feat: Add Docker Compose configuration and CI/CD pipeline

.github/workflows/docker-ci.yml

@@ -0,0 +1,239 @@
+name: Docker Build and Publish
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+      - develop
+
+env:
+  # Set your organization name here
+  REGISTRY: ghcr.io
+  IMAGE_NAME: droq-math-executor-node
+
+jobs:
+  # Test build on pull requests (no push)
+  test-build:
+    name: Test Docker Build
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Test build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          load: true
+          tags: ${{ env.IMAGE_NAME }}:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Test container startup
+        run: |
+          docker run -d --name test-container -p 8003:8003 ${{ env.IMAGE_NAME }}:test
+          sleep 10
+
+          # Test health endpoint
+          if ! curl -f http://localhost:8003/health; then
+            echo "Health check failed"
+            docker logs test-container
+            exit 1
+          fi
+
+          # Test API endpoint
+          response=$(curl -s -X POST http://localhost:8003/api/v1/execute \
+            -H "Content-Type: application/json" \
+            -d '{
+              "component_state": {
+                "component_class": "DFXMultiplyComponent",
+                "component_module": "dfx.math.component.multiply",
+                "parameters": { "number1": 5.0, "number2": 3.0 }
+              },
+              "method_name": "multiply",
+              "is_async": false
+            }')
+
+          if ! echo "$response" | grep -q '"result":15.0'; then
+            echo "API test failed"
+            echo "Response: $response"
+            docker logs test-container
+            exit 1
+          fi
+
+          docker stop test-container
+          docker rm test-container
+
+  # Build and publish on push to main/develop or tags
+  build-and-publish:
+    name: Build and Publish Docker Image
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+    permissions:
+      contents: read
+      packages: write
+      actions: read
+      id-token: write
+    outputs:
+      image: ${{ steps.meta.outputs.tags }}
+      digest: ${{ steps.build.outputs.digest }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
+          tags: |
+            # Latest tag for main branch
+            type=ref,event=branch,enable={{is_default_branch}},suffix=-latest
+            # Branch tags for develop
+            type=ref,event=branch,enable={{is_default_branch}},suffix=main
+            type=ref,event=branch,limit=1,suffix=develop
+            # Version tags for releases
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            # Commit SHA for unique identification
+            type=sha,prefix={{branch}}-
+            # Pull request tags
+            type=ref,event=pr,suffix=pr
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push Docker image
+        id: build
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
+          # Ensure private registry configuration
+          provenance: true
+          sbom: true
+
+      - name: Generate SBOM
+        uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
+          format: spdx-json
+          output-file: sbom.spdx.json
+
+      - name: Upload SBOM as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-${{ github.sha }}
+          path: sbom.spdx.json
+          retention-days: 30
+
+      - name: Verify image in private registry
+        run: |
+          echo "Verifying image is accessible in private registry..."
+          # Test that we can pull the image we just pushed
+          docker pull ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }}
+          echo "✅ Image successfully verified in private registry"
+
+          # List all tags for this image
+          echo "Image tags pushed:"
+          echo "${{ steps.meta.outputs.tags }}" | tr ',' '\n' | while read tag; do
+            echo "  - $tag"
+          done
+
+  # Create GitHub release on tag push
+  create-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: build-and-publish
+    if: startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Extract release notes
+        id: release-notes
+        run: |
+          # Get tag without 'v' prefix
+          TAG="${GITHUB_REF#refs/tags/v}"
+          echo "version=$TAG" >> $GITHUB_OUTPUT
+
+          # Create release notes from git commits since last tag
+          PREVIOUS_TAG=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || echo "")
+          if [ -n "$PREVIOUS_TAG" ]; then
+            echo "changelog<<EOF" >> $GITHUB_OUTPUT
+            git log --pretty=format:"- %s (%h)" $PREVIOUS_TAG..HEAD >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+          else
+            echo "changelog<<EOF" >> $GITHUB_OUTPUT
+            echo "Initial release" >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: Release ${{ steps.release-notes.outputs.version }}
+          body: |
+            ## Droq Math Executor Node v${{ steps.release-notes.outputs.version }}
+
+            ### Docker Images
+            - `ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.release-notes.outputs.version }}`
+            - `ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest`
+
+            ### Installation
+            ```bash
+            docker pull ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.release-notes.outputs.version }}
+            ```
+
+            ### Changelog
+            ${{ steps.release-notes.outputs.changelog }}
+
+            ### Docker Compose
+            ```yaml
+            services:
+              math-executor:
+                image: ghcr.io/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:${{ steps.release-notes.outputs.version }}
+                environment:
+                  - HOST=0.0.0.0
+                  - PORT=8003
+                  - LOG_LEVEL=INFO
+                ports:
+                  - "8003:8003"
+                restart: unless-stopped
+            ```
+          generate_release_notes: true
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+