gha: use docker targets

- we drop the `Dockerfile.dev`

.github/workflows/container.yml

@@ -78,5 +78,6 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
             KARAPACE_VERSION=${{ steps.ctx.outputs.version }}
+            PYTHON_VERSION=3.10.11
           file: container/Dockerfile
           platforms: "linux/amd64,linux/arm64"

.github/workflows/tests.yml

@@ -14,10 +14,15 @@ env:
   FORCE_COLOR: 1
   PIP_PROGRESS_BAR: off
   PYTHONUNBUFFERED: 1
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
 
 jobs:
   tests:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     strategy:
       matrix:
         python-version: [ '3.10', '3.11', '3.12' ]
@@ -48,13 +53,49 @@ jobs:
     - run: echo "RUNNER_UID=$(id -u)" >> $GITHUB_ENV
     - run: echo "RUNNER_GID=$(id -g)" >> $GITHUB_ENV
 
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to registry
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Configure metadata
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        # Configure to use `latest` and the PEP440 version from a tag name for
+        # releases, and `develop` for non-release main builds.
+        tags: |
+          type=pep440,pattern=${{ env.KARAPACE_VERSION }}
+          type=raw,value=${{ env.KARAPACE_VERSION }}
+        labels: |
+          [email protected]
+          org.opencontainers.image.url=https://karapace.io
+          org.opencontainers.image.documentation=https://github.com/Aiven-Open/karapace/
+          org.opencontainers.image.vendor=Aiven
+          org.opencontainers.image.licenses=Apache-2.0
+
     - name: Cache docker layers
       uses: docker/build-push-action@v4
+      env:
+        PYTHON_VERSION: ${{ matrix.python-version }}
+        KARAPACE_VERSION: ${{ env.KARAPACE_VERSION }}
+        REF: aiven-open/karapace:${{ env.KARAPACE_VERSION }}
       with:
         context: .
-        cache-to: type=inline
-        push: false
-        build-args: KARAPACE_VERSION=${{ env.KARAPACE_VERSION }}
+        cache-from: type=registry,ref=${{ env.REF }}
+        cache-to: type=registry,ref=${{ env.REF }},mode=max
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        push: true
+        build-args: |
+          KARAPACE_VERSION=${{ env.KARAPACE_VERSION }}
+          PYTHON_VERSION=${{ matrix.python-version }}
         file: container/Dockerfile
         platforms: linux/amd64
 

container/Dockerfile

@@ -1,5 +1,7 @@
+ARG PYTHON_VERSION=3.10.11
+
 # Current versions of avro and zstandard don't yet have wheels for 3.11.
-FROM python:3.10.11-bullseye AS builder
+FROM python:${PYTHON_VERSION}-bullseye AS builder
 
 ARG KARAPACE_VERSION
 
@@ -35,14 +37,9 @@ RUN --mount=type=cache,target=/root/.cache/pip \
     fi; \
     SETUPTOOLS_SCM_PRETEND_VERSION=$PRETEND_VERSION python3 -m pip install --no-deps .
 
-# Karapace image, i.e. production.
-FROM python:3.10.11-slim-bullseye AS karapace
 
-# Setup user and directories.
-RUN groupadd --system karapace \
- && useradd --system --gid karapace karapace \
- && mkdir /opt/karapace /opt/karapace/runtime /var/log/karapace \
- && chown --recursive karapace:karapace /opt/karapace /var/log/karapace
+# Karapace image, i.e. production.
+FROM builder AS karapace
 
 # Install protobuf compiler.
 ARG PROTOBUF_COMPILER_VERSION="3.12.4-1+deb11u1"
@@ -51,10 +48,42 @@ RUN apt-get update \
     protobuf-compiler=$PROTOBUF_COMPILER_VERSION \
  && rm -rf /var/lib/apt/lists/*
 
-# Copy virtualenv from builder and activate it.
-COPY --from=builder /venv /venv
 ENV PATH="/venv/bin:$PATH"
 
+
+FROM karapace AS cli
+
+ARG RUNNER_UID
+ARG RUNNER_GID
+
+# Setup files and directories.
+RUN mkdir /opt/karapace /opt/karapace/runtime /var/log/karapace /opt/karapace/coverage \
+&& touch /opt/karapace/coverage/.coverage.3.10 /opt/karapace/coverage/.coverage.3.11 /opt/karapace/coverage/.coverage.3.12 \
+&& chown --recursive "$RUNNER_UID:$RUNNER_GID" /opt/karapace /opt/karapace/coverage /var/log/karapace
+
+# Install Java via openjdk-11
+COPY --from=openjdk:11 /usr/local/openjdk-11 /usr/local/openjdk-11
+ENV JAVA_HOME /usr/local/openjdk-11
+RUN update-alternatives --install /usr/bin/java java /usr/local/openjdk-11/bin/java 1
+
+WORKDIR /opt/karapace
+
+COPY ./requirements /opt/karapace/requirements
+RUN python3 -m pip install -r /opt/karapace/requirements/requirements-dev.txt -r /opt/karapace/requirements/requirements-typing.txt
+
+COPY . .
+ENV PYTHONPATH="/opt/karapace/src:$PYTHONPATH"
+
+
+FROM karapace AS production
+
+# Setup user and directories.
+RUN groupadd --system karapace \
+ && useradd --system --gid karapace karapace \
+ && mkdir /opt/karapace /opt/karapace/runtime /var/log/karapace \
+ && chown --recursive karapace:karapace /opt/karapace /var/log/karapace
+
+
 COPY ./container/healthcheck.py /opt/karapace
 
 WORKDIR /opt/karapace

container/compose.yml

@@ -59,6 +59,7 @@ services:
       dockerfile: container/Dockerfile
       args:
         KARAPACE_VERSION: $KARAPACE_VERSION
+        PYTHON_VERSION: $PYTHON_VERSION
     entrypoint:
       - python3
       - -m
@@ -100,6 +101,7 @@ services:
       dockerfile: container/Dockerfile
       args:
         KARAPACE_VERSION: $KARAPACE_VERSION
+        PYTHON_VERSION: $PYTHON_VERSION
     entrypoint:
       - python3
       - -m
@@ -128,7 +130,8 @@ services:
     image: ghcr.io/aiven-open/karapace:cli
     build:
       context: ..
-      dockerfile: container/Dockerfile.dev
+      target: cli
+      dockerfile: container/Dockerfile
       args:
         KARAPACE_VERSION: $KARAPACE_VERSION
         PYTHON_VERSION: $PYTHON_VERSION
@@ -171,7 +174,7 @@ services:
       GF_SECURITY_ADMIN_PASSWORD: karapace
       GF_PATHS_PROVISIONING: /grafana/provisioning
     ports:
-      - 3000:3000
+      - 9091:3000
     volumes:
       - ./grafana/dashboards:/grafana/dashboards
       - ./grafana/provisioning:/grafana/provisioning