initial commit

Signed-off-by: kpango <kpango@vdaas.org>

Author: kpango

.github/actions/docker/action.yml

@@ -0,0 +1,128 @@
+name: "Docker Action"
+description: "Build or Merge Docker images using the repository's Makefile."
+inputs:
+  operation:
+    description: "The operation to perform (build or merge)"
+    required: true
+  target:
+    description: "The Makefile target to run"
+    required: true
+  docker_user:
+    description: "DockerHub username"
+    required: true
+    default: "kpango"
+  docker_pass:
+    description: "DockerHub password"
+    required: true
+  github_token:
+    description: "GitHub Token"
+    required: true
+  docker_push:
+    description: "Whether this is a push build"
+    required: false
+    default: "false"
+  platform:
+    description: "The platform to build"
+    required: false
+  suffix:
+    description: "The suffix for the docker tag"
+    required: false
+  ghcr_user:
+    description: "GHCR username"
+    required: false
+    default: ${{ github.repository_owner }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      if: inputs.operation == 'build'
+      uses: docker/setup-qemu-action@v4
+      with:
+        image: tonistiigi/binfmt:master
+
+    - name: Login to DockerHub
+      if: inputs.operation == 'merge' || inputs.docker_push == 'true'
+      uses: docker/login-action@v4
+      with:
+        username: ${{ inputs.docker_user }}
+        password: ${{ inputs.docker_pass }}
+
+    - name: Login to GitHub Container Registry
+      if: inputs.operation == 'merge' || inputs.docker_push == 'true'
+      uses: docker/login-action@v4
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.github_token }}
+
+    - name: Cache Docker layers
+      if: inputs.operation == 'build'
+      uses: actions/cache@v5
+      with:
+        path: ${{ github.workspace }}/.docker/buildcache
+        key: ${{ runner.os }}-docker-buildx-${{ inputs.target }}-${{ inputs.platform }}
+        restore-keys: |
+          ${{ runner.os }}-docker-buildx-${{ inputs.target }}-${{ inputs.platform }}
+          ${{ runner.os }}-docker-buildx-${{ inputs.target }}-
+          ${{ runner.os }}-docker-buildx-
+
+    - name: Create Buildx
+      if: inputs.operation == 'build'
+      shell: bash
+      env:
+        GITHUB_ACCESS_TOKEN: ${{ inputs.github_token }}
+        DOCKER_BUILDER_PLATFORM: ${{ inputs.platform }}
+      run: |
+        make \
+          DOCKER_BUILDER_PLATFORM="$DOCKER_BUILDER_PLATFORM" \
+          GITHUB_ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
+          create_buildx
+
+    - name: Run Makefile target
+      shell: bash
+      env:
+        OPERATION: ${{ inputs.operation }}
+        TARGET: ${{ inputs.target }}
+        USER_DEFAULT: ${{ inputs.docker_user }}
+        GHCR_USER: ${{ inputs.ghcr_user }}
+        DOCKER_PUSH: ${{ inputs.docker_push }}
+        GITHUB_ACCESS_TOKEN: ${{ inputs.github_token }}
+        DOCKER_BUILDER_PLATFORM: ${{ inputs.platform }}
+        DOCKER_ARCH_SUFFIX: ${{ inputs.suffix }}
+        EVENT_NAME: ${{ github.event_name }}
+        EVENT_PATH: ${{ github.event_path }}
+        GITHUB_REF_VAR: ${{ github.ref }}
+        DOCKER_BUILD_CACHE_DIR: ${{ github.workspace }}/.docker/buildcache
+      run: |
+        VERSION="nightly"
+
+        if [ "$EVENT_NAME" == "pull_request" ]; then
+          PR_NUM=$(jq -r ".number" "$EVENT_PATH")
+          VERSION="pr-$PR_NUM"
+        elif [[ "$GITHUB_REF_VAR" == refs/tags/* ]]; then
+          VERSION="${GITHUB_REF_VAR#refs/tags/}"
+        fi
+
+        if [ "$OPERATION" == "build" ]; then
+          make \
+            DOCKER_BUILD_CACHE_DIR="$DOCKER_BUILD_CACHE_DIR" \
+            DOCKER_PUSH="$DOCKER_PUSH" \
+            USER="$USER_DEFAULT" \
+            SYS_USER="$USER_DEFAULT" \
+            USER_ID="1000" \
+            GROUP_ID="1000" \
+            GROUP_IDS="1000 98 972 987 994 996 998 1001 1002 1003 1004 1005" \
+            GHCR_USER="$GHCR_USER" \
+            VERSION="$VERSION" \
+            GITHUB_ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
+            DOCKER_BUILDER_PLATFORM="$DOCKER_BUILDER_PLATFORM" \
+            DOCKER_ARCH_SUFFIX="$DOCKER_ARCH_SUFFIX" \
+            "$TARGET"
+        else
+          make \
+            USER="$USER_DEFAULT" \
+            GHCR_USER="$GHCR_USER" \
+            VERSION="$VERSION" \
+            "$TARGET"
+        fi

