Add Docker image build and push to Azure Container Registry

- Added Docker support to reusable workflow for application releases
- Configured ACR authentication using ACR_URL, ACR_USERNAME, and ACR_PASSWORD secrets
- Automatic multi-stage Dockerfile generation if not present
- Builds and pushes Docker images with version and latest tags
- Updated Reframe release workflow to enable Docker builds
- Updated documentation with ACR configuration requirements

Author: shankar-gpio

.github/workflows/release-reframe.yml

@@ -17,5 +17,10 @@ jobs:
       package-type: application
       skip-publish: true  # Reframe is not published to crates.io
       dry-run: ${{ inputs.dry_run }}
+      docker-enabled: true
+      docker-image-name: reframe
     secrets:
-      GH_PAT: ${{ secrets.GH_PAT }}
+      GH_PAT: ${{ secrets.GH_PAT }}
+      ACR_URL: ${{ secrets.ACR_URL }}
+      ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
+      ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}

.github/workflows/rust-release-reusable.yml

@@ -22,13 +22,31 @@ on:
         required: false
         type: boolean
         default: false
+      docker-enabled:
+        description: 'Enable Docker image build and push'
+        required: false
+        type: boolean
+        default: false
+      docker-image-name:
+        description: 'Docker image name (defaults to package name)'
+        required: false
+        type: string
     secrets:
       GH_PAT:
         description: 'GitHub Personal Access Token for pushing tags'
         required: true
       CRATES_IO_TOKEN:
         description: 'Token for publishing to crates.io'
         required: false
+      ACR_URL:
+        description: 'Azure Container Registry URL (e.g., myregistry.azurecr.io)'
+        required: false
+      ACR_USERNAME:
+        description: 'Azure Container Registry username (service principal ID or username)'
+        required: false
+      ACR_PASSWORD:
+        description: 'Azure Container Registry password or token'
+        required: false
 
 env:
   CARGO_TERM_COLOR: always
@@ -181,6 +199,97 @@ jobs:
           
           echo "Release artifacts packaged"
       
