feat: add comprehensive testing and Docker CI workflows

- Add Docker build and publish workflow (.github/workflows/docker.yml)

- Build multi-arch images (linux/amd64, linux/arm64) for GitHub Container Registry

- Support multiple Docker variants (base, full, tensorflow)

- Add Docker testing to existing CI workflow

- Create comprehensive test script (test_migration.sh)

- Update README with Docker usage and testing instructions

New features:

- Automated Docker builds on push/release

- Multi-platform container support

- Comprehensive testing including Docker builds

- GitHub Container Registry integration

- Full validation script for migration

Author: mldangelo

.github/workflows/docker.yml

@@ -0,0 +1,149 @@
+name: Docker Build and Publish
+
+on:
+  push:
+    branches:
+      - main
+      - feat/migrate-poetry-to-rye
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rye
+        uses: eifinger/setup-rye@v3
+        with:
+          enable-cache: true
+
+      - name: Generate lock files
+        run: |
+          rye sync --no-dev
+          ls -la requirements*.lock
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Test Docker image
+        if: github.event_name != 'pull_request'
+        run: |
+          # Test the built image
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest --help
+          
+  build-variants:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    if: github.event_name != 'pull_request'
+    
+    strategy:
+      matrix:
+        variant:
+          - dockerfile: Dockerfile.full
+            suffix: -full
+            description: "Full variant with all ML framework extras"
+          - dockerfile: Dockerfile.tensorflow
+            suffix: -tensorflow
+            description: "TensorFlow variant with TensorFlow support"
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Rye
+        uses: eifinger/setup-rye@v3
+        with:
+          enable-cache: true
+
+      - name: Generate lock files
+        run: |
+          rye sync --no-dev
+          ls -la requirements*.lock
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch,suffix=${{ matrix.variant.suffix }}
+            type=semver,pattern={{version}},suffix=${{ matrix.variant.suffix }}
+            type=semver,pattern={{major}}.{{minor}},suffix=${{ matrix.variant.suffix }}
+            type=semver,pattern={{major}},suffix=${{ matrix.variant.suffix }}
+            type=raw,value=latest${{ matrix.variant.suffix }},enable={{is_default_branch}}
+
+      - name: Build and push Docker image variant
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ${{ matrix.variant.dockerfile }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Test Docker image variant
+        run: |
+          # Test the built image variant
+          docker run --rm ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest${{ matrix.variant.suffix }} --help 

.github/workflows/test.yml

@@ -84,7 +84,7 @@ jobs:
 
       - name: Run tests with pytest
         run: |
-          rye run pytest -v --cov=modelaudit || true
+          rye run pytest -v --cov=modelaudit
 
   build:
     name: Build and Package
@@ -112,3 +112,37 @@ jobs:
         with:
           name: dist
           path: dist/
+
+  docker-test:
+    name: Test Docker Build
+    runs-on: ubuntu-latest
+    needs: [lint, type-check]
+    
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Rye
+        uses: eifinger/setup-rye@v3
+        with:
+          enable-cache: true
+
+      - name: Generate lock files
+        run: |
+          rye sync --no-dev
+          ls -la requirements*.lock
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Test Docker build
+        run: |
+          docker build -t modelaudit:test .
+          
+      - name: Test Docker image functionality
+        run: |
+          # Test that the image runs and shows help
+          docker run --rm modelaudit:test --help
+          
+          # Test that it can handle basic commands
+          echo "✅ Docker image works correctly"

README.md

@@ -72,6 +72,20 @@ rye sync --features all
 pip install -e .[all]
 ```
 
+**Docker installation:**
+
+```bash
+# Pull from GitHub Container Registry
+docker pull ghcr.io/promptfoo/modelaudit:latest
+
+# Use specific variants
+docker pull ghcr.io/promptfoo/modelaudit:latest-full        # All ML frameworks
+docker pull ghcr.io/promptfoo/modelaudit:latest-tensorflow  # TensorFlow only
+
+# Run with Docker
+docker run --rm -v $(pwd):/data ghcr.io/promptfoo/modelaudit:latest scan /data/model.pkl
+```
+
 ### Basic Usage
 
 **Scan individual files:**
@@ -272,6 +286,9 @@ rye run pytest tests/test_integration.py -v
 # Run tests with all optional dependencies
 rye sync --features all
 rye run pytest
+
+# Run comprehensive migration test (tests everything including Docker)
+./test_migration.sh
 ```
 
