feat: setup new base image with 3.12

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @articulate/platform

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly

.github/workflows/build.yml

@@ -0,0 +1,65 @@
+name: Build
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '0 0 * * 1-6'
+    - cron: '0 0 * * 0' # runs with no-cache
+  workflow_dispatch:
+    inputs:
+      no-cache:
+        description: 'Skip Docker cache'
+        type: boolean
+        default: false
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Find Dockerfiles
+        id: scan
+        run: echo "dockerfiles=$(find . -name Dockerfile | cut -c3- | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT"
+    outputs:
+      dockerfiles: ${{ steps.scan.outputs.dockerfiles }}
+  build:
+    runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      fail-fast: false
+      matrix:
+        dockerfile: ${{ fromJSON(needs.setup.outputs.dockerfiles) }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Get image metadata
+        id: meta
+        run: |
+          tags=$(grep "tags=" ${{ matrix.dockerfile }} | cut -d "=" -f 2)
+          echo "context=$(dirname "${{ matrix.dockerfile }}")" >> "$GITHUB_OUTPUT"
+          echo "tags=${tags}" >> "$GITHUB_OUTPUT"
+          echo "cache=$(echo "$tags" | cut -d "," -f 1)" >> "$GITHUB_OUTPUT"
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/build-push-action@v5
+        with:
+          context: ${{ steps.meta.outputs.context }}
+          pull: ${{ github.event_name != 'pull_request' }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          platforms: linux/amd64,linux/arm64/v8
+          cache-from: type=registry,ref=${{ steps.meta.outputs.cache }}
+          cache-to: type=inline
+          no-cache: ${{ github.event.schedule == '0 0 * * 0' || (github.event_name == 'workflow_dispatch' && inputs.no-cache) }}
+  notify:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.event_name != 'pull_request'
+    steps:
+      - run: curl ${{ secrets.DMS_URL }}

.github/workflows/lint.yml

@@ -0,0 +1,27 @@
+name: Lint
+
+on: pull_request
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Find Dockerfiles
+        id: scan
+        run: echo "dockerfiles=$(find . -name Dockerfile | cut -c3- | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT"
+    outputs:
+      dockerfiles: ${{ steps.scan.outputs.dockerfiles }}
+  lint:
+    runs-on: ubuntu-latest
+    needs: [setup]
+    strategy:
+      fail-fast: false
+      matrix:
+        dockerfile: ${{ fromJSON(needs.setup.outputs.dockerfiles) }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # pin@v3.1.0
+        with:
+          dockerfile: ${{ matrix.dockerfile }}
+          ignore: DL3008,DL3016,DL3033

3.12/Dockerfile

@@ -0,0 +1,28 @@
+# tags=articulate/python:3.12
+# syntax=docker/dockerfile:1
+FROM python:3.12-slim-bookworm
+
+ENV SERVICE_ROOT /service
+ENV SERVICE_USER service
+ENV SERVICE_UID 1001
+
+ARG TARGETARCH
+
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/install_packages /usr/local/bin/install_packages
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/awscli.sh /tmp/awscli.sh
+
+RUN install_packages make && /tmp/awscli.sh && rm /tmp/awscli.sh \
+    && groupadd --gid $SERVICE_UID $SERVICE_USER \
+    && useradd --create-home --shell /bin/bash --gid $SERVICE_UID --uid $SERVICE_UID $SERVICE_USER
+
+ADD --chmod=755 https://github.com/articulate/docker-bootstrap/releases/latest/download/docker-bootstrap_linux_${TARGETARCH} /entrypoint
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/docker-secrets /usr/local/bin/secrets
+ADD --chmod=755 https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh /wait-for-it.sh
+
+USER $SERVICE_USER
+WORKDIR $SERVICE_ROOT
+
+# Our entrypoint will pull in our environment variables from Consul and Vault,
+# and execute whatever command we provided the container.
+# See https://github.com/articulate/docker-bootstrap
+ENTRYPOINT [ "/entrypoint" ]

README.md

@@ -1,5 +1,31 @@
-# Articulate Python Images
+# Docker Python Images
 
-Base Python image
+Base Python Docker images.
 
-These are all built on Dockerhub as Automated Builds.
+## What's Included
+
+* [docker-bootstrap](https://github.com/articulate/docker-bootstrap) entrypoint
+  for loading environment variables from Consul and Vault.
+* [secrets](https://github.com/articulate/docker-bootstrap/blob/main/scripts/docker-secrets)
+  to load Docker secrets as environment variables.
+* [install_packages](https://github.com/articulate/docker-bootstrap/blob/main/scripts/install_packages)
+  to install apt packages.
+* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+  for interacting with AWS services.
+
+## Tags
+
+> 🌟 recommended image
+
+* __articulate/python:3.12__ 🌟
+
+## Creating a new image
+
+The easiest way to create a new image is to copy an existing one and change the
+base image. If creating from scratch, the images need the following:
+
+* Everything listed in [What's included](#whats-included)
+* `make` for internal tooling.
+* A _service_ user and group with a GID and UID of 1001. This should be the default
+  user.
+* A _/service_ directory as the default working directory.