feat: Container build pipeline support for GitHub and GitLab

[hoegertn]

Overview

This PR adds comprehensive container build pipeline support for both GitHub Actions and GitLab CI/CD. It provides a flexible, extensible framework for building, scanning, and pushing Docker images across multiple registries and deployment stages.

Changes

New Modules

• src/container-build/base.ts: Abstract base class and interfaces for container build pipelines

  • ContainerBuildPipeline: Base class for CI/CD implementations
  • Configuration interfaces for registries, scanning, tagging, and builds
  • Support for multi-stage deployments with manual approvals
  • Image tag generation and validation logic

• src/container-build/github.ts: GitHub Actions implementation

  • GithubContainerBuildPipeline: Full GitHub Actions workflow generation
  • Separate build and deployment jobs with artifact passing
  • Feature branch support for pull requests
  • Integration with GitHub security scanning (SARIF upload)
  • Support for ECR, Docker Hub, and Harbor registries

• src/container-build/gitlab.ts: GitLab CI/CD implementation

  • GitlabContainerBuildPipeline: Complete GitLab CI configuration
  • Multi-stage pipeline with job templates
  • AWS OIDC token support for ECR authentication
  • Feature branch/merge request builds
  • Artifact management and retention policies

Features

• Multi-Registry Support: ECR, Docker Hub, and Harbor registries
• Image Scanning: Trivy vulnerability scanning and AWS Inspector SBOM generation
• Flexible Tagging: Commit SHA, branch name, semantic versioning, and custom tags
• Multi-Stage Deployments: Dev, staging, production with manual approval gates
• Feature Branch Builds: Automatic builds for pull requests/merge requests
• Extensible Steps: Pre/post-build and post-push hooks for custom logic
• Environment Variables: Stage-specific and global environment configuration

API Documentation

Updated API.md with comprehensive documentation for all new classes and interfaces.

Technical Details

• Leverages existing PipelineStep infrastructure for composable build steps
• Implements PipelineEngine enum for engine type identification
• Validates configuration at construction time to catch errors early
• Generates environment variable setup scripts for CI/CD variable substitution
• Supports both Docker BuildKit and standard Docker builds

Testing

The implementation supports:

• Multi-platform builds (linux/amd64, linux/arm64, etc.)
• Build caching strategies
• Artifact passing between jobs
• Security scanning with failure conditions
• Manual approval workflows