ci: docker build

Author: gomba999

.github/workflows/docker-build.yaml

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025 Cisco and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: ci-docker-build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - "main"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  docker-build:
+    name: Build wfsrv docker image
+    uses: ./.github/workflows/reusable-docker-build-push.yaml
+    with:
+      bake-target: workflowserver
+      image-name: wfsrv
+      image-tag: ${{ github.sha }}

.github/workflows/release-image.yaml

@@ -0,0 +1,30 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025 Cisco and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: ci-release-image
+
+on:
+  push:
+    tags:
+      - "v?[0-9]+.[0-9]+.[0-9]+"
+      - "v?[0-9]+.[0-9]+.[0-9]+-dev.[0-9]+"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+jobs:
+  build-push:
+    name: Build docker image - wfsrv
+    uses: ./.github/workflows/reusable-docker-build-push.yaml
+    permissions:
+      contents: "read"
+      packages: "write"
+      attestations: "write"
+    with:
+      bake-target: workflowserver
+      image-name: wfsrv
+      image-tag: ${{ github.ref_name }}
+    secrets:
+      github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/reusable-docker-build-push.yaml

@@ -0,0 +1,75 @@
+# SPDX-FileCopyrightText: Copyright (c) 2025 Cisco and/or its affiliates.
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: Build and Push
+
+on:
+  workflow_call:
+    inputs:
+      bake-target:
+        required: true
+        type: string
+        description: "Bake target"
+      bake-file:
+        required: false
+        type: string
+        description: "Bake file"
+        default: "docker-bake.hcl"
+      image-name:
+        required: true
+        type: string
+        description: "Image repo to use."
+      image-tag:
+        required: true
+        type: string
+        description: "Image tag to use."
+    secrets:
+      github-token:
+        description: "github token"
+        required: false
+
+jobs:
+  build-and-push:
+    name: Build and Push
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        with:
+          fetch-depth: 0
+
+      - name: Login to GitHub Container Registry
+        if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.github-token}}
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+
+      - name: Docker metadata
+        id: metadata
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        with:
+          images: |
+            ghcr.io/agntcy/acp/${{ inputs.image-name }}
+          tags: |
+            type=raw,value=${{ inputs.image-tag }}
+            type=raw,value=latest,enable=${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
+
+      - name: Build and push
+        uses: docker/bake-action@a4d7f0b5b91c14a296d792d4ec53a9db17f02e67 # v5.5.0
+        with:
+          files: |
+            ${{ inputs.bake-file }}
+            ${{ steps.metadata.outputs.bake-file }}
+          targets: ${{ inputs.bake-target }}
+          push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags') }}
+          provenance: false

Makefile

@@ -7,7 +7,7 @@ PACKAGE_NAME := agent_workflow_server.generated
 GENERATOR_IMAGE := openapitools/openapi-generator-cli:latest
 ADDITIONAL_PROPERTIES := packageName=$(PACKAGE_NAME),python_typed=true
 
-.PHONY: clean validate-spec update-spec generate-api
+.PHONY: clean validate-spec update-spec generate-api run docker-build-dev
 
 # Ensure output directory exists
 $(OUTPUT_DIR):
@@ -44,4 +44,7 @@ generate-api: clean update-spec
 # Install dependecies and run server
 run:
 	poetry install
-	poetry run server
+	poetry run server
+
+docker-build-dev: ## Build the docker image.
+	docker buildx bake workflowserver-dev

assets/workflowserver.Dockerfile

@@ -0,0 +1,17 @@
+FROM python:3.12
+
+ENV POETRY_VERSION=2.1.1
+
+RUN set -ex; pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org poetry==$POETRY_VERSION;
+
+WORKDIR /opt/agent-workflow-server
+
+COPY . .
+
+RUN poetry config virtualenvs.create true
+RUN poetry config virtualenvs.in-project true
+RUN poetry install --no-interaction
+
+EXPOSE 8000
+
+CMD ["poetry" ,"run", "server"]

docker-bake.hcl

@@ -0,0 +1,55 @@
+// SPDX-FileCopyrightText: Copyright (c) 2025 Cisco and/or its affiliates.
+// SPDX-License-Identifier: Apache-2.0
+
+
+# Documentation available at: https://docs.docker.com/build/bake/
+
+# Docker build args
+variable "IMAGE_REPO" {default = ""}
+variable "IMAGE_TAG" {default = "v0.0.0-dev"}
+
+function "get_tag" {
+  params = [tags, name]
+  result = coalescelist(tags, ["${IMAGE_REPO}/${name}:${IMAGE_TAG}"])
+}
+
+group "default" {
+  targets = ["workflowserver"]
+}
+
+group "workflowserver" {
+  targets = [
+    "workflowserver",
+  ]
+}
+
+target "_common" {
+  output = [
+    "type=image",
+  ]
+  platforms = [
+    "linux/arm64",
+    "linux/amd64",
+  ]
+}
+
+target "docker-metadata-action" {
+  tags = []
+}
+
+target "workflowserver-dev" {
+  context = "."
+  dockerfile = "assets/workflowserver.Dockerfile"
+  tags = [
+    "workflowserver:latest",
+    ]
+}
+
+target "workflowserver" {
+  tags = get_tag(target.docker-metadata-action.tags, "${target.workflowserver.name}")
+  inherits = [
+    "workflowserver-dev",
+    "_common",
+    "docker-metadata-action",
+  ]
+}