feat: Add GitHub Actions for automated Docker builds

fanux · fanux · commit 7344f3944237 · 2025-10-02T13:53:54.000Z
- Created GitHub Actions workflow for multi-platform builds
- Enhanced build script with cloud build options via GitHub Actions
- Added comprehensive build documentation for restricted environments
- Created setup guide for GitHub secrets configuration
- Support for both local and cloud-based builds
- Multi-architecture support (amd64, arm64)
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -0,0 +1,86 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'Dockerfile'
+      - 'entrypoint.sh'
+      - '.github/workflows/docker-build.yml'
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Docker image tag'
+        required: false
+        default: 'latest'
+
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: fullstackagent/fullstack-web-runtime
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Docker Hub
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=raw,value=latest,enable={{is_default_branch}}
+          type=raw,value=${{ github.event.inputs.tag || 'latest' }}
+          type=sha,prefix={{branch}}-
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        build-args: |
+          BUILDKIT_INLINE_CACHE=1
+
+    - name: Image digest
+      if: github.event_name != 'pull_request'
+      run: echo ${{ steps.docker_build.outputs.digest }}
+
+    - name: Update Docker Hub Description
+      if: github.event_name != 'pull_request'
+      uses: peter-evans/dockerhub-description@v3
+      with:
+        username: ${{ secrets.DOCKER_HUB_USERNAME }}
+        password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+        repository: ${{ env.IMAGE_NAME }}
+        readme-filepath: ./README.md
diff --git a/README.md b/README.md
@@ -34,20 +34,54 @@ docker run -it --rm \
 
 ### Building from Source
 
-Due to security restrictions in some environments, you may need to build this image in an environment with proper Docker or Buildah permissions.
+The image can be built using multiple methods, including automated GitHub Actions builds for environments with restrictions.
 
-#### Option 1: Using the Build Script
+#### Option 1: GitHub Actions (Recommended for Restricted Environments)
+
+This method uses GitHub Actions to build the image in the cloud, perfect for environments without Docker access:
+
+```bash
+# First, set up GitHub repository secrets:
+# Go to: https://github.com/FullstackAgent/fullstack-runtime-builder/settings/secrets
+# Add two secrets:
+#   - DOCKER_HUB_USERNAME: your Docker Hub username
+#   - DOCKER_HUB_PASSWORD: your Docker Hub password
+
+# Method A: Trigger via Web UI
+# Go to: https://github.com/FullstackAgent/fullstack-runtime-builder/actions
+# Click "Build and Push Docker Image" → "Run workflow"
+
+# Method B: Trigger via GitHub CLI
+gh workflow run docker-build.yml -f tag="latest"
+
+# Method C: Automatic trigger on push
+# The workflow automatically runs when you push changes to Dockerfile
+```
+
+#### Option 2: Using the Build Script
+
+The build script supports both local and GitHub Actions builds:
 
 ```bash
-# Set your Docker Hub credentials
+# Show help
+./build.sh --help
+
+# Trigger GitHub Actions build
+./build.sh --github
+
+# Build locally (requires Docker/Buildah/Podman)
+./build.sh --local
+
+# Build with specific tag
+./build.sh --github v1.0.0
+
+# For local builds with push to Docker Hub:
 export DOCKER_HUB_NAME=your_username
 export DOCKER_HUB_PASSWD=your_password
-
-# Run the build script
-./build.sh
+./build.sh --local
 ```
 
-#### Option 2: Manual Build with Docker
+#### Option 3: Manual Build with Docker
 
 ```bash
 # Build the image
@@ -58,7 +92,7 @@ docker login
 docker push fullstackagent/fullstack-web-runtime:latest
 ```
 
