dev container build workflow

Author: filippomc

.devcontainer/Dockerfile

@@ -130,11 +130,11 @@ RUN (npm install -g yarn@latest || (command -v corepack >/dev/null 2>&1 && corep
 WORKDIR /cloudharness
 
 # Copy all requirements files first for better Docker layer caching
-COPY ../libraries/models/requirements.txt ./libraries/models/
-COPY ../libraries/cloudharness-utils/requirements.txt ./libraries/cloudharness-utils/
-COPY ../libraries/cloudharness-common/requirements.txt ./libraries/cloudharness-common/
-COPY ../libraries/client/cloudharness_cli/requirements.txt ./libraries/client/cloudharness_cli/
-COPY ../tools/deployment-cli-tools/requirements.txt ./tools/deployment-cli-tools/
+COPY libraries/models/requirements.txt ./libraries/models/
+COPY libraries/cloudharness-utils/requirements.txt ./libraries/cloudharness-utils/
+COPY libraries/cloudharness-common/requirements.txt ./libraries/cloudharness-common/
+COPY libraries/client/cloudharness_cli/requirements.txt ./libraries/client/cloudharness_cli/
+COPY tools/deployment-cli-tools/requirements.txt ./tools/deployment-cli-tools/
 
 # Install all external dependencies with caching
 RUN --mount=type=cache,target=/root/.cache \
@@ -145,8 +145,8 @@ RUN --mount=type=cache,target=/root/.cache \
     pip install -r tools/deployment-cli-tools/requirements.txt --prefer-binary
 
 # Copy requirements files for common framework libraries
-COPY ../infrastructure/common-images/cloudharness-flask/requirements.txt ./infrastructure/flask-requirements.txt
-COPY ../infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/requirements.txt ./infrastructure/django-requirements.txt
+COPY infrastructure/common-images/cloudharness-flask/requirements.txt ./infrastructure/flask-requirements.txt
+COPY infrastructure/common-images/cloudharness-django/libraries/cloudharness-django/requirements.txt ./infrastructure/django-requirements.txt
 
 # Install additional tools and common framework libraries
 RUN --mount=type=cache,target=/root/.cache \
@@ -155,24 +155,24 @@ RUN --mount=type=cache,target=/root/.cache \
     pip install -r infrastructure/django-requirements.txt --prefer-binary
 
 # Copy and install libraries one by one
-COPY ../libraries/models ./libraries/models
+COPY libraries/models ./libraries/models
 RUN pip install -e libraries/models --no-cache-dir
 
-COPY ../libraries/cloudharness-utils ./libraries/cloudharness-utils
+COPY libraries/cloudharness-utils ./libraries/cloudharness-utils
 RUN pip install -e libraries/cloudharness-utils --no-cache-dir
 
-COPY ../libraries/cloudharness-common ./libraries/cloudharness-common
+COPY libraries/cloudharness-common ./libraries/cloudharness-common
 RUN pip install -e libraries/cloudharness-common --no-cache-dir
 
-COPY ../libraries/client/cloudharness_cli ./libraries/client/cloudharness_cli
+COPY libraries/client/cloudharness_cli ./libraries/client/cloudharness_cli
 RUN pip install -e libraries/client/cloudharness_cli --no-cache-dir
 
-COPY ../tools/deployment-cli-tools ./tools/deployment-cli-tools
+COPY tools/deployment-cli-tools ./tools/deployment-cli-tools
 RUN pip install -e tools/deployment-cli-tools --no-cache-dir
 
 
 # Copy and install cloudharness framework libraries (last to ensure they override any conflicts)
-COPY ../infrastructure/common-images/cloudharness-django/libraries/cloudharness-django infrastructure/cloudharness-django
+COPY infrastructure/common-images/cloudharness-django/libraries/cloudharness-django infrastructure/cloudharness-django
 RUN pip install -e infrastructure/cloudharness-django --no-cache-dir || echo "cloudharness-django not installable" 
 
