docker images

.dockerignore

@@ -1 +1,5 @@
 **/node_modules
+.env
+.env.*
+**/.env
+**/.env.*

.github/actions/build-docker-image/action.yml

@@ -0,0 +1,38 @@
+name: 'Build Docker Image'
+description: 'Build and push Docker image for a service'
+
+inputs:
+  service_name:
+    description: 'Name of the service to build'
+    required: true
+  tag:
+    description: 'Tag to apply to the image'
+    required: true
+  docker_username:
+    description: 'Docker registry username'
+    required: true
+  docker_password:
+    description: 'Docker registry password'
+    required: true
+  platform:
+    description: 'Platform to build for'
+    required: false
+    default: 'linux/amd64'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Docker Login
+      uses: ./.github/actions/docker-login
+      with:
+        username: ${{ inputs.docker_username }}
+        password: ${{ inputs.docker_password }}
+
+    - name: Build Docker image
+      shell: bash
+      run: |
+        ./scripts/docker.sh ${{ inputs.service_name }} --tag ${{ inputs.tag }} --platform ${{ inputs.platform }} --push
+

.github/actions/docker-login/action.yml

@@ -0,0 +1,24 @@
+name: 'Docker Login with Verification'
+description: 'Login to Docker Hub and verify the login with user information'
+inputs:
+  username:
+    description: 'Docker Hub username'
+    required: true
+  password:
+    description: 'Docker Hub password'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Login to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+
+    - name: Verify Docker login
+      shell: bash
+      run: |
+        echo "Docker login successful!"
+        echo "Current Docker user: $(docker system info | grep Username || echo 'Not available')"
+

.github/actions/setup-services-matrix/action.yml

@@ -0,0 +1,17 @@
+name: 'Setup Services Matrix'
+description: 'Load services configuration and output as matrix for workflows'
+
+outputs:
+  services:
+    description: 'JSON array of services for matrix strategy'
+    value: ${{ steps.load-services.outputs.services }}
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Load services configuration
+      id: load-services
+      shell: bash
+      run: |
+        SERVICES=$(cat .github/config/services.json | jq -c .)
+        echo "services=$SERVICES" >> $GITHUB_OUTPUT

.github/config/services.json

@@ -0,0 +1,11 @@
+[
+  "verified-notifications",
+  "crm", 
+  "archiver",
+  "staking",
+  "trending-challenge-rewards", 
+  "mri",
+  "relay",
+  "solana-relay",
+  "anti-abuse-oracle"
+]

.github/workflows/build-services.yml

@@ -0,0 +1,96 @@
+name: Build Services
+
+on:
+  workflow_call:
+    inputs:
+      tag:
+        description: 'Tag to apply to images'
+        required: true
+        type: string
+
+jobs:
+  # Generate services list for matrix
+  setup:
+    name: Setup services matrix
+    runs-on: ubuntu-latest
+    outputs:
+      services: ${{ steps.setup-services.outputs.services }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup services matrix
+        id: setup-services
+        uses: ./.github/actions/setup-services-matrix
+
+  # Build AMD64 images  
+  build-amd64:
+    name: Build ${{ matrix.service }} (amd64)
+    runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Docker Image
+        uses: ./.github/actions/build-docker-image
+        with:
+          service_name: ${{ matrix.service }}
+          tag: ${{ inputs.tag }}-amd64
+          platform: linux/amd64
+          docker_username: ${{ secrets.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+
+  # Build ARM64 images
+  build-arm64:
+    name: Build ${{ matrix.service }} (arm64)
+    runs-on: ubuntu-24.04-arm
+    needs: setup
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build Docker Image
+        uses: ./.github/actions/build-docker-image
+        with:
+          service_name: ${{ matrix.service }}
+          tag: ${{ inputs.tag }}-arm64
+          platform: linux/arm64
+          docker_username: ${{ secrets.DOCKER_USERNAME }}
+          docker_password: ${{ secrets.DOCKER_PASSWORD }}
+
+  # Create multiarch manifests
+  create-multiarch:
+    name: Create multiarch manifest for ${{ matrix.service }}
+    runs-on: ubuntu-latest
+    needs: [setup, build-amd64, build-arm64]
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: ./.github/actions/docker-login
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Create multiarch manifest
+        run: |
+          AMD64_TAG="audius/pedalboard:${{ matrix.service }}-${{ inputs.tag }}-amd64"
+          ARM64_TAG="audius/pedalboard:${{ matrix.service }}-${{ inputs.tag }}-arm64"
+          MULTIARCH_TAG="audius/pedalboard:${{ matrix.service }}-${{ inputs.tag }}"
+
+          docker buildx imagetools create \
+            "$AMD64_TAG" \
+            "$ARM64_TAG" \
+            --tag "$MULTIARCH_TAG"
+

