chore(ci): Switch to github workflows (#15)

.github/workflows/container-image.yml

@@ -0,0 +1,45 @@
+---
+name: Build and push container image
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+
+jobs:
+  container-image:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/arm64,linux/amd64
+          tags: "${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-gh-build-${{ github.run_id }}"
+          build-args: |
+            build_log_label=GH Build #${{ github.run_number }}
+            build_log_url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/dockerhub-latest.yml

@@ -0,0 +1,42 @@
+---
+name: Tag latest container image
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+
+jobs:
+  latest-image:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract Version (Patch)
+        run: echo "VERSION_PATCH=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+
+      - name: Extract Version (Minor)
+        run: echo "VERSION_MINOR=${VERSION_PATCH%.*}" >> $GITHUB_ENV
+
+      - name: Extract Version (Major)
+        run: echo "VERSION_MAJOR=${VERSION_MINOR%.*}" >> $GITHUB_ENV
+
+      - name: Tag docker image
+        run: >-
+          docker buildx imagetools create ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-gh-build-${{ github.run_id }}
+          --tag ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-${{ env.VERSION_PATCH}}
+          --tag ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-${{ env.VERSION_MINOR}}
+          --tag ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-${{ env.VERSION_MAJOR}}
+          --tag ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}

.github/workflows/dockerhub-rolling.yml

@@ -0,0 +1,28 @@
+---
+name: Tag rolling container image
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+
+jobs:
+  rolling-image:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Tag docker image
+        run: docker buildx imagetools create ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-gh-build-${{ github.run_id }} --tag ${{ vars.IMAGE_NAME }}:${{ vars.IMAGE_VARIANT }}-rolling

.github/workflows/github-release.yml

@@ -0,0 +1,34 @@
+---
+name: Create github release
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    secrets:
+      DOCKERHUB_USERNAME:
+        required: true
+      DOCKERHUB_TOKEN:
+        required: true
+
+jobs:
+  release-notes:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: Create Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release

.github/workflows/integration-test.yml

@@ -0,0 +1,42 @@
+---
+name: Run integration test on container image
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_call:
+    secrets:
+      PRIVATE_SSH_KEY:
+        required: true
+      PRIVATE_DIGITALOCEAN_TOKEN:
+        required: true
+      PRIVATE_CERTBOT_ACCOUNT_KEY:
+        required: true
+
+env:
+  IMAGE_NAME: ${{ vars.IMAGE_NAME }}
+  IMAGE_VARIANT: ${{ vars.IMAGE_VARIANT }}
+  IMAGE_BUILD_ID: "${{ vars.IMAGE_VARIANT }}-gh-build-${{ github.run_id }}"
+  PRIVATE_SSH_KEY: "${{ secrets.PRIVATE_SSH_KEY }}"
+  PRIVATE_DIGITALOCEAN_TOKEN: "${{ secrets.PRIVATE_DIGITALOCEAN_TOKEN }}"
+  PRIVATE_CERTBOT_ACCOUNT_KEY: "${{ secrets.PRIVATE_CERTBOT_ACCOUNT_KEY }}"
+  DOCKER_COMPOSE_ARGS: >-
+    -f integration-test/docker-compose.yml
+    -f integration-test/docker-compose.github.yml
+    -f integration-test/docker-compose.test-${{ vars.IMAGE_VARIANT }}.github.yml
+
+jobs:
+  integration-test:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up integration test
+        run: docker-compose ${{ env.DOCKER_COMPOSE_ARGS }} build
+
+      - name: Run integration test
+        run: docker-compose ${{ env.DOCKER_COMPOSE_ARGS }} run sut

.github/workflows/on-pull-request.yml

@@ -0,0 +1,16 @@
+---
+name: Integration Tests (Pull Request)
+
+# yamllint disable-line rule:truthy
+on:
+  pull_request:
+
+jobs:
+  build:
+    uses: ./.github/workflows/container-image.yml
+    secrets: inherit
+
+  run:
+    needs: build
+    uses: ./.github/workflows/integration-test.yml
+    secrets: inherit

.github/workflows/on-push-develop.yml

@@ -0,0 +1,23 @@
+---
+name: Publish Rolling Image (Push develop)
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - develop
+
+jobs:
+  build:
+    uses: ./.github/workflows/container-image.yml
+    secrets: inherit
+
+  run:
+    needs: build
+    uses: ./.github/workflows/integration-test.yml
+    secrets: inherit
+
+  tag:
+    needs: run
+    uses: ./.github/workflows/dockerhub-rolling.yml
+    secrets: inherit

.github/workflows/on-push-latest.yml

@@ -0,0 +1,23 @@
+---
+name: Publish Latest Image (Push latest)
+
+# yamllint disable-line rule:truthy
+on:
+  push:
+    branches:
+      - latest
+
+jobs:
+  build:
+    uses: ./.github/workflows/container-image.yml
+    secrets: inherit
+
+  run:
+    needs: build
+    uses: ./.github/workflows/integration-test.yml
+    secrets: inherit
+
+  release:
+    needs: run
+    uses: ./.github/workflows/github-release.yml
+    secrets: inherit

.github/workflows/on-release-published.yml

@@ -0,0 +1,22 @@
+---
+name: Publish Latest Image (Release Published)
+
+# yamllint disable-line rule:truthy
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    uses: ./.github/workflows/container-image.yml
+    secrets: inherit
+
+  run:
+    needs: build
+    uses: ./.github/workflows/integration-test.yml
+    secrets: inherit
+
+  tag:
+    needs: run
+    uses: ./.github/workflows/dockerhub-latest.yml
+    secrets: inherit

README.md

@@ -1,7 +1,7 @@
 Official Certhub/Certbot Docker Image
 =====================================
 
-[![Build Status](https://travis-ci.org/certhub/certhub-certbot-docker.svg?branch=develop)](https://travis-ci.org/certhub/certhub-certbot-docker)
+[![Build Status](https://github.com/certhub/certhub-certbot-docker/actions/workflows/on-push-latest.yml/badge.svg?branch=latest)](https://github.com/certhub/certhub-certbot-docker/actions/workflows/on-push-latest.yml)
 
 
                             .oO'Oo.       .oO'Oo.