Adds GH workflows for maintenance releases

The problem for now is that the commit after dependency updates isn't pulled by
futher steps. It's on the main branch though.

Closes #46 by using buildah & qemu.
Closes #61 by also pushing to ghcr.io

Author: funkyfuture

.github/dependabot.yml

@@ -0,0 +1,10 @@
+---
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+        interval: "weekly"
+
+...

.github/workflows/build-and-publish.yml

@@ -0,0 +1,141 @@
+name: Build & publish deck-chores
+on:
+  push:
+    tags: ["*"]
+  workflow_call:
+    inputs:
+      ref:
+        required: false
+        type: string
+    secrets:
+      DOCKER_AUTH_TOKEN:
+        required: true
+      PYPI_AUTH_TOKEN:
+        required: true
+
+jobs:
+  version:
+    outputs:
+      version: ${{ steps.echo-version.outputs.version }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+      - uses: abatilo/[email protected]
+
+      - id: echo-version
+        run: echo "::set-ouput name=version::$(poetry version --short)"
+
+      - if: ${{ github.event_name == 'push' }}
+        run: "[ ${{ steps.echo-version.outputs.version }} == ${{ github.ref }} ]"
+
+
+  cheeseshop:
+    name: Build & publish to the cheeseshop
+    needs: [version]
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+      - uses: abatilo/[email protected]
+
+      - run: poetry build
+      - run: poetry publish --username __token__ --password ${{ secrets.PYPI_AUTH_TOKEN }}
+
+  container-image:
+    name: Build & push multi-architecture image
+    needs: [version]
+    env:
+      IMAGE_NAME: deck-chores
+      DOCKER_IO_USER: funkyfuture
+      VERSION: ${{ needs.version.outputs.version }}
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: redhat-actions/podman-login@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+      - uses: redhat-actions/podman-login@v1
+        with:
+          registry: docker.io
+          username: ${{ env.DOCKER_IO_USER }}
+          password: ${{ secrets.DOCKER_AUTH_TOKEN }}
+
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.ref || github.ref }}
+
+      - run: >
+          echo "PRERELEASE=${{ (
+             contains('a', env.VERSION)  || contains('b', env.VERSION)
+          || contains('rc', env.VERSION) || contains('pre', env.VERSION)
+          ) }}" >> $GITHUB_ENV
+      - name: echo version related variables
+        run: |
+          echo 'VERSION: ${{ env.VERSION }}'
+          echo 'PRERELEASE: ${{ env.PRERELEASE }}'
+      - id: docker-metadata
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.IMAGE_NAME }}
+          flavor: latest=false
+          labels: |
+            org.opencontainers.image.documentation=https://deck-chores.readthedocs.org/
+            org.opencontainers.image.url=https://deck-chores.readthedocs.org/
+          tags: |
+            type=sha,prefix=src-commit-
+            type=pep440,pattern={{version}},value=${{ env.VERSION }}
+            type=pep440,pattern={{major}},value=${{ env.VERSION }},enable=${{ env.PRERELEASE == 'false' }}
+            type=pep440,pattern={{major}}.{{minor}},value=${{ env.VERSION }},enable=${{ env.PRERELEASE == 'false' }}
+      - name: prepare push tag value
+        id: push-tags-value
+        run: echo "::set-output name=tags::${{ steps.docker-metadata.outputs.tags }}" | tr "\n" " " | sed "s/${{ env.IMAGE_NAME }}://g"
+
+      - name: install dependency for multi-platform builds
+        run: |
+          sudo apt update
+          sudo apt install -y qemu-user-static
+      - id: build-image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          containerfiles: |
+            ./Dockerfile
+          image: ${{ env.IMAGE_NAME }}
+          labels: ${{ steps.docker-metadata.outputs.labels }}
+          platforms: linux/amd64,linux/arm,linux/arm64
+          tags: ${{ steps.docker-metadata.outputs.tags }}
+
+      - name: echo build outputs
+        run: |
+          echo "Image: ${{ steps.build-image.outputs.image }}"
+          echo "Tags: ${{ steps.build-image.outputs.tags }}"
+          echo "Tagged Image: ${{ steps.build-image.outputs.image-with-tag }}"
+      - name: echo created images
+        run: buildah images | grep '${{ env.IMAGE_NAME }}'
+      - name: echo image metadata
+        run: buildah inspect ${{ steps.build-image.outputs.image-with-tag }}
+
+      - name: push to ghcr.io
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          registry: ghcr.io/${{ github.actor }}
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.push-tags-value.outputs.tags }}
+
+      - name: push to docker.io
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          registry: docker.io/${{ env.DOCKER_IO_USER }}
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.push-tags-value.outputs.tags }}

