CM-40289 - Publish docker image with Cycode CLI

.github/workflows/docker-image.yml

@@ -1,46 +1,48 @@
+name: Build and Publish Docker Image. On dispatch event build the latest tag and push to Docker Hub
+
 on:
   workflow_dispatch:
-
-permissions:
-  # Write permission needed for creating a tag.
-  contents: write
+  push:
+    tags: [ 'v*.*.*' ]
 
 jobs:
-  main:
+  docker:
     runs-on: ubuntu-latest
+
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      -
-        name: Login to DockerHub Registry
-        env:
-          DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
-          DOCKERHUB_USER: ${{ secrets.DOCKERHUB_USER }}
-        run:  echo "$DOCKERHUB_PASSWORD" | docker login -u "$DOCKERHUB_USER" --password-stdin
-
-      - name: Bump version
-        id: bump_version
-        uses: anothrNick/github-tag-action@1.36.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DEFAULT_BUMP: minor
-
-      -
-        name: Build and push
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Get latest release tag
+        id: latest_tag
+        run: |
+          LATEST_TAG=$(git describe --tags `git rev-list --tags --max-count=1`)
+          echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check out latest release tag
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          git checkout ${{ steps.latest_tag.outputs.LATEST_TAG }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
           push: true
-          tags: cycodehq/cycode_cli:${{ steps.bump_version.outputs.new_tag }}
-      -
-        name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}
+          tags: cycodehq/cycode_cli:${{ steps.latest_tag.outputs.LATEST_TAG }},cycodehq/cycode_cli:latest

Dockerfile

@@ -1,12 +1,12 @@
-FROM python:3.8.16-alpine3.17 as base
+FROM python:3.12.6-alpine3.20 AS base
 WORKDIR /usr/cycode/app
-RUN apk add git=2.38.5-r0
+RUN apk add git=2.45.2-r0
 
-FROM base as builder
-ENV POETRY_VERSION=1.4.2
+FROM base AS builder
+ENV POETRY_VERSION=1.8.3
 
 # deps are required to build cffi
-RUN apk add --no-cache --virtual .build-deps gcc=12.2.1_git20220924-r4 libffi-dev=3.4.4-r0 musl-dev=1.2.3-r4 &&  \
+RUN apk add --no-cache --virtual .build-deps gcc=13.2.1_git20240309-r0 libffi-dev=3.4.6-r0 musl-dev=1.2.5-r0 &&  \
     pip install --no-cache-dir "poetry==$POETRY_VERSION" "poetry-dynamic-versioning[plugin]" &&  \
     apk del .build-deps gcc libffi-dev musl-dev
 
@@ -19,7 +19,7 @@ RUN poetry config virtualenvs.in-project true && \
     poetry --no-cache install --only=main --no-root && \
     poetry build
 
-FROM base as final
+FROM base AS final
 COPY --from=builder /usr/cycode/app/dist ./
 RUN pip install --no-cache-dir cycode*.whl