Phase7/versioning

.github/renovate.json

@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>raunodepasquale/containersandorchestratorlab:renovate.json"]
+}

.github/workflows/build-and-push.yml

@@ -0,0 +1,130 @@
+# Build and Push Docker Images Workflow
+# Builds production Docker images and pushes them to GitHub Container Registry
+# Only runs after PR approval (on main/develop branch push) to ensure security validation
+
+name: Build and Push Images
+
+# Trigger Configuration
+# Supports both automatic builds and semantic version releases
+on:
+  workflow_dispatch:  # Manual triggering with version support
+    inputs:
+      version_tag:
+        description: 'Semantic version tag (e.g., v1.2.3)'
+        required: false
+        type: string
+      deploy_to_staging:
+        description: 'Deploy to staging after build'
+        required: false
+        default: 'false'
+        type: choice
+        options:
+        - 'true'
+        - 'false'
+  push:
+    paths:
+      - 'packages/**'  # Only trigger when application code changes
+    branches:
+      - main           # Production branch
+      - develop        # Development branch
+
+# Environment variables for container registry
+env:
+  REGISTRY: ghcr.io                    # GitHub Container Registry
+  IMAGE_NAME: ${{ github.repository }} # Use repository name as base image name
+
+jobs:
+  # Job: Build and Push Container Images
+  # Builds production-ready Docker images and pushes to registry
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    # Required permissions for GitHub Container Registry
+    permissions:
+      contents: read   # Read repository contents
+      packages: write  # Push to GitHub Container Registry
+
+    # Build all 4 services in parallel using matrix strategy
+    strategy:
+      matrix:
+        service: [backend, frontend, processor, lakepublisher]
+
+    steps:
+      # Get the source code
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # Authenticate with GitHub Container Registry
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}     # ghcr.io
+          username: ${{ github.actor }}     # GitHub username
+          password: ${{ secrets.GITHUB_TOKEN }}  # Automatic GitHub token
+
+      # Determine version and tags
+      - name: Determine version and tags
+        id: version
+        run: |
+          if [ -n "${{ github.event.inputs.version_tag }}" ]; then
+            # Manual dispatch with semantic version
+            VERSION_TAG="${{ github.event.inputs.version_tag }}"
+            TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}:${VERSION_TAG}"
+            TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}:latest"
+            echo "Using semantic version: $VERSION_TAG"
+          else
+            # Automatic build with commit-based tags
+            if [ "${{ github.ref_name }}" = "main" ]; then
+              TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}:main-${{ github.sha }}"
+              TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}:latest"
+            else
+              TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}:${{ github.ref_name }}-${{ github.sha }}"
+            fi
+            VERSION_TAG="${{ github.ref_name }}-${{ github.sha }}"
+          fi
+
+          echo "tags=$TAGS" >> $GITHUB_OUTPUT
+          echo "version_tag=$VERSION_TAG" >> $GITHUB_OUTPUT
+          echo "Generated tags: $TAGS"
+
+      # Extract metadata for labels
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/${{ matrix.service }}
+
+      # Build Docker image and push to registry
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./packages/${{ matrix.service }}  # Build context for each service
+          target: production                         # Use production stage (runs tests first)
+          push: true                                # Push to registry
+          tags: ${{ steps.version.outputs.tags }}  # Apply version-based tags
+          labels: ${{ steps.meta.outputs.labels }} # Apply metadata labels
+          build-args: |
+            VERSION=${{ steps.version.outputs.version_tag }}
+            BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+            VCS_REF=${{ github.sha }}
+
+  # Job 2: Trigger Staging Deployment (if requested)
+  trigger-staging:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.event.inputs.deploy_to_staging == 'true' && github.event.inputs.version_tag != ''
+
+    steps:
+      - name: Trigger staging deployment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              workflow_id: 'deploy-staging.yml',
+              ref: 'main',
+              inputs: {
+                image_tag: '${{ github.event.inputs.version_tag }}'
+              }
+            });