From 4e1f1de79a71c7b1f58352232521d3558f006fa4 Mon Sep 17 00:00:00 2001
From: Marvin Vogt <m@rvinvogt.com>
Date: Sun, 21 Jul 2024 23:42:48 +0200
Subject: [PATCH] Add container image (#95)

* Add ubuntu based dockerfile

* Add job to build and upload container image

* Set github token for CLI

* Add checkout action

* Fix wheel filename

* Setup QEMU

* Remove timezone

* Rename publish workflow
---
 .github/workflows/build.yml   | 48 +++++++++++++++++++++++++++++++++++
 .github/workflows/publish.yml |  2 +-
 Dockerfile                    | 24 ++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 Dockerfile

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 4e56e00..9e028dc 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -9,6 +9,7 @@ permissions:
   id-token: write
   attestations: write
   contents: write
+  packages: write
 
 env:
   COLUMNS: 120
@@ -31,3 +32,50 @@ jobs:
           dist/anycastd-*
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  build-container-image:
+    needs: build-wheels
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+      IMAGE_NAME: ${{ github.repository }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/setup-qemu-action@v3
+
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Container Registry Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Download Release Wheel
+        run: gh release download ${GITHUB_REF_NAME} --pattern '*.whl'
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Build & Push Image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+
+      - name: Attest Build Provenance
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 75c20ac..1098acd 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,5 +1,5 @@
 ---
-name: PyPI Publish
+name: Publish
 
 on:
   release:
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..042293e
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,24 @@
+FROM ubuntu:noble
+
+LABEL org.opencontainers.image.title="anycastd"
+LABEL org.opencontainers.image.vendor="WIIT AG <openstack@wiit.cloud>"
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install --no-install-recommends -y \
+  python3 \
+  python3-venv \
+  frr \
+  && apt-get clean \
+  && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY anycastd-*.whl .
+RUN python3 -m venv venv \
+  && venv/bin/python3 -m pip install anycastd-*.whl
+
+ENV LOG_LEVEL=info
+ENV LOG_FORMAT=json
+
+ENTRYPOINT ["venv/bin/python3", "-m", "anycastd", "run"]