Merge branch 'feature/docker-amd64' into HEAD

Author: mike dupont

.dockerignore

@@ -0,0 +1,2 @@
+Dockerfile
+.dockerignore

.github/workflows/CI.yml

@@ -48,22 +48,22 @@ jobs:
     name: stable - ${{ matrix.settings.target }} - node@18
     runs-on: ${{ matrix.settings.host }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: meta-introspector/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         if: ${{ !matrix.settings.docker }}
         with:
           node-version: 18
           check-latest: true
           cache: yarn
       - name: Install
-        uses: dtolnay/rust-toolchain@stable
+        uses: meta-introspector/rust-toolchain@stable
         if: ${{ !matrix.settings.docker }}
         with:
           toolchain: stable
           targets: ${{ matrix.settings.target }}
       - name: Cache cargo
-        uses: actions/cache@v3
+        uses: meta-introspector/cache@v3
         with:
           path: |
             ~/.cargo/registry/index/
@@ -72,7 +72,7 @@ jobs:
             .cargo-cache
             target/
           key: ${{ matrix.settings.target }}-cargo-${{ matrix.settings.host }}
-      - uses: goto-bus-stop/setup-zig@v2
+      - uses: meta-introspector/setup-zig@v1
         if: ${{ matrix.settings.target == 'armv7-unknown-linux-gnueabihf' }}
         with:
           version: 0.10.1
@@ -87,15 +87,15 @@ jobs:
       - name: Install dependencies
         run: yarn install
       - name: Setup node x86
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         if: matrix.settings.target == 'i686-pc-windows-msvc'
         with:
           node-version: 18
           check-latest: true
           cache: yarn
           architecture: x86
       - name: Build in docker
-        uses: addnab/docker-run-action@v3
+        uses: meta-introspector/docker-run-action@v3
         if: ${{ matrix.settings.docker }}
         with:
           image: ${{ matrix.settings.docker }}
@@ -106,7 +106,7 @@ jobs:
         if: ${{ !matrix.settings.docker }}
         shell: bash
       - name: Upload artifact
-        uses: actions/upload-artifact@v3
+        uses: meta-introspector/upload-artifact@v3
         with:
           name: bindings-${{ matrix.settings.target }}
           path: ${{ env.APP_NAME }}.*.node
@@ -129,17 +129,17 @@ jobs:
           - '18'
     runs-on: ${{ matrix.settings.host }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: meta-introspector/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
           check-latest: true
           cache: yarn
       - name: Install dependencies
         run: yarn install
       - name: Download artifacts
-        uses: actions/download-artifact@v3
+        uses: meta-introspector/download-artifact@v3
         with:
           name: bindings-${{ matrix.settings.target }}
           path: .
@@ -161,17 +161,17 @@ jobs:
           - '18'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: meta-introspector/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         with:
           node-version: ${{ matrix.node }}
           check-latest: true
           cache: yarn
       - name: Install dependencies
         run: yarn install
       - name: Download artifacts
-        uses: actions/download-artifact@v3
+        uses: meta-introspector/download-artifact@v3
         with:
           name: bindings-x86_64-unknown-linux-gnu
           path: .
@@ -186,29 +186,29 @@ jobs:
       - build
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: meta-introspector/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         with:
           node-version: 18
           check-latest: true
           cache: yarn
       - name: Install dependencies
         run: yarn install
       - name: Download macOS x64 artifact
-        uses: actions/download-artifact@v3
+        uses: meta-introspector/download-artifact@v3
         with:
           name: bindings-x86_64-apple-darwin
           path: artifacts
       - name: Download macOS arm64 artifact
-        uses: actions/download-artifact@v3
+        uses: meta-introspector/download-artifact@v3
         with:
           name: bindings-aarch64-apple-darwin
           path: artifacts
       - name: Combine binaries
         run: yarn universal
       - name: Upload artifact
-        uses: actions/upload-artifact@v3
+        uses: meta-introspector/upload-artifact@v3
         with:
           name: bindings-universal-apple-darwin
           path: ${{ env.APP_NAME }}.*.node
@@ -221,17 +221,17 @@ jobs:
       - test-linux-x64-gnu-binding
       - universal-macOS
     steps:
-      - uses: actions/checkout@v3
+      - uses: meta-introspector/checkout@v3
       - name: Setup node
-        uses: actions/setup-node@v3
+        uses: meta-introspector/setup-node@v3
         with:
           node-version: 18
           check-latest: true
           cache: yarn
       - name: Install dependencies
         run: yarn install
       - name: Download all artifacts
-        uses: actions/download-artifact@v3
+        uses: meta-introspector/download-artifact@v3
         with:
           path: artifacts
       - name: Move artifacts