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/docker-matrix.yml

@@ -0,0 +1,64 @@
+name: "Build docker images"
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*.*.*"
+      - "v*.*.*"
+      - "*.*.*-*"
+      - "v*.*.*-*"
+    paths:
+      - "dockers/**"
+      - "Makefile"
+      - ".github/workflows/**"
+  pull_request:
+    paths:
+      - "dockers/**"
+      - "Makefile"
+      - ".github/workflows/**"
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  base:
+    uses: ./.github/workflows/docker-reusable.yml
+    with:
+      build_target: build_base
+      merge_target: merge_base
+    secrets: inherit
+
+  images:
+    needs: base
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - name: dart
+          - name: docker
+          - name: env
+          - name: gcloud
+          - name: go
+          - name: k8s
+          - name: nim
+          - name: rust
+    uses: ./.github/workflows/docker-reusable.yml
+    with:
+      build_target: build_${{ matrix.target.name }}
+      merge_target: merge_${{ matrix.target.name }}
+    secrets: inherit
+
+  dev:
+    needs: [base, images]
+    if: |
+      always() &&
+      needs.base.result == 'success' &&
+      !cancelled()
+    uses: ./.github/workflows/docker-reusable.yml
+    with:
+      build_target: prod_build
+      merge_target: merge_dev
+    secrets: inherit

.github/workflows/docker-reusable.yml

@@ -0,0 +1,59 @@
+name: "Reusable Docker Build & Merge"
+on:
+  workflow_call:
+    inputs:
+      build_target:
+        required: true
+        type: string
+      merge_target:
+        required: true
+        type: string
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+            suffix: amd64
+          - platform: linux/arm64/v8
+            runner: ubuntu-24.04-arm
+            suffix: arm64
+    runs-on: ${{ matrix.arch.runner }}
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Build and Push Docker Image
+        uses: ./.github/actions/docker
+        with:
+          operation: build
+          target: ${{ inputs.build_target }}
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+          platform: ${{ matrix.arch.platform }}
+          suffix: ${{ matrix.arch.suffix }}
+
+  merge:
+    needs: build
+    runs-on: ubuntu-latest
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Merge and Push Manifest
+        uses: ./.github/actions/docker
+        with:
+          operation: merge
+          target: ${{ inputs.merge_target }}
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.gitinore

@@ -0,0 +1,26 @@
+nvim/site/*
+nvim/log/*
+nvim/plugin/*
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.bin
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+.idea/
+
+*.hdf5
+
+.DS_Store
+.nvimlog
+
+telepresence.log

.whitesource

@@ -0,0 +1,8 @@
+{
+  "generalSettings": {
+    "shouldScanRepo": true
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure"
+  }
+}