From da93a2873f025131dfd943a1ecfdd5a365f47130 Mon Sep 17 00:00:00 2001
From: Abhishek Dasgupta <abhishek.dasgupta@dtc.ox.ac.uk>
Date: Tue, 17 Sep 2024 14:58:41 +0100
Subject: [PATCH] ci: add docker build and deploy

---
 .dockerignore                |  1 +
 .github/workflows/deploy.yml | 36 ++++++++++++++++++++++++++++++++++++
 Dockerfile                   | 16 ++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/deploy.yml
 create mode 100644 Dockerfile

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..1d17dae
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1 @@
+.venv
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 0000000..6c68fbe
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,36 @@
+name: deploy
+
+on:
+  push:
+    branches: [main]
+    paths:
+        - '.github/workflows/deploy.yml'
+        - 'src/olm/**.py'
+        - 'pyproject.toml'
+        - 'uv.lock'
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-22.04
+    steps:
+    - uses: actions/checkout@v4
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: eu-central-1
+
+    - name: Login to Amazon ECR
+      id: login-ecr
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: Build, tag, and push image to Amazon ECR (latest)
+      env:
+        REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        REPO: olm
+        IMAGE_TAG: ${{ github.sha }}
+      run: |
+        docker build . -t $REGISTRY/$REPO:latest .
+        docker push $REGISTRY/$REPO:latest
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b2f8976
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM ghcr.io/astral-sh/uv:python3.12-bookworm-slim AS builder
+ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy
+WORKDIR /app
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --frozen --no-install-project --no-dev
+ADD . /app
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --frozen --no-dev
+
+# final image without uv, MUST be same as builder
+FROM python:3.12-slim-bookworm
+COPY --from=builder --chown=app:app /app /app
+ENV PATH="/app/.venv/bin:$PATH"
+CMD ["olm"]