[ci] #388: Add images generation build automation

Introduce Dockerfiles based on latest Python available
Install silkaj and make it available to the CLI
Two steps: build, copy.
Otherwise, you don’t get Silkaj sources built-in the image

Poetry and pip environment of images builds:
- Pip for direct consumers like DeathReaper
- Poetry for developers, with git in

Manual triggered job to generate the image
Extensible job definition for future usages
Rename stage from `publish` to `package`

Tag images with the commit hash, the branch, and latest
Define python version variable and pass it as an ARG to the builds

Release and `dev` channels and jobs
Tag the image with the git tag when present

Set "allow_failure: true" on non-release images, to allow automatic MR merge

.gitlab-ci.yml

 stages:
   - checks
   - tests
-  - publish
+  - package
   - coverage
 
 variables:
@@ -105,8 +105,64 @@ tests:3.10:
   variables:
     PYTHON_VERSION: "3.10"
 
+.image:
+  stage: package
+  tags: [docker]
+  image: docker:latest
+  services:
+    - docker:dind
+  variables:
+    PYTHON_VERSION: "3.10"
+  script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
+    - docker build --pull -t "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_SHORT_SHA" -f image/$ENV --build-arg PYTHON_VERS=$PYTHON_VERSION .
+    - docker push "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_SHORT_SHA"
+    - docker tag "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:latest"
+    - docker push "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:latest"
+
+.image:release:
+  extends: .image
+  variables:
+    CHANNEL: "release"
+  after_script:
+    - docker tag "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_SHORT_SHA" "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_TAG"
+    - docker push "$CI_REGISTRY_IMAGE/$CHANNEL/$ENV:$CI_COMMIT_TAG"
+  rules:
+    - if: $CI_COMMIT_TAG
+      when: manual
+
+image:release:poetry:
+  extends: .image:release
+  variables:
+    ENV: "poetry"
+
+image:release:pip:
+  extends: .image:release
+  variables:
+    ENV: "pip"
+
+.image:branch:
+  extends: .image
+  allow_failure: true
+  variables:
+    CHANNEL: $CI_COMMIT_BRANCH
+  rules:
+    - if: $CI_COMMIT_TAG
+      when: never
+    - when: manual
+
+image:branch:poetry:
+  extends: .image:branch
+  variables:
+    ENV: "poetry"
+
+image:branch:pip:
+  extends: .image:branch
+  variables:
+    ENV: "pip"
+
 pypi_test:
-  stage: publish
+  stage: package
   rules:
     - if: $CI_COMMIT_TAG
       when: manual
@@ -115,7 +171,7 @@ pypi_test:
     - poetry publish --build --username $PYPI_TEST_LOGIN --password $PYPI_TEST_PASSWORD --repository pypi_test
 
 pypi:
-  stage: publish
+  stage: package
   rules:
     - if: $CI_COMMIT_TAG
       when: manual

image/pip

+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+ARG PYTHON_VERS
+FROM python:${PYTHON_VERS}-slim-bullseye AS build
+
+WORKDIR /silkaj
+
+# Copy source tree
+COPY ./ ./
+
+# Install Silkaj
+RUN pip install .
+
+# ------------------------------------------------------------------------------
+# Final Stage
+# ------------------------------------------------------------------------------
+FROM python:${PYTHON_VERS}-slim-bullseye
+ARG PYTHON_VERS
+
+# Create silkaj group and user
+RUN groupadd -g 1111 silkaj && \
+    useradd -d /silkaj -g silkaj -u 1111 silkaj
+
+# Install libsodium
+RUN apt update && \
+    apt install --yes libsodium23 && \
+    rm -rf /var/lib/apt/lists
+
+# Copy the build artifact from the build stage
+COPY --from=build /usr/local/bin/silkaj /usr/local/bin/silkaj
+COPY --from=build /usr/local/lib/python${PYTHON_VERS}/site-packages/ /usr/local/lib/python${PYTHON_VERS}/site-packages/
+
+# Use silkaj user
+USER silkaj
+WORKDIR /usr/local/lib/python${PYTHON_VERS}/site-packages/silkaj
+
+CMD ["/usr/local/bin/silkaj"]

image/poetry

+# ------------------------------------------------------------------------------
+# Build Stage
+# ------------------------------------------------------------------------------
+ARG PYTHON_VERS
+FROM registry.duniter.org/docker/python3/poetry/${PYTHON_VERS}:latest AS build
+
+WORKDIR /silkaj
+
+# Copy source tree
+COPY ./ ./
+
+# Install Silkaj
+RUN poetry install --no-dev
+
+# ------------------------------------------------------------------------------
+# Final Stage
+# ------------------------------------------------------------------------------
+FROM registry.duniter.org/docker/python3/poetry/${PYTHON_VERS}:latest
+ARG PYTHON_VERS
+
+# Create silkaj group and user
+RUN groupadd -g 1111 silkaj && \
+    useradd -d /silkaj -g silkaj -u 1111 silkaj
+
+# Install libsodium and git
+RUN apt update && \
+    apt install --yes libsodium23 git && \
+    rm -rf /var/lib/apt/lists
+
+# Set up alias to directly get silkaj command
+# https://stackoverflow.com/a/3638886
+RUN printf '#!/bin/bash\npoetry run silkaj "$@"' > /usr/bin/silkaj && \
+    chmod +x /usr/bin/silkaj
+
+# Copy the build artifact from the build stage
+COPY --from=build --chown=silkaj:silkaj /silkaj /silkaj
+COPY --from=build --chown=silkaj:silkaj /root/.cache/pypoetry/virtualenvs /silkaj/.cache/pypoetry/virtualenvs
+
+# Use silkaj user
+USER silkaj
+WORKDIR /silkaj
+
+CMD ["/usr/bin/silkaj"]