GitHub Actions and Docker build process improvements (#5)

Using buildx to do multi-arch builds and passing around tar-files with
the resulting images doesn't work as expected – the regular Docker
client doesn't cope too well with the multi-arch aspect of it all...

So, it is either using a single step buildx-command to do everything
(building, tagging and pushing), or completely reimplement the
convenience of buildx using the regular build and the manifest-tool.

The latter would have allowed me to stay with a single, multi-step,
workflow with as little duplication in steps as possible. The former
appears much simpler though (even if it requires two workflows with a
lot of overlap).

So, there are now a "docker-ci" and a "docker-push" workflow, with some
overlap, but all-in-all a much clearer approach (and fewer magic
"if"-statements to control a highly dynamic flow).

Note that the "docker-push" workflow publishing a "named"-release
currently doesn't actually publish to Docker Hub; it just echo's out the
command it would use (as the only way to test this is to merge to main
and try it out).

Instruct JSCPD to ignore YAML-files. Yes, some of the workflows have
copy-pasted elements, there is no way around that...

Don't run the linter when a tag is created. Bit senseless as the tag
would always be created from a commit that has already been
linted... The previous behaviour leads to the GitHub interface
showing the linter check twice for commits that are tagged.

Also, remove "ci" environment from the linter. Has no added value,
just causes a lot of clutter in the GitHub interface.

.github/workflows/docker-ci.yaml

@@ -0,0 +1,74 @@
+name: Docker CI
+
+on:
+  push:
+    branches-ignore: ["main"]
+    tags-ignore: ["**"]
+
+jobs:
+  ci:
+    name: Build Docker image
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          install: true
+      # Multi-arch builds run in parallel and are thus much faster than a set
+      # of single-arch builds. Subsequent builds leverage the same build-cache,
+      # so nothing gets build twice...
+      - name: Build image (multi-arch)
+        run: |
+          tag="${GITHUB_SHA:0:7}"
+          echo docker_tag="$tag" >> $GITHUB_ENV
+          docker build \
+            --tag thijsputman/tc66c-mqtt:"$tag" \
+            --platform linux/arm64/v8,linux/arm/v7,linux/amd64 \
+            .
+      # Build and upload a separate Docker image for each architecture (to
+      # facilitate testing – the images are not available anywhere else).
+      # Separating the artifacts is out of convenience (otherwise one would
+      # need to download a single big artifact containing all images).
+      - name: Build image (ARM64)
+        run: |
+          docker build \
+            --tag thijsputman/tc66c-mqtt:"${{ env.docker_tag }}" \
+            --output type=docker,dest=/tmp/buildx-arm64.tar \
+            --platform linux/arm64/v8 \
+            .
+      - name: Upload artifact (ARM64)
+        uses: actions/upload-artifact@v2
+        with:
+          name: buildx-arm64
+          path: /tmp/buildx-arm64.tar
+          retention-days: 30
+      - name: Build image (ARMv7)
+        run: |
+          docker build \
+            --tag thijsputman/tc66c-mqtt:"${{ env.docker_tag }}" \
+            --output type=docker,dest=/tmp/buildx-armv7.tar \
+            --platform linux/arm/v7 \
+            .
+      - name: Upload artifact (ARMv7)
+        uses: actions/upload-artifact@v2
+        with:
+          name: buildx-armv7
+          path: /tmp/buildx-armv7.tar
+          retention-days: 30
+      - name: Build image (AMD64)
+        run: |
+          docker build \
+            --tag thijsputman/tc66c-mqtt:"${{ env.docker_tag }}" \
+            --output type=docker,dest=/tmp/buildx-amd64.tar \
+            --platform linux/amd64 \
+            .
+      - name: Upload artifact (AMD64)
+        uses: actions/upload-artifact@v2
+        with:
+          name: buildx-amd64
+          path: /tmp/buildx-amd64.tar
+          retention-days: 30

.github/workflows/docker-push.yml

@@ -0,0 +1,66 @@
+name: Docker push
+
+on:
+  push:
+    branches: ["main"]
+    tags: ["**"]
+
+jobs:
+  push:
+    name: Push to Docker Hub
+    runs-on: ubuntu-20.04
+    environment: docker-hub
+    steps:
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v1
+        with:
+          install: true
+      # Every commit to the main-branch gets published to Docker Hub tagged
+      # under its commit-hash.
+      - name: Build and push (main)
+        if: github.ref == 'refs/heads/main'
+        run: |
+          docker build \
+            --tag thijsputman/tc66c-mqtt:"${GITHUB_SHA:0:7}" \
+            --platform linux/arm64/v8,linux/arm/v7,linux/amd64 \
+            --push \
+            .
+      # Every tag created in Git is assumed to be a "named" release. It gets
+      # published to Docker Hub under its commit-hash (potentially overwriting
+      # the image created from the main-branch), as "latest", under its Git
+      # tag-name (with the leading "v" removed in case the tag is a semantic
+      # version, e.g. "v1.0.0" becomes "1.0.0"), as "stable" in case the
+      # semantic version doesn't have any appendices (e.g. "1.0.0" is considered
+      # stable, "1.0.0-beta1" not).
+      - name: Build and push (tag)
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          ref=(${GITHUB_REF//\// })
+          tag=${ref[2]}
+          if [[ "$tag" =~ ^v[0-9]+\. ]] ; then
+            tag=${tag:1}
+          fi
+          if [[ "$tag" =~ ^(latest|stable)$ ]]; then
+            echo Tag \""$tag"\" is invalid!
+            exit 1
+          fi
+          stable=()
+          if [[ "$tag" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] ; then
+            stable=(--tag thijsputman/tc66c-mqtt:stable)
+          fi
+          echo docker build \
+            --tag thijsputman/tc66c-mqtt:"${GITHUB_SHA:0:7}" \
+            --tag thijsputman/tc66c-mqtt:latest \
+            --tag thijsputman/tc66c-mqtt:"$tag" "${stable[@]}" \
+            --platform linux/arm64/v8,linux/arm/v7,linux/amd64 \
+            --push \
+            .

.github/workflows/linter.yml

@@ -2,6 +2,7 @@ name: Lint codebase
 
 on:
   push:
+    tags-ignore: ["**"]
   pull_request:
     branches: [main]
 jobs:

.jscpd.json

@@ -0,0 +1,3 @@
+{
+  "ignore": ["*.yml"]
+}

README.md

@@ -114,7 +114,8 @@ mosquitto_sub -h <mqtt-broker> -t "tc66c/#"
 
 Alternatively, you can use
 [the pre-built Docker image](https://hub.docker.com/r/thijsputman/tc66c-mqtt).
-Note that the Docker image currently is only available for **`aarch64`**!
+The Docker image is available for `aarch64`, `armhf`/`armv7` and `amd64`. Note
+that _only_ the **`aarch64`** image is actively tested.
 
 In this case, there's no need to `npm install` nor to configure D-Bus.
 
@@ -141,10 +142,10 @@ is via `docker-compose up [-d]`:
 `📄 docker-compose.yml`
 
 ```yaml
-version: "3.7"
+version: "2.3"
 services:
   tc66c-mqtt:
-    image: thijsputman/tc66c-mqtt:latest
+    image: thijsputman/tc66c-mqtt:stable
     security_opt:
       - apparmor=docker-ble
     volumes: