♻️ Add image build

.github/workflows/image-build.yml

@@ -0,0 +1,74 @@
+name: "LDAP: Automation Image Build"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+    paths:
+      - docker/ldap-automation/**
+      - .github/workflows/ldap-*.yml
+
+permissions:
+  packages: write
+  contents: write
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Bump version and push tag
+        id: BumpVersionAndPushTag
+        uses: anothrNick/[email protected] # Don't use @master unless you're happy to test the latest version
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WITH_V: false
+          DEFAULT_BUMP: minor # Making this default visible
+          INITIAL_VERSION: 0.0.0 # Making this default visible
+          TAG_CONTEXT: repo # Making this default visible
+          PRERELEASE: true
+          PRERELEASE_SUFFIX: ${{ github.ref_name }} # Branch name
+          DRY_RUN: ${{ github.ref != 'refs/heads/main' }} # Tag repo on main, not otherwise. Note we can still use the proposed dry-run tag to tag ECR images
+
+      - name: Create safe tag
+        id: safe_tag
+        run: |
+          echo "SAFE_TAG=$(echo ${{ steps.BumpVersionAndPushTag.outputs.new_tag }} | sed 's/[^a-zA-Z0-9.]/-/g')" >> $GITHUB_OUTPUT
+
+      - name: Set up Docker Buildx
+        id: setup_buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log into ghcr
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push to ghcr
+        id: build_publish
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64, linux/arm64
+          push: true
+          tags: ghcr.io/ministryofjustice/hmpps-ldap-automation:${{ steps.safe_tag.outputs.SAFE_TAG }}
+          args: |
+            VERSION_REF=${{ steps.BumpVersionAndPushTag.outputs.new_tag }}
+
+      - name: Slack failure notification
+        if: ${{ failure() && github.ref == 'refs/heads/main' }}
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        with:
+          payload: |
+            {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
+            env:
+              SLACK_WEBHOOK_URL: ${{ secrets.PWO_PUBLIC_SLACK_WEBHOOK_URL }}
+              SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK

Dockerfile

@@ -0,0 +1,18 @@
+FROM python:3.10-alpine
+
+LABEL org.opencontainers.image.source = "https://github.com/ministryofjustice/hmpps-ldap-automation-cli"
+
+ARG VERSION_REF=main
+
+# Basic tools for now
+RUN apk add --update --no-cache bash ca-certificates git build-base libffi-dev openssl-dev gcc musl-dev gcc g++ linux-headers build-base openldap-dev python3-dev
+
+RUN python3 -m pip install --upgrade pip
+## related to https://github.com/oracle/python-oracledb/issues/204 - pip version fails to install due to cpython3
+# ignore whilst in dev
+
+# RUN python3 -m pip install git+https://github.com/oracle/python-oracledb.git
+
+RUN python3 -m pip install git+https://github.com/ministryofjustice/hmpps-ldap-automation-cli.git@${VERSION_REF}
+
+CMD ["ldap-automation"]