feat: add container build and workflows (#452)

Adds container workflow for builds for test and release. I moved the
devcontainer Dockerfile to the devcontainer folder.

~~I didn't know the best way to add the kyverno CLI to the container
since I wanted to do it in a multiarch way.~~

---------

Signed-off-by: Devin Buhl <[email protected]>

.devcontainer/Dockerfile

@@ -0,0 +1,31 @@
+# Docker environment for local development in devcontainer
+FROM docker.io/alpine/helm:3.13.3 as helm
+FROM docker.io/bitnami/kubectl:1.28.5 as kubectl
+FROM ghcr.io/fluxcd/flux-cli:v2.2.1 as flux
+FROM ghcr.io/kyverno/kyverno-cli:v1.10.7 as kyverno
+FROM registry.k8s.io/kustomize/kustomize:v5.3.0 as kustomize
+
+FROM ubuntu:jammy-20231128
+
+RUN apt-get update --fix-missing && \
+    apt-get upgrade -y && \
+    apt-get install -y --fix-missing \
+        curl \
+        unzip \
+        software-properties-common \
+        vim \
+        git \
+        python3-pip
+
+COPY . /src/
+WORKDIR /src/
+RUN pip3 install -r /src/requirements.txt
+RUN pip3 install -e /src/
+
+COPY --from=ghcr.io/fluxcd/flux-cli:v2.2.1              /usr/local/bin/flux              /usr/local/bin/flux
+COPY --from=docker.io/alpine/helm:3.13.3                /usr/bin/helm                    /usr/local/bin/helm
+COPY --from=docker.io/bitnami/kubectl:1.28.5            /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/kubectl
+COPY --from=registry.k8s.io/kustomize/kustomize:v5.3.0  /app/kustomize                   /usr/local/bin/kustomize
+COPY --from=ghcr.io/kyverno/kyverno-cli:v1.10.7         /ko-app/kubectl-kyverno          /usr/local/bin/kyverno
+
+SHELL ["/bin/bash", "-c"]

.devcontainer/devcontainer.json

@@ -4,6 +4,6 @@
 	"name": "Kubernetes - Local Configuration",
 	"build": {
 		"context": "..",
-		"dockerfile": "../Dockerfile"
+		"dockerfile": "./Dockerfile"
 	}
 }

.github/workflows/container-release.yaml

@@ -0,0 +1,53 @@
+---
+name: Container Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          flavor: |
+            latest=true
+            prefix=v
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/container-test.yaml

@@ -0,0 +1,52 @@
+---
+name: Container Test
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    if: ${{ github.event.pull_request.head.repo.full_name == 'allenporter/flux-local' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1,58 +1,20 @@
-# Docker environment for local development in devcontainer
-FROM ubuntu:jammy-20231128
+FROM python:3.10-alpine as base
 
-RUN apt-get update --fix-missing && \
-    apt-get upgrade -y && \
-    apt-get install -y --fix-missing \
-        curl \
-        unzip \
-        software-properties-common \
-        vim \
-        git \
-        python3-pip
+RUN apk add --no-cache ca-certificates git
 
-# renovate: datasource=github-releases depName=kubernetes-sigs/kustomize
-ARG KUSTOMIZE_VERSION=v5.0.3
-RUN cd /usr/local/bin/ && \
-    curl -OL https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
-    tar xf kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
-    chmod +x kustomize
-RUN kustomize version
+WORKDIR /app
+COPY requirements.txt /requirements.txt
+COPY flux_local/ ./flux_local
+COPY setup.py .
+COPY setup.cfg .
 
-# renovate: datasource=github-releases depName=helm/helm
-ARG HELM_CLI_VERSION=v3.13.3
-RUN mkdir -p /src && \
-    cd /src && \
-    curl -OL https://get.helm.sh/helm-${HELM_CLI_VERSION}-linux-amd64.tar.gz && \
-    tar xf helm-${HELM_CLI_VERSION}-linux-amd64.tar.gz && \
-    cp linux-amd64/helm /usr/local/bin/helm && \
-    rm -fr /src
-RUN helm version
+RUN pip install --no-cache-dir -r /requirements.txt
+RUN pip install -e .
 
-# renovate: datasource=github-releases depName=kyverno/kyverno
-ARG KYVERNO_VERSION=v1.11.1
-RUN mkdir -p /src && \
-    cd /src && \
-    curl -OL https://github.com/kyverno/kyverno/releases/download/${KYVERNO_VERSION}/kyverno-cli_${KYVERNO_VERSION}_linux_x86_64.tar.gz && \
-    tar xf kyverno-cli_${KYVERNO_VERSION}_linux_x86_64.tar.gz && \
-    cp kyverno /usr/local/bin/kyverno && \
-    chmod +x /usr/local/bin/kyverno && \
-    rm -fr /src
-RUN kyverno version
+COPY --from=ghcr.io/fluxcd/flux-cli:v2.2.1              /usr/local/bin/flux              /usr/local/bin/flux
+COPY --from=docker.io/alpine/helm:3.13.3                /usr/bin/helm                    /usr/local/bin/helm
+COPY --from=docker.io/bitnami/kubectl:1.28.5            /opt/bitnami/kubectl/bin/kubectl /usr/local/bin/kubectl
+COPY --from=registry.k8s.io/kustomize/kustomize:v5.3.0  /app/kustomize                   /usr/local/bin/kustomize
+COPY --from=ghcr.io/kyverno/kyverno-cli:v1.10.7         /ko-app/kubectl-kyverno          /usr/local/bin/kyverno
 
-# renovate: datasource=github-releases depName=fluxcd/flux2 extractVersion=^v(?<version>.+)$
-ARG FLUX_CLI_VERSION=2.2.1
-RUN mkdir -p /src && \
-    cd /src && \
-    curl -OL https://github.com/fluxcd/flux2/releases/download/v${FLUX_CLI_VERSION}/flux_${FLUX_CLI_VERSION}_linux_amd64.tar.gz && \
-    tar xf flux_${FLUX_CLI_VERSION}_linux_amd64.tar.gz && \
-    cp flux /usr/local/bin/flux && \
-    rm -fr /src
-RUN flux version --client
-
-COPY . /src/
-WORKDIR /src/
-RUN pip3 install -r /src/requirements.txt
-RUN pip3 install -e /src/
-
-SHELL ["/bin/bash", "-c"]
+CMD ["/usr/local/bin/flux-local"]