 # Ensure latest npm & yarn still available after project copy (optional refresh)

.github/workflows/README.md

@@ -0,0 +1,92 @@
+# GitHub Actions - Docker Build and Push
+
+This workflow builds the CloudHarness development container and pushes it to Google Cloud Registry.
+
+## Required Secrets
+
+You need to configure the following secrets in your GitHub repository settings:
+
+### 1. `GCP_PROJECT_ID`
+- **Description**: Your Google Cloud Project ID
+- **Example**: `my-cloudharness-project`
+- **How to find**: Go to Google Cloud Console → Project Info → Project ID
+
+### 2. `GCP_SA_KEY`
+- **Description**: Google Cloud Service Account key (JSON format)
+- **Format**: Complete JSON key file content
+- **Required permissions**: 
+  - `Storage Admin` (for pushing to Container Registry)
+  - `Container Registry Service Agent`
+
+## Setting up the Service Account
+
+1. **Create a Service Account**:
+   ```bash
+   gcloud iam service-accounts create github-actions \
+     --description="Service account for GitHub Actions" \
+     --display-name="GitHub Actions"
+   ```
+
+2. **Grant necessary permissions**:
+   ```bash
+   gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
+     --member="serviceAccount:github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
+     --role="roles/storage.admin"
+   
+   gcloud projects add-iam-policy-binding YOUR_PROJECT_ID \
+     --member="serviceAccount:github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com" \
+     --role="roles/containerregistry.ServiceAgent"
+   ```
+
+3. **Create and download the key**:
+   ```bash
+   gcloud iam service-accounts keys create github-actions-key.json \
+     --iam-account=github-actions@YOUR_PROJECT_ID.iam.gserviceaccount.com
+   ```
+
+4. **Add the key to GitHub Secrets**:
+   - Copy the entire content of `github-actions-key.json`
+   - Go to GitHub repository → Settings → Secrets and variables → Actions
+   - Create new secret named `GCP_SA_KEY`
+   - Paste the JSON content
+
+## Workflow Triggers
+
+The workflow runs on:
+- **Push to main/develop**: Builds and pushes with branch name and `latest` tags
+- **Pull requests**: Builds and pushes with PR reference tags
+- **Manual trigger**: Can be run manually from GitHub Actions tab
+- **File changes**: Only triggers when relevant files are modified
+
+## Image Tags
+
+The workflow creates multiple tags:
+- `latest` (only for main branch)
+- `<branch-name>` (for branch pushes)
+- `<branch-name>-<sha>` (with git commit SHA)
+- `pr-<number>` (for pull requests)
+
+## Multi-platform Support
+
+The workflow builds for both:
+- `linux/amd64` (Intel/AMD processors)
+- `linux/arm64` (ARM processors, including Apple Silicon)
+
+## Registry Location
+
+Images are pushed to: `gcr.io/YOUR_PROJECT_ID/cloudharness-dev`
+
+## Usage
+
+After the workflow runs, you can pull the image:
+
+```bash
+# Pull latest (from main branch)
+docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:latest
+
+# Pull specific branch
+docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:develop
+
+# Pull specific commit
+docker pull gcr.io/YOUR_PROJECT_ID/cloudharness-dev:main-abc1234
+```

.github/workflows/build-dev-container.yml

@@ -0,0 +1,85 @@
+name: Build and Push CloudHarness Dev Container
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'Dockerfile'
+      - 'docker-compose.yml'
+      - '.devcontainer/**'
+      - 'dev-scripts/**'
+      - 'libraries/**'
+      - 'tools/**'
+      - 'infrastructure/common-images/**'
+  pull_request:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'Dockerfile'
+      - 'docker-compose.yml'
+      - '.devcontainer/**'
+      - 'dev-scripts/**'
+      - 'libraries/**'
+      - 'tools/**'
+      - 'infrastructure/common-images/**'
+  workflow_dispatch:
+
+env:
+  REGISTRY: gcr.io
+  PROJECT_ID: metacellllc
+  IMAGE_NAME: cloud-harness/dev-container
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@v2
+      with:
+        credentials_json: ${{ secrets.GCP_SA_KEY }}
+
+    - name: Configure Docker to use gcloud as a credential helper
+      run: |
+        gcloud auth configure-docker
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.PROJECT_ID }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./.devcontainer/Dockerfile
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/amd64,linux/arm64
+
+    - name: Output image details
+      run: |
+        echo "Image pushed to: ${{ steps.meta.outputs.tags }}"
+        echo "Image digest: ${{ steps.build.outputs.digest }}"