          username: ${{ secrets.DEPLOY_SSH_USER }}
+          key: ${{ secrets.DEPLOY_SSH_KEY }}
+          envs: REGISTRY,IMAGE_NAME,GITHUB_ACTOR,GITHUB_TOKEN
+          env:
+            REGISTRY: ${{ env.REGISTRY }}
+            IMAGE_NAME: ${{ env.IMAGE_NAME }}
+            GITHUB_ACTOR: ${{ github.actor }}
+            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            docker login $REGISTRY -u "$GITHUB_ACTOR" -p "$GITHUB_TOKEN"
+            cd ${{ secrets.DEPLOY_TARGET_PATH }}
+            docker compose pull
+            docker compose up -d --remove-orphans

.github/workflows/docs.yml

@@ -0,0 +1,37 @@
+name: 📚 Documentation Guard
+
+on:
+  pull_request:
+    paths:
+      - "README.md"
+      - "docs/**"
+      - "assets/images/**"
+  push:
+    branches:
+      - main
+    paths:
+      - "README.md"
+      - "docs/**"
+      - "assets/images/**"
+  workflow_dispatch:
+
+jobs:
+  mermaid-diagram:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "18"
+
+      - name: Install Mermaid CLI
+        run: npm install -g @mermaid-js/mermaid-cli
+
+      - name: Regenerate architecture diagram
+        run: mmdc -i docs/system_architecture.mmd -o assets/images/architecture.png -t dark
+
+      - name: Ensure diagram is committed
+        run: git diff --exit-code assets/images/architecture.png

.github/workflows/release-drafter.yml

@@ -0,0 +1,19 @@
+name: 📝 Release Drafter
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  update-draft:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Release Drafter
+        uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml

.github/workflows/security.yml

@@ -0,0 +1,38 @@
+name: 🔐 Dependency Audit
+
+on:
+  schedule:
+    - cron: "0 3 * * 1" # Every Monday at 03:00 UTC
+  workflow_dispatch:
+  push:
+    paths:
+      - requirements.txt
+      - ".github/workflows/security.yml"
+
+jobs:
+  pip-audit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+          cache: "pip"
+          cache-dependency-path: requirements.txt
+
+      - name: Install audit tooling
+        run: |
+          python -m pip install --upgrade pip
+          pip install pip-audit
+
+      - name: Run pip-audit
+        run: pip-audit -r requirements.txt --format cyclonedx-json --output pip-audit.json
+
+      - name: Upload audit report
+        uses: actions/upload-artifact@v4
+        with:
+          name: pip-audit-report
+          path: pip-audit.json

.github/workflows/test.yml

@@ -1,10 +1,14 @@
-name: 🧪 Tests
+name: 🛡️ Quality Gate
 
 on:
   push:
-    branches: [main, develop]
+    branches:
+      - main
+      - develop
   pull_request:
-    branches: [main, develop]
+    branches:
+      - main
+      - develop
 
 jobs:
   test:
@@ -13,20 +17,30 @@ jobs:
       matrix:
         python-version: ["3.10", "3.11"]
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
+          cache: "pip"
+          cache-dependency-path: |
+            requirements.txt
+
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
           pip install -r requirements.txt
-      - name: Lint
-        run: |
-          pip install flake8
-          flake8 src --max-line-length=120
-      - name: Run tests
-        run: |
-          pip install pytest
-          pytest -v
+          pip install flake8 pytest
+
+      - name: Lint (flake8)
+        if: matrix.python-version == '3.11'
+        run: flake8 src --max-line-length=120
+
+      - name: Byte-compile sources
+        if: matrix.python-version == '3.11'
+        run: python -m compileall src
+
+      - name: Run pytest
+        run: pytest -q