.github/workflows/edge.yml

@@ -0,0 +1,57 @@
+name: Edge Release
+
+on:
+  push:
+    branches: [ main ]
+
+concurrency:
+  group: edge-release
+  cancel-in-progress: false
+
+jobs:
+  # First build the services
+  build:
+    uses: ./.github/workflows/build-services.yml
+    with:
+      tag: ${{ github.sha }}
+    secrets: inherit
+
+  # Setup services matrix
+  setup:
+    name: Setup services matrix
+    runs-on: ubuntu-latest
+    needs: build
+    outputs:
+      services: ${{ steps.setup-services.outputs.services }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup services matrix
+        id: setup-services
+        uses: ./.github/actions/setup-services-matrix
+
+  # Then retag the multiarch images as edge
+  retag-edge:
+    name: Retag ${{ matrix.service }} as edge
+    runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: ./.github/actions/docker-login
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Retag as edge
+        run: |
+          SOURCE_TAG="audius/pedalboard:${{ matrix.service }}-${{ github.sha }}"
+          EDGE_TAG="audius/pedalboard:${{ matrix.service }}-edge"
+          docker buildx imagetools create "$SOURCE_TAG" --tag "$EDGE_TAG"
+

.github/workflows/latest.yml

@@ -0,0 +1,80 @@
+name: Release Latest
+
+on:
+  workflow_dispatch:
+    inputs:
+      commit_sha:
+        description: 'Commit SHA to tag as latest (must have successful edge build)'
+        required: true
+        type: string
+
+concurrency:
+  group: latest-release
+  cancel-in-progress: false
+
+jobs:
+  # Setup services matrix
+  setup:
+    name: Setup services matrix
+    runs-on: ubuntu-latest
+    outputs:
+      services: ${{ steps.setup-services.outputs.services }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup services matrix
+        id: setup-services
+        uses: ./.github/actions/setup-services-matrix
+
+  # Verify edge images exist for the specified commit
+  verify-edge:
+    name: Verify edge images exist
+    runs-on: ubuntu-latest
+    needs: setup
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: ./.github/actions/docker-login
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Verify source image exists
+        run: |
+          SOURCE_TAG="audius/pedalboard:${{ matrix.service }}-${{ inputs.commit_sha }}"
+          if ! docker manifest inspect "$SOURCE_TAG" > /dev/null 2>&1; then
+            echo "Error: Image $SOURCE_TAG does not exist. Make sure the edge build completed successfully for commit ${{ inputs.commit_sha }}"
+            exit 1
+          fi
+          echo "✅ Verified $SOURCE_TAG exists"
+
+  # Retag edge images as latest
+  retag-latest:
+    name: Tag ${{ matrix.service }} as latest
+    runs-on: ubuntu-latest
+    needs: [setup, verify-edge]
+    strategy:
+      matrix:
+        service: ${{ fromJson(needs.setup.outputs.services) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker Login
+        uses: ./.github/actions/docker-login
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Retag as latest
+        run: |
+          SOURCE_TAG="audius/pedalboard:${{ matrix.service }}-${{ inputs.commit_sha }}"
+          LATEST_TAG="audius/pedalboard:${{ matrix.service }}-latest"
+          docker buildx imagetools create "$SOURCE_TAG" --tag "$LATEST_TAG"
+          echo "✅ Tagged $SOURCE_TAG as $LATEST_TAG"

.github/workflows/pr.yml

@@ -0,0 +1,12 @@
+name: PR Build
+
+on:
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+    uses: ./.github/workflows/build-services.yml
+    with:
+      tag: ${{ github.sha }}
+    secrets: inherit