initial commit

Signed-off-by: kpango <kpango@vdaas.org>

Author: kpango

.github/actions/docker-build/action.yml

@@ -0,0 +1,123 @@
+name: "Build and Push Docker Image"
+description: "Sets up QEMU, Buildx, and builds/pushes a Docker image using the repository's Makefile."
+inputs:
+  target:
+    description: "The Makefile target to run (e.g., build_base)"
+    required: true
+  docker_user:
+    description: "DockerHub username"
+    required: true
+    default: "kpango"
+  docker_pass:
+    description: "DockerHub password"
+    required: true
+  github_token:
+    description: "GitHub Token for registry/cache"
+    required: true
+  docker_push:
+    description: "Whether this is a push build"
+    required: false
+    default: "false"
+  platform:
+    description: "The platform to build (e.g., linux/amd64)"
+    required: false
+  suffix:
+    description: "The suffix for the docker tag (e.g., amd64)"
+    required: false
+  ghcr_user:
+    description: "GHCR username"
+    required: false
+    default: ${{ github.repository_owner }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v4
+      with:
+        image: tonistiigi/binfmt:master
+        platforms: ${{ inputs.platform }}
+    - name: Login to DockerHub
+      if: inputs.docker_push == 'true'
+      uses: docker/login-action@v4
+      with:
+        username: ${{ inputs.docker_user }}
+        password: ${{ inputs.docker_pass }}
+    - name: Login to GitHub Container Registry
+      if: inputs.docker_push == 'true'
+      uses: docker/login-action@v4
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ inputs.github_token }}
+
+    - name: Cache Docker layers
+      uses: actions/cache@v4
+      with:
+        path: ${{ github.workspace }}/.docker/buildcache
+        key: ${{ runner.os }}-docker-buildx-${{ inputs.target }}-${{ inputs.platform }}
+        restore-keys: |
+          ${{ runner.os }}-docker-buildx-${{ inputs.target }}-${{ inputs.platform }}
+          ${{ runner.os }}-docker-buildx-${{ inputs.target }}-
+          ${{ runner.os }}-docker-buildx-
+
+    - name: Initialize Buildx
+      shell: bash
+      env:
+        GITHUB_ACCESS_TOKEN: ${{ inputs.github_token }}
+        DOCKER_BUILDER_PLATFORM: ${{ inputs.platform }}
+      run: |
+        make \
+          DOCKER_BUILDER_PLATFORM="$DOCKER_BUILDER_PLATFORM" \
+          GITHUB_ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
+          init_buildx
+
+    - name: Create Buildx
+      shell: bash
+      env:
+        GITHUB_ACCESS_TOKEN: ${{ inputs.github_token }}
+        DOCKER_BUILDER_PLATFORM: ${{ inputs.platform }}
+      run: |
+        make \
+          DOCKER_BUILDER_PLATFORM="$DOCKER_BUILDER_PLATFORM" \
+          GITHUB_ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
+          create_buildx
+
+    - name: Build Dockerfile
+      shell: bash
+      env:
+        TARGET: ${{ inputs.target }}
+        USER_DEFAULT: ${{ inputs.docker_user }}
+        GHCR_USER: ${{ inputs.ghcr_user }}
+        DOCKER_PUSH: ${{ inputs.docker_push }}
+        GITHUB_ACCESS_TOKEN: ${{ inputs.github_token }}
+        DOCKER_BUILDER_PLATFORM: ${{ inputs.platform }}
+        DOCKER_ARCH_SUFFIX: ${{ inputs.suffix }}
+        EVENT_NAME: ${{ github.event_name }}
+        EVENT_PATH: ${{ github.event_path }}
+        GITHUB_REF_VAR: ${{ github.ref }}
+        DOCKER_BUILD_CACHE_DIR: ${{ github.workspace }}/.docker/buildcache
+      run: |
+        VERSION="nightly"
+
+        if [ "$EVENT_NAME" == "pull_request" ]; then
+          PR_NUM=$(jq -r ".number" "$EVENT_PATH")
+          VERSION="pr-$PR_NUM"
+        elif [[ "$GITHUB_REF_VAR" == refs/tags/* ]]; then
+          VERSION="${GITHUB_REF_VAR#refs/tags/}"
+        fi
+
+        make \
+          DOCKER_BUILD_CACHE_DIR="$DOCKER_BUILD_CACHE_DIR" \
+          DOCKER_PUSH="$DOCKER_PUSH" \
+          USER="$USER_DEFAULT" \
+          SYS_USER="$USER_DEFAULT" \
+          USER_ID="1000" \
+          GROUP_ID="1000" \
+          GROUP_IDS="1000 98 972 987 994 996 998 1001 1002 1003 1004 1005" \
+          GHCR_USER="$GHCR_USER" \
+          VERSION="$VERSION" \
+          GITHUB_ACCESS_TOKEN="$GITHUB_ACCESS_TOKEN" \
+          DOCKER_BUILDER_PLATFORM="$DOCKER_BUILDER_PLATFORM" \
+          DOCKER_ARCH_SUFFIX="$DOCKER_ARCH_SUFFIX" \
+          "$TARGET"