-#### Option 3: Manual Build with Buildah (for rootless environments)
+#### Option 4: Manual Build with Buildah (for rootless environments)
 
 ```bash
 # Build with Buildah
diff --git a/SETUP_GITHUB_SECRETS.md b/SETUP_GITHUB_SECRETS.md
@@ -0,0 +1,136 @@
+# Setting Up GitHub Secrets for Automated Docker Builds
+
+This guide will help you set up GitHub repository secrets to enable automated Docker image builds and pushes.
+
+## Prerequisites
+
+1. A Docker Hub account (create one at https://hub.docker.com if needed)
+2. Write access to the GitHub repository
+
+## Steps to Configure GitHub Secrets
+
+### 1. Navigate to Repository Settings
+
+Go to: https://github.com/FullstackAgent/fullstack-runtime-builder/settings/secrets/actions
+
+Or manually:
+1. Open the repository: https://github.com/FullstackAgent/fullstack-runtime-builder
+2. Click on "Settings" tab
+3. In the left sidebar, click "Secrets and variables" → "Actions"
+
+### 2. Add Docker Hub Username
+
+1. Click "New repository secret"
+2. Name: `DOCKER_HUB_USERNAME`
+3. Secret: Enter your Docker Hub username (e.g., `fullstackagent`)
+4. Click "Add secret"
+
+### 3. Add Docker Hub Password
+
+1. Click "New repository secret"
+2. Name: `DOCKER_HUB_PASSWORD`
+3. Secret: Enter your Docker Hub password or access token
+4. Click "Add secret"
+
+**Security Note**: It's recommended to use a Docker Hub access token instead of your password:
+- Go to: https://hub.docker.com/settings/security
+- Click "New Access Token"
+- Description: "GitHub Actions for fullstack-runtime-builder"
+- Access permissions: "Read & Write"
+- Click "Generate"
+- Copy the token and use it as the password
+
+## Verifying the Setup
+
+### Manual Trigger
+
+1. Go to: https://github.com/FullstackAgent/fullstack-runtime-builder/actions
+2. Click on "Build and Push Docker Image" workflow
+3. Click "Run workflow" button
+4. Select branch: `main`
+5. Enter a tag (optional, defaults to `latest`)
+6. Click "Run workflow"
+
+### Check Build Status
+
+- Monitor the build at: https://github.com/FullstackAgent/fullstack-runtime-builder/actions
+- Green checkmark ✅ = Build successful
+- Red X ❌ = Build failed (check logs for details)
+
+### Verify Image on Docker Hub
+
+Once built successfully, the image will be available at:
+- https://hub.docker.com/r/fullstackagent/fullstack-web-runtime
+
+## Triggering Builds
+
+### Automatic Triggers
+
+The workflow automatically runs when:
+- Changes are pushed to `Dockerfile`
+- Changes are pushed to `entrypoint.sh`
+- Changes are pushed to the workflow file itself
+
+### Manual Triggers via GitHub CLI
+
+```bash
+# Install GitHub CLI if not already installed
+# https://cli.github.com/
+
+# Authenticate with GitHub
+gh auth login
+
+# Trigger the workflow
+gh workflow run docker-build.yml -f tag="v1.0.0"
+
+# Check workflow runs
+gh run list --workflow=docker-build.yml
+```
+
+### Manual Triggers via Build Script
+
+```bash
+# Use the provided build script
+./build.sh --github
+
+# With custom tag
+./build.sh --github v1.0.0
+```
+
+## Troubleshooting
+
+### Authentication Failed
+
+If the build fails with authentication errors:
+1. Verify your Docker Hub username is correct
+2. Regenerate your Docker Hub access token
+3. Update the `DOCKER_HUB_PASSWORD` secret
+
+### Build Failed
+
+Check the workflow logs:
+1. Go to the Actions tab
+2. Click on the failed workflow run
+3. Click on "build-and-push" job
+4. Review the error messages
+
+### Image Not Appearing on Docker Hub
+
+1. Ensure the build completed successfully
+2. Check that secrets are correctly configured
+3. Verify your Docker Hub account has push permissions
+
+## Security Best Practices
+
+1. **Use Access Tokens**: Always use Docker Hub access tokens instead of passwords
+2. **Limit Token Scope**: Create tokens with minimal required permissions
+3. **Rotate Tokens**: Regularly rotate your access tokens
+4. **Monitor Usage**: Check Docker Hub for unexpected image pushes
+5. **Review Logs**: Regularly review GitHub Actions logs for suspicious activity
+
+## Support
+
+For issues or questions:
+- Open an issue: https://github.com/FullstackAgent/fullstack-runtime-builder/issues
+- Check GitHub Actions documentation: https://docs.github.com/en/actions
+- Docker Hub documentation: https://docs.docker.com/docker-hub/
diff --git a/build.sh b/build.sh
