support Docker

ks6088ts · Mar 17, 2024 · 6f806cf · 6f806cf
1 parent 40a0f53
commit 6f806cf
Show file tree

Hide file tree

Showing 7 changed files with 112 additions and 3 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,13 @@
+.git
+.github
+.venv
+*.pyc
+*.env
+.coverage
+.devcontainer
+.gitignore
+.pre-commit-config.yaml
+.pytest_cache
+.ruff_cache
+__pycache__
+tests
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
@@ -0,0 +1,27 @@
+name: docker
+
+on:
+  push:
+    branches:
+      - "main"
+      - "feature/**"
+  pull_request:
+    branches:
+      - "main"
+
+jobs:
+  docker:
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # to retrieve git tags
+      # How to set system path variable in github action workflow: https://stackoverflow.com/a/68214331
+      - name: Add to PATH
+        shell: bash
+        run: |
+          echo "/home/runner/bin" >> $GITHUB_PATH
+      - name: Run CI tests for Docker
+        shell: bash
+        run: |
+          make ci-test-docker TOOLS_DIR="/home/runner/bin"
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -1,4 +1,4 @@
-name: Python checks
+name: test
 
 on:
   push:

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,24 @@
+FROM python:3.11.8-slim-bookworm
+
+ARG GIT_REVISION="0000000"
+ARG GIT_TAG="x.x.x"
+
+WORKDIR /app
+# hadolint ignore=DL3008
+RUN apt-get update \
+    && apt-get install --no-install-recommends -y \
+    curl \
+    make \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install poetry: https://python-poetry.org/docs/#installing-with-the-official-installer
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN curl -sSL https://install.python-poetry.org | python3 -
+ENV PATH="/root/.local/bin:$PATH"
+
+# Install dependencies
+COPY pyproject.toml poetry.lock Makefile /app/
+RUN poetry config virtualenvs.create false && make install-deps
+COPY . .
+
+CMD ["python", "main.py"]
diff --git a/Makefile b/Makefile
@@ -1,3 +1,7 @@
+# Git
+GIT_REVISION ?= $(shell git rev-parse --short HEAD)
+GIT_TAG ?= $(shell git describe --tags --abbrev=0 | sed -e s/v//g)
+
 .PHONY: help
 help:
 	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
@@ -30,3 +34,39 @@ test: ## run tests
 
 .PHONY: ci-test
 ci-test: install-deps-dev format-check lint test ## run CI tests
+
+# ---
+# Docker
+# ---
+DOCKER_REPO_NAME ?= ks6088ts
+DOCKER_IMAGE_NAME ?= template-python
+DOCKER_COMMAND ?= python main.py
+
+# Tools
+TOOLS_DIR ?= $(HOME)/.local/bin
+TRIVY_VERSION ?= 0.49.1
+
+.PHONY: docker-build
+docker-build: ## build Docker image
+	docker build \
+		-t $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG) \
+		--build-arg GIT_REVISION=$(GIT_REVISION) \
+		--build-arg GIT_TAG=$(GIT_TAG) \
+		.
+
+.PHONY: docker-run
+docker-run: ## run Docker container
+	docker run --rm -it $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG) $(DOCKER_COMMAND)
+
+.PHONY: docker-lint
+docker-lint: ## lint Dockerfile
+	docker run --rm -i hadolint/hadolint < Dockerfile
+
+.PHONY: docker-scan
+docker-scan: ## scan Docker image
+	@# https://aquasecurity.github.io/trivy/v0.18.3/installation/#install-script
+	@which trivy || curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b $(TOOLS_DIR) v$(TRIVY_VERSION)
+	trivy image $(DOCKER_REPO_NAME)/$(DOCKER_IMAGE_NAME):$(GIT_TAG)
+
+.PHONY: ci-test-docker
+ci-test-docker: docker-lint docker-build docker-scan docker-run ## run CI test for Docker
diff --git a/README.md b/README.md
@@ -1,8 +1,9 @@
-[![test](https://github.com/ks6088ts/template-python/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/ks6088ts/template-python/actions/workflows/test.yml?query=branch%3Amain)
+[![test](https://github.com/ks6088ts/template-python/actions/workflows/test.yaml/badge.svg?branch=main)](https://github.com/ks6088ts/template-python/actions/workflows/test.yaml?query=branch%3Amain)
+[![docker](https://github.com/ks6088ts/template-python/actions/workflows/docker.yaml/badge.svg?branch=main)](https://github.com/ks6088ts/template-python/actions/workflows/docker.yaml?query=branch%3Amain)
 
 # template-python
 
-This is a template repository for a Python
+This is a template repository for Python
 
 ## Prerequisites
 

diff --git a/main.py b/main.py
@@ -1,2 +1,6 @@
 def add_numbers(a, b):
     return a + b
+
+
+if __name__ == "__main__":
+    print(f"{add_numbers(3, 4)}")