.github/workflows/maintenance-update.yml

@@ -0,0 +1,65 @@
+name: Update dependencies & create a maintence release
+on:
+  schedule:
+    - cron: "35 10 12 * *"
+  workflow_dispatch:
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+            python-version: 3.9
+      - uses: abatilo/[email protected]
+
+      - run: poetry update --lock
+
+      - id: commit-and-push
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: Updates dependencies
+
+      - if: ${{ steps.commit-and-push.outputs.changes_detected == false }}
+        run: gh run cancel ${{ github.run_id }} && tail -f /dev/null
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+  run-tests:
+    needs: [update]
+    uses: funkyfuture/deck-chores/.github/workflows/quality-checks.yml@main
+    with:
+      ref: main
+
+  bump-version:
+    needs: [run-tests]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: main
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+      - uses: abatilo/[email protected]
+
+      - id: bump
+        run: | 
+          poetry version patch
+          echo "set-output:: name=version::$(poetry version --short)"
+
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: >
+            Bumps version to ${{ steps.bump.outputs.version }} (maintenance release)
+          tagging_message: ${{ steps.bump.outputs.version }}
+
+  build-and-publish:
+    needs: [bump-version]
+    uses: funkyfuture/deck-chores/.github/workflows/build-and-publish.yml@main
+    with:
+      ref: main
+    secrets:
+      DOCKER_AUTH_TOKEN: ${{ secrets.DOCKER_AUTH_TOKEN }}
+      PYPI_AUTH_TOKEN: ${{ secrets.PYPI_AUTH_TOKEN }}

.github/workflows/quality-checks.yml

@@ -1,11 +1,22 @@
 ---
 
 name: quality-checks
+
 on:
   pull_request:
   push:
-      branches:
-        - main
+    branches:
+      - main
+  workflow_call:
+      inputs:
+        ref:
+          required: false
+          type: string
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.sha }}
+  cancel-in-progress: true
+
 jobs:
   python-tests:
     runs-on: ubuntu-latest
@@ -18,6 +29,8 @@ jobs:
           - target: doclinks
     steps:
       - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.ref || github.sha }}
       - uses: actions/setup-python@v2
         with:
           python-version: 3.9
@@ -28,13 +41,21 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-pip-
       - run: python -m pip install --upgrade pip setuptools wheel
-      - uses: abatilo/[email protected].0
+      - uses: abatilo/[email protected].4
       - run: poetry install -v
       - run: poetry run make ${{ matrix.target }}
 
-  docker-build-test:
+  image-build-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: docker/build-push-action@v2
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.ref || github.sha }}
+      - uses: redhat-actions/buildah-build@v2
+        with:
+          containerfiles: |
+            ./Dockerfile
+          image: ${{ github.repository }}
+          tags: test-build-${{ github.sha }}
 
 ...

Dockerfile

@@ -1,19 +1,7 @@
-FROM python:3.9-alpine
+FROM docker.io/python:3.9-alpine
 
 MAINTAINER Frank Sachsenheim <[email protected]>
 
-ARG VERSION
-ARG SOURCE_COMMIT
-ARG BUILD_DATE
-
-LABEL org.opencontainers.image.created=$BUILD_DATE \
-      org.opencontainers.image.description="Job scheduler for Docker containers, configured via labels." \
-      org.opencontainers.image.documentation="https://deck-chores.readthedocs.org/" \
-      org.opencontainers.image.revision=$SOURCE_COMMIT \
-      org.opencontainers.image.source="https://github.com/funkyfuture/deck-chores" \
-      org.opencontainers.image.title="deck-chores" \
-      org.opencontainers.image.version=$VERSION
-
 CMD ["deck-chores"]
 ENV PYTHONOPTIMIZE=1
 # could be 2 with Cerberus 2

Dockerfile-dev

@@ -1,4 +1,4 @@
-FROM python:3.9-alpine
+FROM docker.io/python:3.9-alpine
 
 CMD ["deck-chores"]
 LABEL org.label-schema.name="deck-chores"

Makefile

@@ -1,12 +1,8 @@
 .DEFAULT_GOAL := build-dev
 
 REPO_NAME = funkyfuture/deck-chores
-VERSION = $(shell grep -oP "^version = \K.+" pyproject.toml | tr -d '"')
+VERSION = $(shell poetry version --short)
 IMAGE_NAME = $(REPO_NAME):$(VERSION)
-GIT_SHA1 = $(shell git rev-parse HEAD)
-
-export IMAGE_NAME
-export GIT_SHA1
 
 define PRINT_HELP_PYSCRIPT
 import re, sys
@@ -21,11 +17,11 @@ export PRINT_HELP_PYSCRIPT
 
 .PHONY: black
 black: ## code-formatting with black
-	 poetry run black deck_chores tests
+	poetry run black deck_chores tests
 
 .PHONY: build
 build: ## builds the Docker image
-	hooks/build
+	docker build --tag $(IMAGE_NAME) .
 
 .PHONY: build-dev
 build-dev: ## builds the Docker image for debugging
@@ -76,11 +72,6 @@ help: ## print make targets help
 lint: black ## check style with flake8
 	poetry run flake8 --max-complexity=10 --max-line-length=89 deck_chores tests
 
-.PHONY: maintenance-release
-maintenance-release: ## publish a maintenance with updated dependencies
-	bash ./maintenance-updates.sh
-	$(MAKE) release
-
 .PHONY: mypy
 mypy:  ## check types with mypy
 	poetry run mypy --ignore-missing-imports deck_chores
@@ -94,19 +85,8 @@ test: lint mypy pytest ## run all tests
 
 .PHONY: release
 release: test doclinks build ## release the current version on github, the PyPI and the Docker hub
-	git tag -f $(VERSION)
-	git push origin main
-	git push -f origin $(VERSION)
-	poetry publish --build
-	$(MAKE) release-multiimage
-
-.PHONY: release-arm
-release-arm: ## release the arm build on the Docker hub
-	hooks/release-arm $(IMAGE_NAME) $(GIT_SHA1)
-
-.PHONY: release-multiimage
-release-multiimage: release-arm ## release the multi-arch manifest on the Docker hub
-	hooks/release-multiimage $(REPO_NAME) $(VERSION)
+	git tag $(VERSION)
+	git push origin refs/tags/$(VERSION)
 
 .PHONY: run
 run: build ## runs deck-chores in a temporary container

README.rst

@@ -13,7 +13,9 @@ deck-chores
 **A job scheduler for Docker containers, configured via container labels.**
 
 * Documentation: https://deck-chores.readthedocs.io
-* Image repository: https://hub.docker.com/r/funkyfuture/deck-chores
+* Image repositories:
+    * https://github.com/funkyfuture/deck-chores/pkgs/container/deck-chores
+    * https://hub.docker.com/r/funkyfuture/deck-chores
 * Code repository: https://github.com/funkyfuture/deck-chores
 * Issue tracker: https://github.com/funkyfuture/deck-chores/issues
 * Free software: ISC license
@@ -27,8 +29,7 @@ Features
 - use date, interval and cron-like triggers
 - set a maximum of simultaneously running instances per job
 - restrict job scheduling to one container per service
-- multi-architecture image supports ``amd64``, ``arm64`` and ``armv7l`` platforms, no emulator
-  involved
+- multi-architecture image supports ``amd64``, ``arm64`` and ``arm`` platforms
 
 
 Example