ci: update release workflow

.github/workflows/release-docker-images.yml

@@ -0,0 +1,55 @@
+# Runs after release-please creates a new release
+# Builds and pushes the docker images for the release
+name: Release Docker Images
+on:
+  release:
+    types: [released]
+
+jobs:
+  build-and-push-dockerimage:
+    name: Buld and push dockerimage
+    if: github.repository_owner == 'andrewthetechie'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Log in to the Container registry
+        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.THIS_PAT }}
+      - name: Docker metadata
+        uses: docker/metadata-action@v4
+        id: meta
+        with:
+          images: |
+            ${{ github.repository }}
+            ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=${{ github.ref_name }}
+            # minimal (short sha)
+            type=sha,prefix=
+            # full length sha
+            type=sha,format=long,prefix=
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          # https://github.com/docker/build-push-action/blob/master/docs/advanced/cache.md#registry-cache
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/release-major-version-tag.yml

@@ -0,0 +1,15 @@
+# Updates major version tag for GHA ease of use
+name: Update Major Version Tag
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  update-majorver:
+    name: Update Major Version Tag
+    if: github.repository_owner == 'andrewthetechie'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: nowactions/update-majorver@v1

.github/workflows/release-please.yml

@@ -5,9 +5,12 @@ on:
 name: release-please
 jobs:
   release-please:
+    if: github.repository_owner == 'andrewthetechie'
     runs-on: ubuntu-latest
     steps:
       - uses: google-github-actions/release-please-action@v3
         with:
           token: ${{ secrets.THIS_PAT }}
-          release-type: simple
+          release-type: python
+          extra-files: |
+            action.yml

Dockerfile

@@ -1,3 +1,53 @@
-# This file is generated from Docker/ActionDockerfile.j2 as part of the release ci
-# Don't modify it directly
-FROM andrewthetechie/gha-cookiecutter:v1.2.0
+# Distroless runs python 3.9.2
+FROM python:3.11-slim-bullseye as python-base
+ADD Docker/builder/rootfs /
+ADD main.py /app/main.py
+ADD action.yml /app/action.yml
+
+# We are installing a dependency here directly into our app source dir
+RUN pip install --target=/app -r /requirements.txt
+RUN cd /tmp && \
+    apt-get update && \
+    apt-get download $(apt-cache depends --recurse --no-recommends --no-suggests \
+    --no-conflicts --no-breaks --no-replaces --no-enhances \
+    --no-pre-depends git | grep -v libc | grep "^\w") libcurl3-gnutls && \
+    mkdir /dpkg && \
+    for deb in *.deb; do dpkg --extract $deb /dpkg || exit 10; done
+
+# use distroless/cc as the base for our final image
+# lots of python depends on glibc
+FROM gcr.io/distroless/cc-debian11
+
+# Copy python from the python-builder
+# this carries more risk than installing it fully, but makes the image a lot smaller
+COPY --from=python-base /usr/local/lib/ /usr/local/lib/
+COPY --from=python-base /usr/local/bin/python /usr/local/bin/python
+COPY --from=python-base /etc/ld.so.cache /etc/ld.so.cache
+
+# Add some common compiled libraries
+# If seeing ImportErrors, check if in the python-base already and copy as below
+# required by lots of packages - e.g. six, numpy, wsgi
+# *-linux-gnu makes this builder work with either linux/arm64 or linux/amd64
+COPY --from=python-base /lib/*-linux-gnu/libz.so.1 /lib/libs/
+COPY --from=python-base /lib/*-linux-gnu/libcom_err.so.2 /lib/libs/
+COPY --from=python-base /usr/lib/*-linux-gnu/libffi* /lib/libs/
+COPY --from=python-base /lib/*-linux-gnu/libexpat* /lib/libs/
+
+# Copy over the app
+COPY --from=python-base /app /app
+COPY --from=python-base /dpkg /
+WORKDIR /app
+
+# Add /lib/libs to our path
+ENV LD_LIBRARY_PATH="/lib/libs:${LD_LIBRARY_PATH}" \
+# Add the app path to our path
+    PATH="/app/bin:${PATH}" \
+# Add the app path to your python path
+    PYTHONPATH="/app:${PYTHONPATH}" \
+# standardise on locale, don't generate .pyc, enable tracebacks on seg faults
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONFAULTHANDLER=1
+
+CMD ["python", "/app/main.py"]

action.yml

@@ -43,7 +43,7 @@ outputs:
     description: "Directory the cookiecutter outputted to"
 runs:
   using: "docker"
-  image: "Dockerfile"
+  image: "docker://ghcr.io/andrewthetechie/gha-cookiecutter:v1.3.0" # x-release-please-version
 branding:
   icon: 'layers'
   color: 'blue'