+      - name: Login to Azure Container Registry
+        if: inputs.docker-enabled == true && inputs.dry-run != true
+        run: |
+          echo "Logging in to Azure Container Registry: ${{ secrets.ACR_URL }}"
+          echo "${{ secrets.ACR_PASSWORD }}" | docker login "${{ secrets.ACR_URL }}" \
+            --username "${{ secrets.ACR_USERNAME }}" \
+            --password-stdin
+      
+      - name: Create default Dockerfile if needed
+        if: inputs.docker-enabled == true
+        run: |
+          if [ ! -f "Dockerfile" ]; then
+            echo "Creating multi-stage Dockerfile for Rust application"
+            cat > Dockerfile << 'DOCKERFILE_END'
+          # Build stage
+          FROM rust:1.75-slim as builder
+          
+          WORKDIR /app
+          
+          # Install build dependencies
+          RUN apt-get update && apt-get install -y \
+              pkg-config \
+              libssl-dev \
+              && rm -rf /var/lib/apt/lists/*
+          
+          # Copy manifests
+          COPY Cargo.toml Cargo.lock ./
+          
+          # Copy source code
+          COPY src ./src
+          
+          # Build release binary
+          RUN cargo build --release
+          
+          # Runtime stage
+          FROM debian:bookworm-slim
+          
+          # Install runtime dependencies
+          RUN apt-get update && apt-get install -y \
+              ca-certificates \
+              libssl3 \
+              && rm -rf /var/lib/apt/lists/*
+          
+          # Copy the binary from builder
+          COPY --from=builder /app/target/release/${{ steps.package_info.outputs.name }} /usr/local/bin/${{ steps.package_info.outputs.name }}
+          
+          # Create non-root user
+          RUN useradd -m -u 1000 appuser && \
+              chown appuser:appuser /usr/local/bin/${{ steps.package_info.outputs.name }}
+          
+          USER appuser
+          
+          ENTRYPOINT ["/usr/local/bin/${{ steps.package_info.outputs.name }}"]
+          DOCKERFILE_END
+            echo "Created default Dockerfile"
+          else
+            echo "Using existing Dockerfile"
+          fi
+      
+      - name: Build Docker image
+        if: inputs.docker-enabled == true
+        run: |
+          IMAGE_NAME="${{ inputs.docker-image-name || steps.package_info.outputs.name }}"
+          IMAGE_TAG="${{ steps.package_info.outputs.version }}"
+          FULL_IMAGE="${{ secrets.ACR_URL }}/${IMAGE_NAME}:${IMAGE_TAG}"
+          LATEST_IMAGE="${{ secrets.ACR_URL }}/${IMAGE_NAME}:latest"
+          
+          echo "Building Docker image: ${FULL_IMAGE}"
+          
+          # Build the Docker image
+          docker build -t "${FULL_IMAGE}" -t "${LATEST_IMAGE}" .
+          
+          echo "docker_image=${FULL_IMAGE}" >> $GITHUB_OUTPUT
+          echo "docker_image_latest=${LATEST_IMAGE}" >> $GITHUB_OUTPUT
+      
+      - name: Push Docker image to Azure Container Registry
+        if: inputs.docker-enabled == true && inputs.dry-run != true
+        run: |
+          IMAGE_NAME="${{ inputs.docker-image-name || steps.package_info.outputs.name }}"
+          IMAGE_TAG="${{ steps.package_info.outputs.version }}"
+          FULL_IMAGE="${{ secrets.ACR_URL }}/${IMAGE_NAME}:${IMAGE_TAG}"
+          LATEST_IMAGE="${{ secrets.ACR_URL }}/${IMAGE_NAME}:latest"
+          
+          echo "Pushing Docker images to Azure Container Registry"
+          docker push "${FULL_IMAGE}"
+          docker push "${LATEST_IMAGE}"
+          
+          echo "✅ Docker images pushed:"
+          echo "  - ${FULL_IMAGE}"
+          echo "  - ${LATEST_IMAGE}"
+      
       - name: Create GitHub Release
         if: steps.tag.outputs.exists != 'true'
         uses: softprops/action-gh-release@v2
@@ -285,4 +394,11 @@ jobs:
               echo "📦 Published to crates.io"
             fi
             echo "🏷️ Git tag: v${{ steps.package_info.outputs.version }}"
+            
+            if [ "${{ inputs.docker-enabled }}" = "true" ]; then
+              IMAGE_NAME="${{ inputs.docker-image-name || steps.package_info.outputs.name }}"
+              echo "🐳 Docker images pushed to Azure Container Registry:"
+              echo "   - ${{ secrets.ACR_URL }}/${IMAGE_NAME}:${{ steps.package_info.outputs.version }}"
+              echo "   - ${{ secrets.ACR_URL }}/${IMAGE_NAME}:latest"
+            fi
           fi

CLAUDE.md

@@ -41,8 +41,15 @@ All workflows are manually triggered (workflow_dispatch) and include:
    - Creates GitHub releases with proper documentation
    - Publishes to crates.io (libraries only)
    - Packages binaries for applications
+   - Docker image build and push to Azure Container Registry (optional for applications)
 
-4. **Safety Features**:
+4. **Docker Support** (for applications):
+   - Multi-stage Dockerfile generation if not present
+   - Builds optimized Docker images with minimal runtime dependencies
+   - Pushes images with version tag and 'latest' tag to Azure Container Registry
+   - Non-root user execution for security
+
+5. **Safety Features**:
    - Dry run option to test workflow without publishing
    - Version conflict detection
    - Automatic tag management
@@ -56,6 +63,15 @@ These secrets must be configured as organization-level secrets:
   - Required permissions: `repo` (full control of private repositories)
   - This is needed because the default GITHUB_TOKEN cannot push to other repositories
 
+### Azure Container Registry (for Docker-enabled applications)
+
+For applications that build and push Docker images to Azure Container Registry:
+
+**Required Secrets:**
+- `ACR_URL` - Azure Container Registry URL (e.g., `myregistry.azurecr.io`)
+- `ACR_USERNAME` - Azure Container Registry username (service principal ID or admin username)
+- `ACR_PASSWORD` - Azure Container Registry password or access token
+
 Note: `GITHUB_TOKEN` is auto-provided by GitHub but has limited permissions for cross-repo operations.
 
 ## Usage Instructions