Setup automatic docker build and publish to docker registry

.github/workflows/publish-keria.yml

@@ -1,61 +1,76 @@
 name: Publish Docker image
 
+permissions:
+  contents: read
+  packages: write
+
+env:
+  DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY || 'docker.io' }}
+  DOCKER_IMAGE_NAME: ${{ vars.DOCKER_IMAGE_NAME || 'weboftrust/keria' }}
+
 on:
+  push:
+    branches:
+      - "main"
   workflow_dispatch:
     inputs:
       version:
+        description: "Version to publish (e.g. 0.2.0)"
         required: true
+      latest:
+        description: "Publish :latest tag"
+        type: boolean
+        required: false
+        default: false
+      dryrun:
+        description: "Dry run, don't push"
+        type: boolean
+        required: false
+        default: false
+
 jobs:
   push_to_registry:
-    name: Push Docker image to Docker Hub
-    runs-on: ubuntu-latest
+    name: Push Docker image
+    runs-on: ubuntu-24.04
     steps:
-      - name: Check out the repo
+      - name: Checkout out the repo
         uses: actions/checkout@v4
 
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+      - name: Log in to container registry ${{ env.DOCKER_REGISTRY }}
+        uses: docker/login-action@v3
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          # Uses github tokens for GHCR, otherwise configured repository secrets
+          # This way, forks can be configured to push their own images without
+          # having to modify the workflow.
+          registry: ${{ env.DOCKER_REGISTRY }}
+          username: ${{ env.DOCKER_REGISTRY == 'ghcr.io' && github.actor || secrets.DOCKER_USERNAME }}
+          password: ${{ env.DOCKER_REGISTRY == 'ghcr.io' && secrets.GITHUB_TOKEN || secrets.DOCKER_PASSWORD }}
 
-      - name: Extract metadata (tags, labels) for Docker
-        id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: weboftrust/keria
-
-      # For multi-arch
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker buildx
-        id: buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Cache Docker Layers
-        uses: actions/cache@v3
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          path: /tmp/.buildx-cache
-          key: keri-${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            keri-${{ runner.os }}-buildx-
+          images: |
+            name=${{ env.DOCKER_REGISTRY }}/${{ env.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=sha
+            type=raw,value=${{ github.run_id }},prefix=build-
+            type=raw,value=latest,enable=${{ github.event_name == 'workflow_dispatch' && inputs.latest == true }}
+            type=raw,value=${{ inputs.version }},enable=${{ github.event_name == 'workflow_dispatch' && inputs.version != '' }}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
-          context: .
-          file: images/keria.dockerfile
           platforms: linux/amd64,linux/arm64
-          push: true
-          tags: |
-            weboftrust/keria:${{ github.event.inputs.version }}
-            weboftrust/keria:latest
-          labels: ${{ github.event.inputs.version }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
-
-      - name: Move Docker cache
-        run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          push: ${{ github.event_name != 'workflow_dispatch' || inputs.dryrun != true }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/python-app-ci.yml

@@ -1,12 +1,8 @@
-# This workflow will install Python dependencies, run tests and lint with a single version of Python
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
-
 name: GitHub Actions for KERIA
 on:
   push:
     branches:
       - "main"
-      - "development"
   pull_request:
   workflow_dispatch:
 
@@ -16,24 +12,29 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, ubuntu-latest]
+        os: [macos-13, ubuntu-22.04, ubuntu-24.04, ubuntu-latest]
 
     steps:
       - uses: actions/checkout@v4
+
       - name: Set up Python 3.12.8
         uses: actions/setup-python@v5
         with:
           python-version: 3.12.8
+
       - name: Install uv
         uses: astral-sh/setup-uv@v3
         with:
           version: "0.9.5"
       - name: Install dependencies
         run: make install-dev
+
       - name: Lint changes
         run: make lint
+
       - name: Check formatting
         run: make format-check
+
       - name: Run core KERIA tests
         run: make test
 
@@ -46,7 +47,7 @@ jobs:
         run: docker compose up --build --wait
 
   coverage:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python 3.12.8

Makefile

@@ -1,36 +1,8 @@
-.PHONY: build-keria
-
-VERSION=0.2.0
-IMAGE_NAME=weboftrust/keria
-VERSION_TAG=$(IMAGE_NAME):$(VERSION)
-LATEST_TAG=$(IMAGE_NAME):latest
-
-define DOCKER_WARNING
-In order to use the multi-platform build enable the containerd image store
-The containerd image store is not enabled by default.
-To enable the feature for Docker Desktop:
-	Navigate to Settings in Docker Desktop.
-	In the General tab, check Use containerd for pulling and storing images.
-	Select Apply and Restart."
-endef
+.PHONY: build-wheel install install-dev test
 
 build-wheel:
 	@uv build
 
-build-keria: .warn
-	@docker build \
-		--build-arg KERI_AGENT_CORS=false \
-		--platform=linux/amd64,linux/arm64 \
-		--no-cache \
-		-f images/keria.dockerfile \
-		-t $(LATEST_TAG) \
-		-t $(VERSION_TAG) \
-		.
-
-publish-keria:
-	@docker push $(VERSION_TAG) && docker push $(LATEST_TAG)
-
-# UV development targets
 install:
 	@uv sync
 
@@ -59,10 +31,3 @@ clean:
 	@rm -rf build/ dist/ *.egg-info/
 	@find . -type d -name __pycache__ -delete
 	@find . -type f -name "*.pyc" -delete
-
-.warn:
-	@echo -e ${RED}"$$DOCKER_WARNING"${NO_COLOUR}
-
-RED="\033[0;31m"
-NO_COLOUR="\033[0m"
-export DOCKER_WARNING

README.md

@@ -54,7 +54,7 @@ uv run keria start --config-dir scripts --config-file demo-witness-oobis
 
 * Build KERIA docker image:
     ```bash
-    make build-keria
+    docker build .
     ```
 
 #### Run with docker
@@ -88,18 +88,3 @@ You can see a [working example here](https://github.com/WebOfTrust/signify-ts/bl
     ```bash
     make test-coverage
     ```
-
-## Publishing containers
-
-Enable the containerd image store
-
-The containerd image store isn't enabled by default. To enable the feature for Docker Desktop:
-
-Navigate to Settings in Docker Desktop.
-In the General tab, check Use containerd for pulling and storing images.
-Select Apply & Restart.
-
-```shell
-make build-keri
-make publish-keri
-```

docker-compose.yaml

@@ -1,8 +1,6 @@
 services:
   keria:
-    build:
-      context: .
-      dockerfile: ./images/keria.dockerfile
+    build: ./
     healthcheck:
       test: curl http://localhost:3902/health
       interval: 5s