wip

Author: drew

.github/workflows/ci-image.yml

@@ -0,0 +1,74 @@
+name: CI Image
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'deploy/docker/Dockerfile.ci'
+      - 'mise.toml'
+      - 'build/**'
+      - '.github/workflows/ci-image.yml'
+  pull_request:
+    branches: [main]
+    paths:
+      - 'deploy/docker/Dockerfile.ci'
+      - 'mise.toml'
+      - 'build/**'
+      - '.github/workflows/ci-image.yml'
+
+env:
+  REGISTRY: ghcr.io
+  CI_IMAGE: ghcr.io/${{ github.repository }}/ci
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-ci-image:
+    name: Build CI Image
+    runs-on: build-amd64
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install mise
+        uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8
+        with:
+          install: false
+
+      - name: Set up Docker Buildx
+        run: mise run docker:buildx:setup
+        env:
+          MISE_AUTO_INSTALL: "0"
+          MISE_TASK_RUN_AUTO_INSTALL: "0"
+          MISE_NOT_FOUND_AUTO_INSTALL: "0"
+
+      - name: Build CI image
+        if: github.ref != 'refs/heads/main'
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=${{ env.CI_IMAGE }}:buildcache \
+            -t ${{ env.CI_IMAGE }}:${{ github.sha }} \
+            -f deploy/docker/Dockerfile.ci \
+            .
+
+      - name: Build and push CI image
+        if: github.ref == 'refs/heads/main'
+        run: |
+          docker buildx build \
+            --platform linux/amd64,linux/arm64 \
+            --cache-from type=registry,ref=${{ env.CI_IMAGE }}:buildcache \
+            --cache-to type=registry,ref=${{ env.CI_IMAGE }}:buildcache,mode=max \
+            --push \
+            -t ${{ env.CI_IMAGE }}:${{ github.sha }} \
+            -t ${{ env.CI_IMAGE }}:latest \
+            -f deploy/docker/Dockerfile.ci \
+            .

.github/workflows/python.yml

@@ -0,0 +1,32 @@
+name: Python
+
+on:
+  pull_request:
+
+env:
+  REGISTRY: ghcr.io
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  python:
+    name: Python
+    runs-on: build-amd64
+    container:
+      image: ${{ env.REGISTRY }}/${{ github.repository }}/ci:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: uv sync --frozen
+
+      - name: Lint
+        run: mise run python:lint
+
+      - name: Test
+        run: mise run test:python

.github/workflows/rust.yml

@@ -0,0 +1,34 @@
+name: Rust
+
+on:
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: "0"
+  REGISTRY: ghcr.io
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:
+  rust:
+    name: Rust
+    runs-on: build-amd64
+    container:
+      image: ${{ env.REGISTRY }}/${{ github.repository }}/ci:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Check formatting
+        run: mise run fmt:check
+
+      - name: Clippy
+        run: mise run clippy
+
+      - name: Test
+        run: mise run test:rust

build/docker.toml

@@ -1,5 +1,45 @@
 # Docker image build tasks
 
+["docker:buildx:setup"]
+description = "Create a multi-arch buildx builder with remote BuildKit nodes"
+usage = """
+flag "--amd64 <endpoint>" default="tcp://buildkit-amd64.buildkit:1234" help="BuildKit endpoint for linux/amd64"
+flag "--arm64 <endpoint>" default="tcp://buildkit-arm64.buildkit:1234" help="BuildKit endpoint for linux/arm64"
+flag "--name <name>" default="navigator" help="Builder instance name"
+"""
+run = """
+#!/usr/bin/env bash
+set -euo pipefail
+
+BUILDER="${usage_name}"
+AMD64="${usage_amd64}"
+ARM64="${usage_arm64}"
+
+# Remove existing builder if present so we get a clean config
+if docker buildx inspect "${BUILDER}" >/dev/null 2>&1; then
+  echo "Removing existing builder: ${BUILDER}"
+  docker buildx rm "${BUILDER}"
+fi
+
+echo "Creating builder: ${BUILDER}"
+docker buildx create \
+  --name "${BUILDER}" \
+  --driver remote \
+  --platform linux/amd64 \
+  "${AMD64}"
+
+docker buildx create \
+  --name "${BUILDER}" \
+  --append \
+  --driver remote \
+  --platform linux/arm64 \
+  "${ARM64}"
+
+docker buildx use "${BUILDER}"
+echo "Builder '${BUILDER}' is now active:"
+docker buildx inspect "${BUILDER}"
+"""
+
 ["docker:build"]
 description = "Build all Docker images"
 depends = [