build: add development flow

autumnjolitz · autumnjolitz · commit 8ea05d86868e · 2025-12-02T13:40:12.000-08:00
diff --git a/.github/workflows/development.yml b/.github/workflows/development.yml
@@ -0,0 +1,202 @@
+name: development
+
+on:
+  pull_request:
+  push:
+    branches:    
+      - '*'         # matches every branch that doesn't contain a '/'
+      - '*/*'       # matches every branch containing a single '/'
+      - '*/*/*'       # matches every branch contains two /
+      - '**'        # matches every branch
+      - '!main'     # excludes main
+      - '!master'   # excludes master
+    paths:
+      - ".github/workflows/development.yaml"
+
+
+env:
+  TARGET_PLATFORMS: linux/amd64,linux/arm64/v8
+
+jobs:
+  docker:
+    strategy:
+      fail-fast: true
+      matrix:
+        repository:
+          - 'localhost:5000'
+        python:
+          - '3.14'
+          - '3.13'
+          - '3.12'
+          - '3.11'
+          - '3.10'
+          - '3.9'
+          - '3.8'
+        alpine:
+          - '3.20'
+          - '3.21'
+          - '3.22'
+        os:
+          - 'ubuntu-latest'
+        exclude:
+          # No tag
+          - python: '3.8'
+            alpine: '3.21'
+          - python: '3.8'
+            alpine: '3.22'
+          - python: '3.14'
+            alpine: '3.20'
+
+    runs-on: ${{ matrix.os }}
+    services:
+      registry:
+        image: registry:3
+        ports:
+          - 5000:5000
+
+    permissions:
+      packages: write
+
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      -
+        id: image_env
+        run: |
+          . ./env.sh \
+            '${{ matrix.alpine }}' \
+            '${{ matrix.python }}' \
+            '${{ github.repository_owner }}' \
+            '${{ matrix.repository }}'
+
+          docker pull "${SOURCE_IMAGE}" || true
+          echo "IMAGE_HOME=$(mktemp -d)" >> "$GITHUB_OUTPUT"
+
+          echo ALPINE_VERSION="${ALPINE_VERSION}" >> "$GITHUB_OUTPUT"
+          echo PYTHON_VERSION="${PYTHON_VERSION}" >> "$GITHUB_OUTPUT"
+          echo SOURCE_IMAGE="${SOURCE_IMAGE}" >> "$GITHUB_OUTPUT"
+          echo IMAGE_TAG="${IMAGE_TAG}" >> "$GITHUB_OUTPUT"
+          echo REPOSITORY="${REPOSITORY}" >> "$GITHUB_OUTPUT"
+          echo BASE_IMAGE_DIGEST="$(digest_of "$SOURCE_IMAGE")" >> "$GITHUB_OUTPUT"
+          echo 'IMAGE_DESCRIPTION=${{ github.event.repository.description }}. See ${{ github.server_url }}/${{ github.repository }} for more info.'  >> "$GITHUB_OUTPUT"
+
+          exit 1
+
+      -
+        name: Login to GitHub Container Registry
+        if: ${{ matrix.repository == 'ghcr.io' }}
+        uses: docker/login-action@v3
+        with:
+          registry: 'ghcr.io'
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      -
+        name: Login to DockerHub
+        if: ${{ matrix.repository == 'docker.io' }}
+        uses: docker/login-action@v3
+        with:
+          registry: 'docker.io'
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      -
+        name: Create Buildroot
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          platforms: ${{ env.TARGET_PLATFORMS }}
+          context: "."
+          file: Dockerfile.alpine
+          target: buildroot
+          cache-to: |
+            type=gha,mode=max
+          cache-from: |
+            type=gha
+            type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
+            type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+          build-args: |
+              ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
+              BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+              PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
+              SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
+              BUILD_ROOT=/d
+          tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot"
+      -
+        name: Upload
+        uses: docker/build-push-action@v6
+        env:
+          SOURCE_DATE_EPOCH: 0
+        with:
+          push: true
+          context: "."
+          platforms: ${{ env.TARGET_PLATFORMS }}
+          file: Dockerfile.alpine
+          cache-to: |
+              type=gha,mode=max
+          cache-from: |
+              type=gha
+              type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
+              type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
+              type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+          build-args: |
+              ALPINE_VERSION=${{ steps.image_env.outputs.ALPINE_VERSION }}
+              BASE_IMAGE_DIGEST=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+              PYTHON_VERSION=${{ steps.image_env.outputs.PYTHON_VERSION }}
+              SOURCE_IMAGE=${{ steps.image_env.outputs.SOURCE_IMAGE }}
+              BUILD_ROOT=/d
+          tags: "${{ steps.image_env.outputs.IMAGE_TAG }}"
+          labels: ${{steps.image_env.outputs.IMAGE_LABELS}}
+          sbom: true
+          annotations: |
+              index,manifest:org.opencontainers.image.authors=distroless-python image developers <autumn.jolitz+distroless-python@gmail.com>
+              index,manifest:org.opencontainers.image.source=https://github.com/autumnjolitz/distroless-python
+              index,manifest:org.opencontainers.image.title=distroless-python${{ steps.image_env.outputs.PYTHON_VERSION }}-alpine${{ steps.image_env.outputs.ALPINE_VERSION }}
+              index,manifest:org.opencontainers.image.description=${{ steps.image_env.outputs.IMAGE_DESCRIPTION }}
+              index,manifest:org.opencontainers.image.base.digest=${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+              index,manifest:org.opencontainers.image.base.name=${{ steps.image_env.outputs.SOURCE_IMAGE }}
+              index,manifest:distroless.python-version=${{ steps.image_env.outputs.PYTHON_VERSION }}
+              index,manifest:distroless.alpine-version=${{ steps.image_env.outputs.ALPINE_VERSION }}
+              index,manifest:distroless.base-image=alpine${{ steps.image_env.outputs.ALPINE_VERSION }}
+
+      -
+        name: examples/simple-flask
+        uses: docker/build-push-action@v6
+        with:
+          context: "examples/simple-flask"
+          platforms: ${{ env.TARGET_PLATFORMS }}
+          cache-from: |
+              type=gha
+              type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}
+              type=registry,ref=${{ steps.image_env.outputs.IMAGE_TAG }}-buildroot
+              type=registry,ref=${{ steps.image_env.outputs.SOURCE_IMAGE }}@${{ steps.image_env.outputs.BASE_IMAGE_DIGEST }}
+          build-args: |
+              SOURCE_IMAGE=${{ steps.image_env.outputs.IMAGE_TAG }}
+          tags: "${{ steps.image_env.outputs.IMAGE_TAG }}-example1-amd64"
+          outputs: type=oci,dest=${{ steps.image_env.outputs.IMAGE_HOME }}/example1.tar
+
+
+  render-dockerhub-desc:
+    needs: [docker]
+    runs-on: "ubuntu-latest"
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v4
+      -
+        name: Convert README.rst to markdown
+        uses: docker://pandoc/core:2.9
+        with:
+          args: >-
+            -s
+            --wrap=none
+            -t gfm
+            -o README.md
+            README.rst
