feat: add Docker image, tests, docs and CLI snapshot

.dockerignore

@@ -0,0 +1,4 @@
+.git
+.github
+*.md
+LICENSE

.github/copilot-instructions.md

@@ -0,0 +1,77 @@
+# Copilot Instructions — devops-ia/powerpipe
+
+## Project Overview
+
+This repo maintains a community Docker image for [Powerpipe](https://powerpipe.io). Turbot stopped publishing official Docker images, so we build from their pre-compiled binaries.
+
+The image is a thin wrapper: it downloads the Powerpipe binary, sets up the runtime environment (UID 9193, dirs, env vars), and provides a default CMD.
+
+## Architecture
+
+```
+Dockerfile          → builds the image (ARG POWERPIPE_VERSION controls version)
+README.md           → documents flags, env vars, quickstart, Kubernetes notes
+cli-snapshot.json   → machine-readable snapshot of CLI behavior (auto-generated)
+scripts/            → extraction and comparison tools (do not modify)
+package.json        → semantic-release config (do not modify)
+```
+
+## When Upstream Releases a New Version
+
+1. Review the behavioral diff in the PR comment
+2. Update `README.md`:
+   - Add new CLI flags to the flag tables
+   - Remove deprecated/removed flags
+   - Add new environment variables to the env var table
+   - Remove dropped environment variables
+   - Update the version in example commands if relevant
+3. Update `Dockerfile`:
+   - Add/remove ENV vars if defaults changed
+   - Update HEALTHCHECK if the service behavior changed
+4. Do NOT update `ARG POWERPIPE_VERSION` (updatecli handles this)
+5. Do NOT modify `cli-snapshot.json` (CI regenerates it)
+
+## Files You SHOULD Modify
+
+- `README.md` — flag tables, env var tables, examples
+- `Dockerfile` — ENV defaults, HEALTHCHECK, EXPOSE
+
+## Files You MUST NOT Modify
+
+- `.github/workflows/` — CI/CD pipelines
+- `package.json` — semantic-release config
+- `cli-snapshot.json` — auto-generated by CI
+- `scripts/` — extraction tools
+- `LICENSE`
+
+## How to Build and Test
+
+```bash
+# Build
+docker build -t powerpipe:test .
+
+# Smoke test
+docker run --rm powerpipe:test powerpipe --version
+
+# Server test
+docker run --rm -d --name pp-test -p 9033:9033 powerpipe:test powerpipe server
+sleep 5
+curl -sf http://localhost:9033/ && echo "OK"
+docker stop pp-test
+```
+
+## Documentation Format
+
+Flag tables use this format:
+```markdown
+| Flag | Description | Default |
+|------|-------------|---------|
+| `--listen` | Listen address (local/network) | `network` |
+```
+
+Env var tables use this format:
+```markdown
+| Variable | Image default | Description |
+|----------|--------------|-------------|
+| `POWERPIPE_LISTEN` | `network` | Interface to listen on |
+```

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      actions:
+        patterns:
+          - "*"
+
+  - package-ecosystem: pip
+    directory: /tests
+    schedule:
+      interval: weekly

.github/updatecli/powerpipe.yaml

@@ -0,0 +1,46 @@
+---
+name: Bump Powerpipe version
+
+scms:
+  github:
+    kind: github
+    spec:
+      user: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      email: '{{ requiredEnv "GITHUB_ACTOR" }}@users.noreply.github.com'
+      owner: devops-ia
+      repository: powerpipe
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      branch: main
+      commitmessage:
+        title: 'chore: bump powerpipe to {{ source "powerpipe" }}'
+
+sources:
+  powerpipe:
+    kind: githubRelease
+    spec:
+      owner: turbot
+      repository: powerpipe
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      versionFilter:
+        kind: semver
+        pattern: ">=1.0.0"
+
+targets:
+  dockerfile:
+    name: "Update Powerpipe version in Dockerfile"
+    kind: file
+    scmid: github
+    sourceid: powerpipe
+    spec:
+      file: Dockerfile
+      matchpattern: 'ARG POWERPIPE_VERSION=.*'
+      replacepattern: 'ARG POWERPIPE_VERSION={{ source "powerpipe" }}'
+
+actions:
+  pr:
+    kind: github/pullrequest
+    scmid: github
+    title: 'chore: bump powerpipe to {{ source "powerpipe" }}'
+    spec:
+      labels:
+        - dependencies

.github/workflows/copilot-setup-steps.yml

@@ -0,0 +1,30 @@
+---
+name: Copilot Setup Steps
+
+on:
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Install tools
+        run: |
+          sudo apt-get update -qq && sudo apt-get install -y -qq jq > /dev/null
+          echo "jq $(jq --version), docker $(docker --version)"
+
+      - name: Build Docker image
+        run: docker build -t powerpipe:local .
+
+      - name: Validate
+        run: docker run --rm powerpipe:local powerpipe --version