ci: add Docker build/publish workflow on push to main

[scarmuega]

Context

Oura builds and publishes release binaries (via dist/release.yml) and runs CI, but it never builds or publishes a Docker image automatically. Sibling project Dolos does this with a docker.yml workflow. This adds the analogous capability for oura.

What this does

On push to main (and on v* tags), compiles native per-arch binaries and assembles a multi-arch image pushed to ghcr.io/txpipe/oura:

• build job — matrix over native runners (ubuntu-22.04 x86_64 + ubuntu-22.04-arm arm64), builds with --all-features --locked --release, uploads each binary as an artifact. Avoids slow QEMU emulation.
• docker job — downloads both binaries, renames x86_64→amd64 to match Docker's TARGETARCH, and pushes a multi-arch image with latest (default branch), stable + semver (tags), and sha tags.

A thin .github/image/Dockerfile (debian:12-slim) just copies the prebuilt binary in.

Adaptations vs. the Dolos workflow

• Uses oura's CI idioms — rustup honoring rust-toolchain.toml (1.89) and Swatinem/rust-cache — instead of the archived actions-rs/* actions.
• Adds arduino/setup-protoc@v3, required by oura's build (every ci.yml job installs it); Dolos doesn't need it.
• Current action major versions (buildx@v3, metadata@v5, login@v3, build-push@v6).

Existing root Dockerfile, ci.yml, and release.yml are untouched.

Notes

• First publish may need the GHCR package's visibility/permissions configured in the org (same as Dolos).
• The arm64 build is a native (not cross) build on ubuntu-22.04-arm, so it shouldn't need extra linker setup — proven on the first main run.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Added Docker image support for multiple architectures (amd64, arm64).
  • Enabled automated distribution and release publishing.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Adds a new Debian-slim Dockerfile at .github/image/Dockerfile and a GitHub Actions workflow at .github/workflows/docker.yml that builds Rust release binaries for x86_64 and arm64, then publishes a multi-arch Docker image to ghcr.io. Also adds a [package.metadata.dist] section in Cargo.toml enabling the u5c feature for cargo-dist.

Changes

Docker Release Pipeline

Layer / File(s)	Summary
Dockerfile and CI/CD publish workflow .github/workflows/docker.yml, .github/image/Dockerfile	Defines a two-job GitHub Actions pipeline: build cross-compiles Rust release binaries for x86_64 and arm64, uploads them as artifacts; docker downloads artifacts, renames the x86_64 binary to oura-Linux-amd64, and uses Docker Buildx to build and push a multi-arch image to ghcr.io/txpipe/oura with metadata-generated tags. The Dockerfile uses debian:12-slim, installs CA certificates, copies the TARGETARCH-specific binary to /bin/oura, creates a /oura symlink, and sets the entrypoint.
cargo-dist feature flag Cargo.toml	Adds [package.metadata.dist] with features = ["u5c"] to include the u5c feature in cargo-dist-produced release binaries.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• paulobressan

Poem

🐇 Hoppity-hop, a Dockerfile appears,
Multi-arch images to calm all our fears!
x86 and arm64, both packed up with care,
Pushed to the registry, floating through air.
The rabbit stamps latest and tags it with glee —
🐳 oura in Docker, as happy as can be!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci: add Docker build/publish workflow on push to main' directly and specifically describes the main change: adding a Docker build and publish workflow triggered on pushes to main.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/docker-build-publish

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}