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/docker-matrix.yml

@@ -0,0 +1,207 @@
+name: "Build docker images"
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*.*.*"
+      - "v*.*.*"
+      - "*.*.*-*"
+      - "v*.*.*-*"
+    paths:
+      - "dockers/**"
+      - "Makefile"
+      - ".github/workflows/**"
+  pull_request:
+    paths:
+      - "dockers/**"
+      - "Makefile"
+      - ".github/workflows/**"
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  build_base:
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+            suffix: amd64
+          - platform: linux/arm64/v8
+            runner: ubuntu-24.04-arm
+            suffix: arm64
+    runs-on: ${{ matrix.arch.runner }}
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Build and Push Docker Image
+        uses: ./.github/actions/docker-build
+        with:
+          target: build_base
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+          platform: ${{ matrix.arch.platform }}
+          suffix: ${{ matrix.arch.suffix }}
+
+  merge_base:
+    needs: build_base
+    runs-on: ubuntu-slim
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Merge and Push Manifest
+        uses: ./.github/actions/docker-build
+        with:
+          target: merge_base
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+
+  build:
+    needs: merge_base
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+            suffix: amd64
+          - platform: linux/arm64/v8
+            runner: ubuntu-24.04-arm
+            suffix: arm64
+        image_target:
+          - image: dart
+            target: build_dart
+          - image: docker
+            target: build_docker
+          - image: env
+            target: build_env
+          - image: gcloud
+            target: build_gcloud
+          - image: go
+            target: build_go
+          - image: kube
+            target: build_k8s
+          - image: nim
+            target: build_nim
+          - image: rust
+            target: build_rust
+    runs-on: ${{ matrix.arch.runner }}
+    environment: copilot
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Build and Push Docker Image
+        uses: ./.github/actions/docker-build
+        with:
+          target: ${{ matrix.image_target.target }}
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+          platform: ${{ matrix.arch.platform }}
+          suffix: ${{ matrix.arch.suffix }}
+
+  merge:
+    needs: build
+    runs-on: ubuntu-slim
+    environment: copilot
+    continue-on-error: true
+    strategy:
+      fail-fast: false
+      matrix:
+        image_target:
+          - image: dart
+            target: merge_dart
+          - image: docker
+            target: merge_docker
+          - image: env
+            target: merge_env
+          - image: gcloud
+            target: merge_gcloud
+          - image: go
+            target: merge_go
+          - image: kube
+            target: merge_k8s
+          - image: nim
+            target: merge_nim
+          - image: rust
+            target: merge_rust
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Merge and Push Manifest
+        uses: ./.github/actions/docker-build
+        with:
+          target: ${{ matrix.image_target.target }}
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+
+  build_dev:
+    needs: merge
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            runner: ubuntu-latest
+            suffix: amd64
+          - platform: linux/arm64/v8
+            runner: ubuntu-24.04-arm
+            suffix: arm64
+    runs-on: ${{ matrix.arch.runner }}
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Build and Push Docker Image
+        uses: ./.github/actions/docker-build
+        with:
+          target: prod_build
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true
+          platform: ${{ matrix.arch.platform }}
+          suffix: ${{ matrix.arch.suffix }}
+
+  merge_dev:
+    needs: build_dev
+    runs-on: ubuntu-slim
+    environment: copilot
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 1
+
+      - name: Merge and Push Manifest
+        uses: ./.github/actions/docker-build
+        with:
+          target: merge_dev
+          docker_user: ${{ secrets.DOCKERHUB_USER || 'kpango' }}
+          docker_pass: ${{ secrets.DOCKERHUB_PASS }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          docker_push: true

.gitinore

@@ -0,0 +1,26 @@
+nvim/site/*
+nvim/log/*
+nvim/plugin/*
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+*.bin
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+.idea/
+
+*.hdf5
+
+.DS_Store
+.nvimlog
+
+telepresence.log

.whitesource

@@ -0,0 +1,8 @@
+{
+  "generalSettings": {
+    "shouldScanRepo": true
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure"
+  }
+}