feat: add shared workflows based on Dockerfiles

ING-4068

.github/workflows/dockerfile-build.yml

@@ -0,0 +1,24 @@
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: Image name
+        required: true
+        type: string
+      tag:
+        description: Image tag to build
+        required: true
+        type: string
+    secrets:
+      DOCKER_HUB_USERNAME:
+      DOCKER_HUB_PASSWORD:
+
+jobs:
+  build:
+    uses: ./.github/workflows/dockerfile.yml
+    with:
+      image: ${{ inputs.image }}
+      tag: ${{ inputs.tag }}
+      push: false
+      notify-failure: false
+    secrets: inherit

.github/workflows/dockerfile-publish.yml

@@ -0,0 +1,28 @@
+on:
+  workflow_call:
+    inputs:
+      image:
+        description: Image name
+        required: true
+        type: string
+      tag:
+        description: Image tag to build
+        required: true
+        type: string
+    secrets:
+      DOCKER_HUB_USERNAME:
+        required: true
+      DOCKER_HUB_PASSWORD:
+        required: true
+      SLACK_NOTIFICATIONS_BOT_TOKEN:
+        required: true
+
+jobs:
+  publish:
+    uses: ./.github/workflows/dockerfile.yml
+    with:
+      image: ${{ inputs.image }}
+      tag: ${{ inputs.tag }}
+      push: true
+      notify-failure: true
+    secrets: inherit

.github/workflows/dockerfile.yml

@@ -0,0 +1,70 @@
+on:
+  workflow_call:
+    inputs:
+      notify-failure:
+        description: Notify on build failure to Slack
+        default: true
+        type: boolean
+      image:
+        description: Image name
+        required: true
+        type: string
+      tag:
+        description: Image tag to build
+        required: true
+        type: string
+      push:
+        description: If the image should be pushed
+        type: boolean
+        default: false
+    secrets:
+      DOCKER_HUB_USERNAME:
+      DOCKER_HUB_PASSWORD:
+      SLACK_NOTIFICATIONS_BOT_TOKEN:
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ inputs.image }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: "${{ inputs.image }}:${{ inputs.tag }}"
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Vulnerability check
+        uses: wetransform/gha-trivy@master
+        with:
+          image-ref: "${{ inputs.image }}:${{ inputs.tag }}"
+          create-test-report: true
+          report-retention-days: 30
+
+      #
+      # Report build failure to Slack
+      #
+
+        # https://github.com/marketplace/actions/slack-notify-build
+      - name: Notify slack fail
+        if: ${{ inputs.notify-failure && failure() }}
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }}
+        uses: voxmedia/github-action-slack-notify-build@v1
+        with:
+          channel: build-failures
+          status: FAILED
+          color: danger