Agent task: Finish docker-compose actions by creating and pushing docker. Check to use the n

.dockerignore

@@ -0,0 +1,10 @@
+.git
+.github
+bin
+arkiv-storaged
+Dockerfile
+README.md
+architecture.md
+*.md
+tmp
+vendor

.github/workflows/ci.yml

@@ -10,14 +10,14 @@ jobs:
   ci:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6.0.2
 
-      - uses: actions/setup-go@v5
+      - uses: actions/setup-go@v6.4.0
         with:
           go-version: '1.26.0'
           cache: true
 
-      - uses: golangci/golangci-lint-action@v9
+      - uses: golangci/golangci-lint-action@v9.2.0
         with:
           version: latest
 

.github/workflows/docker.yml

@@ -0,0 +1,69 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+    tags: ['*']
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  packages: write
+
+concurrency:
+  group: docker-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: arkiv-node
+            target: production
+          - image: arkiv-node-int
+            target: integration
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+
+      - name: Normalize image owner
+        id: image-owner
+        run: echo "owner=${GITHUB_REPOSITORY_OWNER,,}" >> "$GITHUB_OUTPUT"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4.0.0
+
+      - name: Docker metadata
+        id: meta
+        uses: docker/metadata-action@v6.0.0
+        with:
+          images: ghcr.io/${{ steps.image-owner.outputs.owner }}/${{ matrix.image }}
+          tags: |
+            type=raw,value=${{ github.sha }}
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=ref,event=tag
+
+      - name: Login to GHCR
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v4.1.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v7.1.0
+        with:
+          context: .
+          file: Dockerfile
+          target: ${{ matrix.target }}
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.image }}
+          cache-to: type=gha,scope=${{ matrix.image }},mode=max

Dockerfile

@@ -0,0 +1,87 @@
+# syntax=docker/dockerfile:1.7
+
+ARG UBUNTU_VERSION=26.04
+ARG GO_VERSION=1.26.0
+
+FROM ubuntu:${UBUNTU_VERSION} AS go-toolchain
+
+ARG GO_VERSION
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+ENV CGO_ENABLED=0 \
+    GOPATH=/go \
+    PATH=/usr/local/go/bin:/go/bin:$PATH
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates curl gzip tar \
+    && update-ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN set -eux; \
+    case "${TARGETARCH}" in \
+      amd64) go_arch="amd64" ;; \
+      arm64) go_arch="arm64" ;; \
+      arm) go_arch="armv6l" ;; \
+      *) echo "unsupported TARGETARCH: ${TARGETARCH}" >&2; exit 1 ;; \
+    esac; \
+    curl -fsSL "https://go.dev/dl/go${GO_VERSION}.${TARGETOS}-${go_arch}.tar.gz" -o /tmp/go.tgz; \
+    tar -C /usr/local -xzf /tmp/go.tgz; \
+    rm /tmp/go.tgz; \
+    go version
+
+WORKDIR /src
+
+FROM go-toolchain AS deps
+
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/go/pkg/mod go mod download
+
+FROM deps AS production-build
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+COPY . .
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    mkdir -p /out && \
+    GOOS="${TARGETOS}" GOARCH="${TARGETARCH}" \
+    go build -trimpath -ldflags="-s -w" -o /out/arkiv-storaged ./cmd/arkiv-storaged
+
+FROM deps AS integration-build
+
+ARG TARGETOS=linux
+ARG TARGETARCH=amd64
+
+COPY . .
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    mkdir -p /out && \
+    GOOS="${TARGETOS}" GOARCH="${TARGETARCH}" \
+    go build -o /out/arkiv-storaged ./cmd/arkiv-storaged
+
+FROM ubuntu:${UBUNTU_VERSION} AS runtime-base
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates \
+    && update-ca-certificates \
+    && groupadd --system docker \
+    && useradd --system --create-home --gid docker --home-dir /home/docker --shell /usr/sbin/nologin docker \
+    && mkdir -p /var/lib/arkiv-storaged \
+    && chown -R docker:docker /var/lib/arkiv-storaged /home/docker \
+    && rm -rf /var/lib/apt/lists/*
+
+EXPOSE 2704 2705
+USER docker
+
+ENTRYPOINT ["arkiv-storaged"]
+CMD ["-data-dir", "/var/lib/arkiv-storaged"]
+
+FROM runtime-base AS production
+
+COPY --from=production-build /out/arkiv-storaged /usr/local/bin/arkiv-storaged
+
+FROM runtime-base AS integration
+
+COPY --from=integration-build /out/arkiv-storaged /usr/local/bin/arkiv-storaged