Devops 7450 deployment

.github/workflows/docker.yml

@@ -0,0 +1,86 @@
+name: publish-image
+
+on:
+  workflow_dispatch:
+  # Dockerfile builds again but does not run tests so we only
+  # run this workflow after successful Go build-test
+  workflow_run:
+    workflows: ['build']
+    types: [completed]
+    branches: ['main']
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - module: mod-cyclops
+            dockerfile: ./Dockerfile
+            image: ghcr.io/${{ github.repository }}
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: stable
+          cache-dependency-path: |
+            go.work.sum
+            ${{ matrix.module }}/go.sum
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ matrix.image }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=sha
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ hashFiles(matrix.dockerfile) }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file:  ${{ matrix.dockerfile }}
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache,mode=max
+          build-args: |
+            GOCACHE=/root/.cache/go-build
+            GOMODCACHE=/go/pkg/mod

.github/workflows/go.yml

@@ -0,0 +1,33 @@
+name: build
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+env:
+  GO_VERSION: "1.26.1"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v6
+
+    - name: Set up Go
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ env.GO_VERSION }}
+
+    - name: Build
+      run: make
+
+    - name: Test
+      run: make test
+
+    - name: Lint
+      run: make lint
+      continue-on-error: true

Dockerfile

@@ -0,0 +1,51 @@
+# syntax=docker/dockerfile:1
+
+FROM golang:1.26.1 AS build
+
+WORKDIR /app
+
+# Copy module files first so dependency downloads can be cached.
+COPY go.mod go.sum ./
+
+# Download go deps, caches GOMODCACHE.
+RUN --mount=type=cache,sharing=shared,target=/go/pkg/mod \
+  go mod download
+
+COPY . ./
+
+# Build, caches GOCACHE
+RUN --mount=type=cache,sharing=shared,target=/root/.cache/go-build \
+  CGO_ENABLED=0 \
+  GOOS=linux \
+  go build -o /mod-cyclops .
+
+# create runtime user
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 65532 \
+  cyclops-user
+
+# create small runtime image
+FROM scratch
+
+# need to copy SSL certs and runtime use
+COPY --from=build /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=build /etc/passwd /etc/passwd
+COPY --from=build /etc/group /etc/group
+
+# copy binaries
+COPY --from=build /mod-cyclops .
+# copy migrations if needed
+#COPY --from=build /app/migrations /migrations
+
+ENV HTTP_PORT=12370
+EXPOSE ${HTTP_PORT}
+
+# Run
+USER cyclops-user:cyclops-user
+CMD ["/mod-cyclops"]