.github/workflows/image.yaml

@@ -0,0 +1,102 @@
+
+name: Create and publish a Docker image
+
+on:
+    workflow_dispatch:
+    push:
+#    pull_request:
+
+env:
+    REGISTRY: ghcr.io
+    IMAGE_NAME: ${{ github.repository }}
+    ECR_REPOSITORY: nodemodules/tokenizer
+    DOCKER_REPOSITORY: h4ckermike/arm64-tokenizers
+    SESSION_APP_NAME: tokenizer
+
+jobs:
+  
+    build-and-push-image:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+            attestations: write
+            id-token: write
+
+        steps:
+          - name: Configure AWS credentials
+            uses: meta-introspector/configure-aws-credentials@v4
+            with:
+              aws-region: ${{ secrets.AWS_REGION || 'us-east-2'}}
+              role-session-name: github-actions-${{ env.SESSION_APP_NAME }}
+              # FIXME hard coded
+              role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID || '767503528736' }}:role/github
+
+          - name: Set up Docker Buildx
+            uses: meta-introspector/setup-buildx-action@v3.8.0
+            with:
+              install: true
+              platforms: linux/amd64,linux/arm/v7,linux/arm/v8
+              
+          - name: Login to Amazon ECR
+            id: login-ecr
+            uses: meta-introspector/amazon-ecr-login@v1
+          - uses: meta-introspector/create-ecr-repository-action@v1
+            with:
+              repository: ${{ env.ECR_REPOSITORY }}
+
+          - name: Set short sha
+            id: sha_short
+            run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+          - name: Login to Docker Hub
+            uses: meta-introspector/login-action@v3
+            with:
+              username: ${{ vars.DOCKER_HUB_USERNAME }}
+              password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+          - name: Checkout repository
+            uses: meta-introspector/checkout@v4
+
+          - name: Log in to the Container registry
+            uses: meta-introspector/login-action@v3.0.0
+            with:
+              registry: ${{ env.REGISTRY }}
+              username: ${{ github.actor }}
+              password: ${{ secrets.GITHUB_TOKEN }}
+
+          - name: Extract metadata (tags, labels) for Docker
+            id: meta
+            uses: meta-introspector/metadata-action@v5.5.1
+            with:
+              images: |
+                ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+                ${{ env.DOCKER_REPOSITORY}}
+                ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY}}
+                
+          - name: Build and push Docker image
+            id: push
+            uses: meta-introspector/build-push-action@v6.10.0
+            with:
+              platforms: linux/arm64,linux/arm64/v8
+              context: .
+              push: true
+              tags: |
+                ${{ steps.meta.outputs.tags }}
+              labels: ${{ steps.meta.outputs.labels }}
+
+          - name: Generate artifact attestation
+            uses: meta-introspector/attest-build-provenance@local
+            with:
+              subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+              subject-digest: ${{ steps.push.outputs.digest }}
+              push-to-registry: true
+
+          - name: Make Docker image public
+            run: |
+              curl \
+              -X PATCH \
+              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
+              -H "Accept: application/vnd.github.v3+json" \
+              https://api.github.com/user/packages/container/${{ env.IMAGE_NAME }}/visibility \
+              -d '{"visibility":"public"}'