feat(ci): add Docker build pipeline with version management

- Add multi-stage Dockerfile with pinned tool versions (Node 24.10.0, Go 1.25.1, Hugo 0.151.0) - Create .env.versions as single source of truth for all tool versions - Add GitHub Actions CI workflow for automated OCI image builds - Multi-arch support (amd64, arm64) - Automatic version loading from .env.versions - Docker registry push with metadata tags - Add Taskfile tasks for local OCI image building and testing - task build:oci-image - Build with version-pinned dependencies - task test:oci-image - Build and test container locally - Pin devbox.json to specific versions matching .env.versions - Add comprehensive documentation (DOCKER.md, VERSIONS.md) - Add helper script (scripts/get-versions.sh) for version extraction This enables consistent development and production environments with identical tool versions across local devbox, Docker builds, and CI/CD.
2025-10-23 17:04:28 +02:00 · 2025-10-23 17:04:28 +02:00 · 4294524e81
commit 4294524e81
parent 8e0aea2893
9 changed files with 406 additions and 3 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -0,0 +1,80 @@
+name: ci
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+          fetch-depth: 0
+
+      - name: Load versions from .env.versions
+        id: versions
+        run: |
+          # Source the versions file
+          set -a
+          source .env.versions
+          set +a
+          
+          echo "node_version=${NODE_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "go_version=${GO_VERSION}" >> "$GITHUB_OUTPUT"
+          echo "hugo_version=${HUGO_VERSION}" >> "$GITHUB_OUTPUT"
+          
+          echo "Node: ${NODE_VERSION}"
+          echo "Go: ${GO_VERSION}"
+          echo "Hugo: ${HUGO_VERSION}"
+
+      - name: Repository meta
+        id: repository
+        run: |
+          registry=${{ github.server_url }}
+          registry=${registry##http*://}
+          echo "registry=${registry}" >> "$GITHUB_OUTPUT"
+          echo "registry=${registry}"
+          repository="$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')"
+          echo "repository=${repository}" >> "$GITHUB_OUTPUT"
+          echo "repository=${repository}"
+
+      - name: Docker meta
+        uses: docker/metadata-action@v5
+        id: docker
+        with:
+          images: ${{ steps.repository.outputs.registry }}/${{ steps.repository.outputs.repository }}
+
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ steps.repository.outputs.registry }}
+          username: "${{ secrets.PACKAGES_USER }}"
+          password: "${{ secrets.PACKAGES_TOKEN }}"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-flags: '--allow-insecure-entitlement network.host'
+          driver-opts: network=host
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          allow: network.host
+          network: host
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.docker.outputs.tags }}
+          labels: ${{ steps.docker.outputs.labels }}
+          build-args: |
+            NODE_VERSION=${{ steps.versions.outputs.node_version }}
+            GO_VERSION=${{ steps.versions.outputs.go_version }}
+            HUGO_VERSION=${{ steps.versions.outputs.hugo_version }}