GitHub Action for DockerHub build and publish dipdup-io#19

Author: jsanchez556

.github/workflows/docker-publish.yml

@@ -0,0 +1,81 @@
+name: Build and Publish image to Docker Hub
+on:
+    push:
+      branches:
+        - 'master'
+      tags:
+        - 'v*.*.*'
+
+jobs:
+  build_and_push:
+    env:
+      DOCKER_HUB: ${{ secrets.DOCKER_LOGIN }}
+      DOCKER_TAGS: type=ref,event=branch,branch=master,latest=true
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+      attestations: write
+      contents: read
+      packages: write
+
+    strategy:
+      matrix:
+        target:
+          - name: stone-prover
+            dockerfile: Dockerfile
+          - name: cpu_air_prover
+            dockerfile: air_prover/Dockerfile
+          - name: cpu_air_verifier
+            dockerfile: air_verifier/Dockerfile
+    continue-on-error: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_LOGIN }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Determine Docker Tags
+        id: set-tag
+        run: |
+          if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
+            TAG_NAME=$(echo ${GITHUB_REF} | sed 's/refs\/tags\///')
+            echo "DOCKER_TAGS=${TAG_NAME}" >> $GITHUB_ENV
+          else
+            echo "No valid ref for tagging. Exiting..."
+            exit 1
+          fi
+        shell: bash
+
+      - name: Set image tags & labels
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_HUB }}/${{ matrix.target.name }}
+          tags: ${{ env.DOCKER_TAGS }}
+
+      - name: Build And Push Image
+        id: push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.target.dockerfile }}
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Generate artifact attestation
+        if: github.event.repository.fork == false
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-name: ${{ secrets.DOCKER_LOGIN }}/${{ matrix.target.name }}
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+

README.md

@@ -149,4 +149,37 @@ Run the verifier to confirm the proof:
 cpu_air_verifier --in_file=fibonacci_proof.json && echo "Successfully verified example proof."
 ```
 
+## Docker Image Publishing
+
+This repository contains a GitHub Actions workflow that automatically builds and publishes Docker images to Docker Hub.
+
+- **Workflow file:** `.github/workflows/docker-publish.yml`
+
+### Usage
+
+1. Set up the following GitHub repository secrets under **Settings** > **Secrets and variables** > **Actions**:
+   - `DOCKER_LOGIN`: Your Docker Hub username.
+   - `DOCKERHUB_TOKEN`: Your Docker Hub access token.
+2. The workflow is triggered by any push or pull request to the `master` branch. It builds the Docker image and publishes it to Docker Hub.
+
+### Workflow Overview
+
+The workflow performs the following actions:
+- Checks out the repository code.
+- Sets up Docker Buildx for cross-platform builds.
+- Logs in to Docker Hub using the credentials stored in GitHub Secrets.
+- Builds the Docker image based on the repository content.
+- Pushes the image to Docker Hub with the specified tag.
+- Generates an attestation for the image artifact (not applicable to forked repositories).
+- Logs out of Docker Hub after the process is complete.
+
+### Tests
+
+1. Forked the original repository.
+2. To use the local Docker Hub, update the workflow file by setting `env.DOCKER_HUB` to `127.0.0.1:5000`.
+3. Temporarily updated the workflow trigger branch for testing purposes.
+4. Pushed a small change to trigger the workflow.
+5. Monitored the workflow in the **Actions** tab.
+6. Verified the Docker image was pushed to local Docker Hub.
+
 This project is supported by Nethermind and Starknet Foundation via [OnlyDust platform](https://app.onlydust.com/p/stone-packaging-)