migrating to github

.github/workflows/build.yml

@@ -0,0 +1,219 @@
+name: Build / Test / Push
+
+on:
+  push:
+    branches:
+      - '**'
+  workflow_call:
+  workflow_dispatch:
+
+env:
+  BUILD_SUFFIX: -build-${{ github.run_id }}_${{ github.run_attempt }}
+  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
+
+jobs:
+  build:
+    runs-on: ${{ matrix.runner }}
+    outputs:
+      build-image-arm: ${{ steps.gen-output.outputs.image-arm64 }}
+      build-image-x64: ${{ steps.gen-output.outputs.image-x64 }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-24.04
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - id: build-meta
+        name: Produce the build image tag
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=sha,suffix=${{ env.BUILD_SUFFIX }}
+
+      # Build cache is shared among all builds of the same architecture
+      - id: cache-meta
+        name: Fetch build cache metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=raw,value=buildcache-${{ runner.arch }}
+
+      - id: get-registry
+        name: Get the sanitized registry name
+        run: |
+          echo "registry=$(echo '${{ steps.build-meta.outputs.tags }}' | cut -f1 -d:)" | tee -a "$GITHUB_OUTPUT"
+
+      - id: set_build_url
+        name: Set BUILD_URL
+        run: |
+          echo "build_url=${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" | tee -a "$GITHUB_OUTPUT"
+
+      - id: build
+        name: Build/push the arch-specific image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: ${{ matrix.platform }}
+          build-args: |
+            BUILD_TIMESTAMP=${{ github.event.repository.updated_at }}
+            BUILD_URL=${{ steps.set_build_url.outputs.build_url }}
+            GIT_REF_NAME=${{ github.ref_name }}
+            GIT_SHA=${{ github.sha }}
+            GIT_REPOSITORY_URL=${{ github.repositoryUrl }}
+          cache-from: type=registry,ref=${{ steps.cache-meta.outputs.tags }}
+          cache-to: type=registry,ref=${{ steps.cache-meta.outputs.tags }},mode=max
+          labels: ${{ steps.build-meta.outputs.labels }}
+          provenance: mode=max
+          sbom: true
+          tags: ${{ steps.get-registry.outputs.registry }}
+          outputs: type=image,push-by-digest=true,push=true
+
+      - id: gen-output
+        name: Write arch-specific image digest to outputs
+        run: |
+          echo "image-${RUNNER_ARCH,,}=${{ steps.get-registry.outputs.registry }}@${{ steps.build.outputs.digest }}" | tee -a "$GITHUB_OUTPUT"
+
+  merge:
+    runs-on: ubuntu-latest
+    needs:
+      - build
+    env:
+      DOCKER_APP_IMAGE_ARM64: ${{ needs.build.outputs.build-image-arm }}
+      DOCKER_APP_IMAGE_X64: ${{ needs.build.outputs.build-image-x64 }}
+    outputs:
+      build-image: ${{ steps.meta.outputs.tags }}
+      build-image-arm: ${{ needs.build.outputs.build-image-arm }}
+      build-image-x64: ${{ needs.build.outputs.build-image-x64 }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=sha,suffix=-build-${{ github.run_id }}_${{ github.run_attempt }}
+
+      - name: Push the multi-platform image
+        run: |
+          docker buildx imagetools create \
+            --tag "$DOCKER_METADATA_OUTPUT_TAGS" \
+            "$DOCKER_APP_IMAGE_ARM64" "$DOCKER_APP_IMAGE_X64"
+
+  test:
+    runs-on: ubuntu-24.04
+    needs: 
+      - merge
+    env:
+      COMPOSE_FILE: docker-compose.yml:docker-compose.ci.yml
+      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Compose
+        uses: docker/setup-compose-action@v1
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup the stack
+        run: |
+          docker compose build --quiet
+          docker compose pull --quiet
+          docker compose up --wait
+          docker compose exec -u root app chown -R alma:alma artifacts
+
+      - name: Run RSpec
+        if: ${{ always() }}
+        run: |
+          docker compose exec app rspec --format progress --format html --out artifacts/rspec.html
+
+      - name: Run Rubocop
+        if: ${{ always() }}
+        run: |
+          docker compose exec app rubocop --format progress --format html --out artifacts/rubocop.html
+
+      - name: Copy out artifacts
+        if: ${{ always() }}
+        run: |
+          docker compose cp app:/opt/app/artifacts ./
+          docker compose logs > artifacts/docker-compose-services.log
+          docker compose config > artifacts/docker-compose.merged.yml
+
+      - name: Upload the test report
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: SFTP_HANDLER Build Report (${{ github.run_id }}_${{ github.run_attempt }})
+          path: artifacts/*
+          if-no-files-found: error
+
+  push:
+    runs-on: ubuntu-24.04
+    needs:
+      - merge
+      - test
+    env:
+      DOCKER_APP_IMAGE: ${{ needs.merge.outputs.build-image }}
+      DOCKER_APP_IMAGE_ARM64: ${{ needs.merge.outputs.build-image-arm }}
+      DOCKER_APP_IMAGE_X64: ${{ needs.merge.outputs.build-image-x64 }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Produce permanent image tags
+        id: branch-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=sha
+            type=ref,event=branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Retag and push the image
+        run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") $DOCKER_APP_IMAGE_ARM64 $DOCKER_APP_IMAGE_X64

