refactor: refactor the build process

Author: skunxicat

.github/workflows/build-and-release.yml

@@ -0,0 +1,86 @@
+name: Build and Release
+
+on:
+  push:
+    branches:
+      - develop
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      HTTP_CLI_VERSION: v1.0.1
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - uses: actions/cache@v3
+        with:
+          path: ~/.npm
+          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-node-
+      - run: npm ci
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Create and use buildx builder
+        run: |
+          docker buildx create --name shell-runtime-builder --driver docker-container --use
+          docker buildx inspect shell-runtime-builder --bootstrap
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+      - name: Set version
+        id: version
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            # Get semantic version for main branch
+            VERSION=$(npx semantic-release --no-ci --dry-run --branch main 2>&1 | grep -oP 'The next release version is \K[0-9]+\.[0-9]+\.[0-9]+' || echo "")
+            if [ -z "$VERSION" ]; then
+              echo "No release needed"
+              echo "VERSION=develop" >> $GITHUB_ENV
+              echo "SHOULD_RELEASE=false" >> $GITHUB_ENV
+            else
+              echo "VERSION=$VERSION" >> $GITHUB_ENV
+              echo "SHOULD_RELEASE=true" >> $GITHUB_ENV
+            fi
+          else
+            # Use branch name for develop
+            echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
+            echo "SHOULD_RELEASE=false" >> $GITHUB_ENV
+          fi
+          echo "Detected VERSION: $VERSION"
+      - name: Build and push images
+        run: |
+          echo "${{ secrets.GHCR_PAT }}" > github_token
+          export GITHUB_TOKEN="${{ secrets.GHCR_PAT }}"
+          
+          # Build and push all variants
+          make push VERSION="$VERSION" REGISTRY="ghcr.io/${{ github.repository_owner }}"
+        shell: bash
+      - name: Log in to GHCR
+        run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u skunxicat --password-stdin
+      - name: Create release
+        if: env.SHOULD_RELEASE == 'true'
+        run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GHCR_PAT: ${{ secrets.GHCR_PAT }}

.github/workflows/build-base.yml

@@ -0,0 +1,38 @@
+name: Build Base Image
+
+on:
+  push:
+    branches: [ main, develop ]
+    paths:
+      - 'Dockerfile'
+      - 'runtime/**'
+      - 'task/handler.sh'
+      - '.github/workflows/build-base.yml'
+  pull_request:
+    branches: [ main ]
+    paths:
+      - 'Dockerfile'
+      - 'runtime/**'
+      - 'task/handler.sh'
+
+jobs:
+  build-base:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          
+      - name: Build and push base
+        run: |
+          ./build --platform linux/arm64 --tag ghcr.io/${{ github.repository_owner }}/lambda-shell-runtime --push base
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -43,8 +43,8 @@ COPY task/handler.sh handler.sh
 LABEL org.opencontainers.image.source="https://github.com/ql4b/lambda-shell-runtime"
 LABEL org.opencontainers.image.version="${VERSION}"
 
-# tiny: add lamnda helper functions
-FROM base AS tiny
+# tiny: add lambda helper functions
+FROM ghcr.io/ql4b/lambda-shell-runtime:base AS tiny
 
 ARG VERSION
 ARG HTTP_CLI_VERSION
@@ -65,8 +65,12 @@ RUN pip3 install --no-cache-dir --target /tmp/awscurl awscurl && \
     find /tmp/awscurl -type f -name '*.pyc' -delete && \
     find /tmp/awscurl -type d -name '*.dist-info' -exec rm -rf {} +
 
-# micro: inclues awscurl
-FROM tiny AS micro
+# micro: includes awscurl
+FROM ghcr.io/ql4b/lambda-shell-runtime:base AS micro-base
+
+COPY task/helpers.sh helpers.sh
+
+FROM micro-base AS micro
 
 ARG VERSION
 ARG HTTP_CLI_VERSION
@@ -93,7 +97,11 @@ LABEL org.opencontainers.image.version="${VERSION}"
 LABEL org.opencontainers.image.http_cli_version="${HTTP_CLI_VERSION}"
 
 # full: includes aws-cli for complete AWS functionality
-FROM tiny AS full
+FROM ghcr.io/ql4b/lambda-shell-runtime:base AS full-base
+
+COPY task/helpers.sh helpers.sh
+
+FROM full-base AS full
 
 ARG VERSION
 ARG HTTP_CLI_VERSION

Dockerfile

@@ -0,0 +1,32 @@
+.PHONY: help build push clean base tiny micro full
+
+PLATFORM ?= linux/arm64
+TAG ?= lambda-shell-runtime
+VERSION ?= develop
+REGISTRY ?= ghcr.io/ql4b
+
+help: ## Show this help
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-15s\033[0m %s\n", $$1, $$2}'
+
+build: tiny micro full ## Build all variants locally
+
+base: ## Build base image
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(TAG) --load base
+
+tiny: base ## Build tiny variant
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(TAG) --load tiny
+
+micro: base ## Build micro variant  
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(TAG) --load micro
+
+full: base ## Build full variant
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(TAG) --load full
+
+push-base: ## Push base to registry
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(REGISTRY)/$(TAG) --push base
+
+push: ## Push all variants to registry
+	VERSION=$(VERSION) ./build --platform $(PLATFORM) --tag $(REGISTRY)/$(TAG) --push tiny micro full
+
+clean: ## Remove local images
+	docker rmi -f $(TAG):base $(TAG):tiny $(TAG):micro $(TAG):full 2>/dev/null || true

Makefile

@@ -1,13 +1,14 @@
 #!/bin/sh
 
-set -ex
+set -e
 
 # Default config
 PLATFORM="linux/arm64"
 MODE="--load"
 TAG="lambda-shell-runtime"
-VERSION="${VERSION:-dev}"
+VERSION="${VERSION:-develop}"
 VARIANTS="base tiny micro full"
+# VARIANTS="base tiny"
 
 # Parse arguments
 while [ $# -gt 0 ]; do
@@ -28,13 +29,10 @@ while [ $# -gt 0 ]; do
       MODE="--load"
       shift
       ;;
-    full|tiny|micro|base)
-      VARIANTS="$1"
-      shift
-      ;;
     *)
-      echo "Unknown option: $1"
-      exit 1
+      # Remaining arguments are variants
+      VARIANTS="$*"
+      break
       ;;
   esac
 done
@@ -45,19 +43,26 @@ for VARIANT in $VARIANTS; do
 
   [ "$VARIANT" = "base" ] && TARGET=""
 
-  [ "$VARIANT" = "base" ] && MODE="--load"
-
   echo "Building $VARIANT ($DOCKERFILE) with platform $PLATFORM..."
+  
+  # Build tags
+  TAGS="--tag $TAG:$VARIANT"
+  if [ -n "$VERSION" ]; then
+    TAGS="$TAGS --tag $TAG:$VARIANT-$VERSION"
+  fi
+  
   docker buildx build \
     --platform "$PLATFORM" \
+    --provenance=false \
     --secret id=github_token,env=GITHUB_TOKEN \
-    --tag $TAG:$VARIANT \
+    $TAGS \
     --file "$DOCKERFILE" \
     ${TARGET:+--target "$TARGET"} \
     $MODE \
     .
 
-  if [ -n "$VERSION" ]; then
+  # Only do local tagging for --load mode if version wasn't already tagged
+  if [ -n "$VERSION" ] && [ "$MODE" = "--load" ]; then
     echo "Tagging $TAG:$VARIANT-$VERSION"
     docker tag $TAG:$VARIANT $TAG:$VARIANT-$VERSION
   fi