 ### Development Workflow

test_migration.sh

@@ -0,0 +1,154 @@
+#!/bin/bash
+set -e
+
+# Colors for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+echo -e "${BLUE}🚀 Testing ModelAudit Rye Migration${NC}"
+echo "========================================"
+
+# Function to print test results
+print_result() {
+    if [ $? -eq 0 ]; then
+        echo -e "${GREEN}✅ $1${NC}"
+    else
+        echo -e "${RED}❌ $1${NC}"
+        exit 1
+    fi
+}
+
+# Test 1: Check Rye installation
+echo -e "\n${YELLOW}📋 Test 1: Rye Installation${NC}"
+if command -v rye &> /dev/null; then
+    echo "Rye version: $(rye --version)"
+    print_result "Rye is installed"
+else
+    echo -e "${RED}❌ Rye is not installed. Please run: curl -sSf https://rye-up.com/get | bash${NC}"
+    exit 1
+fi
+
+# Test 2: Sync dependencies
+echo -e "\n${YELLOW}📦 Test 2: Dependency Sync${NC}"
+rye sync --features all
+print_result "Dependencies synced successfully"
+
+# Test 3: Lock file generation
+echo -e "\n${YELLOW}🔒 Test 3: Lock Files${NC}"
+if [[ -f "requirements.lock" && -f "requirements-dev.lock" ]]; then
+    echo "Lock files found:"
+    ls -la requirements*.lock
+    print_result "Lock files exist"
+else
+    echo -e "${RED}❌ Lock files missing${NC}"
+    exit 1
+fi
+
+# Test 4: CLI functionality
+echo -e "\n${YELLOW}🖥️  Test 4: CLI Functionality${NC}"
+rye run modelaudit --help > /dev/null
+print_result "CLI help command works"
+
+rye run modelaudit scan --help > /dev/null
+print_result "CLI scan command help works"
+
+# Test 5: Run tests
+echo -e "\n${YELLOW}🧪 Test 5: Running Tests${NC}"
+rye run pytest tests/ -v --tb=short
+print_result "All tests pass"
+
+# Test 6: Code quality checks
+echo -e "\n${YELLOW}🔍 Test 6: Code Quality${NC}"
+rye run ruff check modelaudit/
+print_result "Ruff linting passes"
+
+rye run ruff format --check modelaudit/
+print_result "Ruff formatting check passes"
+
+rye run mypy modelaudit/
+print_result "MyPy type checking passes"
+
+# Test 7: Build package
+echo -e "\n${YELLOW}📦 Test 7: Package Build${NC}"
+rye build
+print_result "Package builds successfully"
+
+if [[ -d "dist" && -n "$(ls -A dist)" ]]; then
+    echo "Built packages:"
+    ls -la dist/
+    print_result "Build artifacts created"
+else
+    echo -e "${RED}❌ No build artifacts found${NC}"
+    exit 1
+fi
+
+# Test 8: Docker builds (if Docker is available)
+echo -e "\n${YELLOW}🐳 Test 8: Docker Builds${NC}"
+if command -v docker &> /dev/null && docker info &> /dev/null; then
+    echo "Testing Docker builds..."
+    
+    # Test main Dockerfile
+    docker build -t modelaudit:test .
+    print_result "Main Dockerfile builds"
+    
+    # Test the image works
+    docker run --rm modelaudit:test --help > /dev/null
+    print_result "Docker image runs correctly"
+    
+    # Test full Dockerfile
+    docker build -f Dockerfile.full -t modelaudit:test-full .
+    print_result "Full Dockerfile builds"
+    
+    # Test TensorFlow Dockerfile
+    docker build -f Dockerfile.tensorflow -t modelaudit:test-tf .
+    print_result "TensorFlow Dockerfile builds"
+    
+    echo -e "${GREEN}🎉 All Docker builds successful!${NC}"
+else
+    echo -e "${YELLOW}⚠️  Docker not available, skipping Docker tests${NC}"
+fi
+
+# Test 9: Virtual environment check
+echo -e "\n${YELLOW}🏠 Test 9: Virtual Environment${NC}"
+if [[ -d ".venv" ]]; then
+    echo "Virtual environment path: $(pwd)/.venv"
+    echo "Python version: $(rye run python --version)"
+    print_result "Virtual environment exists and works"
+else
+    echo -e "${RED}❌ Virtual environment not found${NC}"
+    exit 1
+fi
+
+# Test 10: Dependency versions
+echo -e "\n${YELLOW}📊 Test 10: Key Dependencies${NC}"
+echo "Key package versions:"
+rye run python -c "
+import sys
+packages = ['click', 'h5py', 'pyyaml', 'requests']
+for pkg in packages:
+    try:
+        mod = __import__(pkg)
+        version = getattr(mod, '__version__', 'unknown')
+        print(f'  {pkg}: {version}')
+    except ImportError:
+        print(f'  {pkg}: not installed')
+"
+print_result "Key dependencies are available"
+
+# Final Summary
+echo -e "\n${GREEN}🎉 ALL TESTS PASSED!${NC}"
+echo "========================================"
+echo -e "${GREEN}✅ Rye migration is working correctly${NC}"
+echo -e "${GREEN}✅ All dependencies are properly installed${NC}"
+echo -e "${GREEN}✅ CLI functionality works${NC}"
+echo -e "${GREEN}✅ All tests pass${NC}"
+echo -e "${GREEN}✅ Code quality checks pass${NC}"
+echo -e "${GREEN}✅ Package builds successfully${NC}"
+if command -v docker &> /dev/null && docker info &> /dev/null; then
+    echo -e "${GREEN}✅ Docker builds work${NC}"
+fi
+echo ""
+echo -e "${BLUE}Ready for production! 🚀${NC}"