.github/workflows/release.yml

@@ -0,0 +1,61 @@
+name: Push Release Tags
+
+on:
+  push:
+    tags:
+      - '**'
+  workflow_call:
+  workflow_dispatch:
+
+env:
+  DOCKER_METADATA_SET_OUTPUT_ENV: 'true'
+
+jobs:
+  retag:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Determine the sha-based image tag to retag
+        id: get-base-image
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: type=sha
+
+      - name: Verify that the image was previously built
+        env:
+          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
+        run: |
+          docker manifest inspect "$BASE_IMAGE"
+
+      - name: Produce release tags
+        id: tag-meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          flavor: latest=false
+          tags: |
+            type=ref,event=tag
+            type=semver,pattern={{major}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{version}}
+
+      - name: Retag the pulled image
+        env:
+          BASE_IMAGE: ${{ steps.get-base-image.outputs.tags }}
+        run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("--tag " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            "$(echo "$BASE_IMAGE" | cut -f1 -d:)"

Gemfile.lock

@@ -62,6 +62,7 @@ GEM
       hashdiff (>= 0.4.0, < 2.0.0)
 
 PLATFORMS
+  aarch64-linux
   x86_64-darwin-19
   x86_64-linux
 

LICENSE.md

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 The Regents of the University of California
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

docker-compose.ci.yml

@@ -0,0 +1,13 @@
+services:
+  app:
+    build: !reset
+    image: ${DOCKER_APP_IMAGE}
+    environment: !override
+      LBNL_FILENAME: "test" 
+    entrypoint: ["tail", "-f", "/dev/null"] 
+    volumes: !override
+      - artifacts:/opt/app/artifacts
+
+volumes:
+  artifacts:
+

docker-compose.yml

@@ -5,10 +5,10 @@ services:
       target: development
     environment:
       LIT_GOBI_PASSWORD: "${LIT_GOBI_PASSWORD}"
+      LIT_GOBI_USERNAME: "${LIT_GOBI_USERNAME}"
       LIT_LBNL_KEY_DATA: "${LIT_LBNL_KEY_DATA}"
-    image: containers.lib.berkeley.edu/lap/sftp_handler/${USER:-development}:latest
-    init: yes
+      LIT_LBNL_USERNAME: "${LIT_LBNL_USERNAME}"
+      LBNL_FILENAME: "${LBNL_FILENAME}"
+    init: true 
     volumes:
       - ./:/opt/app
-
-version: "3.8"

env.sample

@@ -0,0 +1,5 @@
+LIT_GOBI_PASSWORD='password'
+LIT_GOBI_USERNAME='username'
+LIT_LBNL_KEY_DATA='ssh key'
+LIT_LBNL_USERNAME='username'
+LBNL_FILENAME='the base name for the lbnl file'

lib/berkeley_library/sftp_handler/downloader/gobi.rb

@@ -43,7 +43,7 @@ def default_host
         end
 
         def default_username
-          ENV['LIT_GOBI_USERNAME]'
+          ENV['LIT_GOBI_USERNAME']
         end
 
         def ssh_options

lib/berkeley_library/sftp_handler/downloader/lbnl.rb

@@ -5,7 +5,7 @@
 module BerkeleyLibrary
   module SftpHandler
     module Downloader
-      # Downloads the latest lbnl_people_yyyymmdd.zip patron file.
+      # Downloads the latest ${LBNL_FILENAME}_yyyymmdd.zip patron file.
       #
       # LBNL seems to populate this every Monday, so by default the class looks for the file
       # that would've been added on the most recent Monday. If today is Monday, it uses today's
@@ -35,7 +35,7 @@ def default_host
         end
 
         def default_username
-          ENV['LIT_LBNL_USERNAME'] 
+          ENV['LIT_LBNL_USERNAME']
         end
 
         def default_filename