Add python 3.9 support (#8)

* add python 3.9 support

* update dockerfile

* fix prefix

* publish latest only for defaut branch and latest python version

* adapt github action titles

* add 3.10 build to base layer

* add latest versioned tag on main

Author: aplr

.github/workflows/build-base-image.yml

@@ -1,32 +1,68 @@
-name: Update Base Image for AWS Lambda and push to DockerHub
+name: Build and Push AWS Lambda Base Image
 
 on:
   push:
     branches:
       - main
+  pull_request:
   workflow_dispatch:
 
 jobs:
   push_to_registry:
-    name: Build and Push to DockerHub Registry
+    name: Build and Push Docker Image
     runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        python-version: ["3.8", "3.9", "3.10"]
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      # - name: Log in to Docker Hub
+      #   uses: docker/login-action@v3
+      #   with:
+      #     username: ${{ secrets.DOCKER_USERNAME }}
+      #     password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Login to Github Packages
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v1
+      - name: Extract Docker Metadata
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
+          flavor: |
+            suffix=-${{ matrix.python-version }}
+          tags: |
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=tag
+            type=ref,event=pr
+            type=raw,value=${{ matrix.python-version }},enable={{is_default_branch}}
+            type=raw,value=latest,enable=${{ github.ref_name == github.event.repository.default_branch && matrix.python-version == '3.8' }}
+            type=edge,branch=main,enable=false
+          images: |
+            name=${{ secrets.DOCKER_USERNAME }}/python-base-eval-layer,enable=false
+            name=ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }}
 
       - name: Build and Push Base Image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
         with:
           push: true
-          tags: ${{ secrets.DOCKER_USERNAME }}/python-base-eval-layer
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
           build-args: |
+            PYTHON_VERSION=${{ matrix.python-version }}
             INVOKER_ID=${{ secrets.INVOKER_ID }}
             INVOKER_KEY=${{ secrets.INVOKER_KEY }}
             INVOKER_REGION=${{ secrets.INVOKER_REGION }}

Dockerfile

@@ -1,18 +1,21 @@
+ARG PYTHON_VERSION
+
 # Base image is Python 3.8 provided by AWS Lambda in Docker Hub
-FROM public.ecr.aws/lambda/python:3.8
+FROM public.ecr.aws/lambda/python:${PYTHON_VERSION}
 
 WORKDIR /app
 
 # These are visible, the image is public so secrets would be accessible anyways
 # We'd like these to be available if any evaluation function needs it...
-# TODO: Find a better way to do thi
+# TODO: ~Find a better way to do this~
+# TODO: We can probably use docker secrets, let's see...
 ARG INVOKER_ID
 ARG INVOKER_KEY
 ARG INVOKER_REGION
 
-ENV INVOKER_ID=${INVOKER_ID}\
-  INVOKER_KEY=${INVOKER_KEY}\
-  INVOKER_REGION=${INVOKER_REGION}
+ENV INVOKER_ID=${INVOKER_ID}
+ENV INVOKER_KEY=${INVOKER_KEY}
+ENV INVOKER_REGION=${INVOKER_REGION}
 
 # Install backend dependencies
 COPY requirements.txt base_requirements.txt