Add: docker_build pipeline (#1127)

ADD docker build pipeline

update build/scan jobs names
FIX: build/scan workflows reorganization

move unsupported windows pipelines to legacy folder
move codeQL to legacy folder

Author: zLukas

.github/workflows/codeql.yml renamed to .github/legacy/codeql.yml

@@ -1,4 +1,4 @@
-name: Ubuntu build
+name: Base Build
 
 on:
   # allow manually trigger

.github/workflows/msys2_build.yml renamed to .github/legacy/msys2_build.yml

@@ -1,4 +1,5 @@
-name: Coverity Scan
+name: Coverity Build
+
 
 on:
   schedule:

.github/workflows/msys2_ffmpeg.yml renamed to .github/legacy/msys2_ffmpeg.yml

@@ -6,7 +6,7 @@
 # PRs introducing known-vulnerable packages will be blocked from merging.
 #
 # Source repository: https://github.com/actions/dependency-review-action
-name: 'Dependency Review'
+name: Dependency Review
 on: [pull_request]
 
 permissions:

.github/workflows/ubuntu_build.yml renamed to .github/workflows/base_build.yml

@@ -0,0 +1,60 @@
+name: Docker Build
+on:
+  # allow manually trigger
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - 'maint-**'
+  pull_request:
+    branches:
+      - main
+      - 'maint-**'
+
+permissions:
+  contents: read
+
+jobs:
+  changes:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: read
+    outputs:
+      changed: ${{ steps.filter.outputs.ubuntu_build == 'true' }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v2
+        id: filter
+        with:
+          filters: .github/path_filters.yml
+
+  build:
+    needs: changes
+    if: ${{ needs.changes.outputs.changed == 'true' }}
+    runs-on: ubuntu-22.04
+    timeout-minutes: 120
+    permissions:
+      contents: read
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        with:
+          buildkitd-flags: "--debug --allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host"
+          platforms: "linux/amd64"
+          driver-opts: memory=14Gib,memory-swap=25Gib,env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000,env.BUILDKIT_STEP_LOG_MAX_SPEED=10000000
+
+      - name: Build image
+        uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c # v6.3.0
+        with:
+          push: false
+          file: docker/ubuntu.dockerfile
+          tags: mtl:latest

.github/workflows/coverity.yml

@@ -1,4 +1,4 @@
-name: Lint Code Base
+name: Linter
 
 on: [push, pull_request]
 

.github/workflows/dependency-review.yml

@@ -2,7 +2,7 @@
 # by a third-party and are governed by separate terms of service, privacy
 # policy, and support documentation.
 
-name: Scorecard supply-chain security
+name: Scorecard
 on:
   # For Branch-Protection check. Only the default branch is supported. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection