From 5dd900f4fda0e9170299f1c2a78e009bb0ea0ca0 Mon Sep 17 00:00:00 2001
From: estebanthi <esteban.thilliez@gmail.com>
Date: Mon, 20 Oct 2025 13:24:31 +0200
Subject: [PATCH] Dockerization

---
 .gitea/workflows/docker-build-push.yml    | 81 +++++++++++++++++++++++
 .gitea/workflows/dockerhub-build-push.yml | 79 ++++++++++++++++++++++
 Dockerfile                                | 23 +++++++
 README.md                                 | 12 ++++
 4 files changed, 195 insertions(+)
 create mode 100644 .gitea/workflows/docker-build-push.yml
 create mode 100644 .gitea/workflows/dockerhub-build-push.yml
 create mode 100644 Dockerfile

diff --git a/.gitea/workflows/docker-build-push.yml b/.gitea/workflows/docker-build-push.yml
new file mode 100644
index 0000000..eeb1436
--- /dev/null
+++ b/.gitea/workflows/docker-build-push.yml
@@ -0,0 +1,81 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - 'main'
+
+env:
+  REGISTRY_HOST: ${{ secrets.DOCKER_REGISTRY_HOST }}
+  REGISTRY_USER: ${{ secrets.DOCKER_REGISTRY_USER }}
+  REGISTRY_PASSWORD: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+  GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}  # Required for Docker metadata extraction
+  IMAGE_NAME: "scripts/hc-bulk"
+  # CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache  # (Optional) for build cache
+
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      # (Optional) checks if current branch is the default branch
+      - name: Define branch helpers
+        id: branch
+        run: |
+          DEFAULT="${{ github.event.repository.default_branch }}"
+          CURRENT="${{ github.ref_name }}"
+          if [ "$DEFAULT" = "$CURRENT" ]; then
+            echo "is_default_branch=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_default_branch=false" >> $GITHUB_OUTPUT
+          fi
+
+      # (Optional) automatically extract tags and labels from git context
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ env.GITHUB_TOKEN }}
+          images: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+            type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
+
+      # (Optional) for multi-platform builds
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+
+      # (Optional but recommended) for advanced builds
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY_HOST }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:  # Adjust as needed
+          context: .
+          file: ./Dockerfile
+          push: true
+          # platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          # cache-from: type=registry,ref=${{ env.CACHE_REF }}
+          # cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max
+
+      - name: Image details
+        run: |
+          echo "Image pushed: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}"
+          echo "Labels: ${{ steps.meta.outputs.labels }}"
+          echo "Tags: ${{ steps.meta.outputs.tags }}"
+          echo "Digest: ${{ steps.meta.outputs.digest }}"
diff --git a/.gitea/workflows/dockerhub-build-push.yml b/.gitea/workflows/dockerhub-build-push.yml
new file mode 100644
index 0000000..4df38e0
--- /dev/null
+++ b/.gitea/workflows/dockerhub-build-push.yml
@@ -0,0 +1,79 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - 'main'
+
+env:
+  REGISTRY_USER: ${{ secrets.DOCKERHUB_USER }}
+  REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
+  GITHUB_TOKEN: ${{ secrets.CI_GITEA_TOKEN }}  # Required for Docker metadata extraction
+  IMAGE_NAME: "estebanthi/hc-bulk"
+  # CACHE_REF: ${{ env.REGISTRY_HOST }}/${{ env.IMAGE_NAME }}:buildcache  # (Optional) for build cache
+
+jobs:
+  build-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      # (Optional) checks if current branch is the default branch
+      - name: Define branch helpers
+        id: branch
+        run: |
+          DEFAULT="${{ github.event.repository.default_branch }}"
+          CURRENT="${{ github.ref_name }}"
+          if [ "$DEFAULT" = "$CURRENT" ]; then
+            echo "is_default_branch=true" >> $GITHUB_OUTPUT
+          else
+            echo "is_default_branch=false" >> $GITHUB_OUTPUT
+          fi
+
+      # (Optional) automatically extract tags and labels from git context
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          github-token: ${{ env.GITHUB_TOKEN }}
+          images: ${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha
+            type=raw,value=latest,enable=${{ steps.branch.outputs.is_default_branch }}
+
+      # (Optional) for multi-platform builds
+      # - name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v3
+
+      # (Optional but recommended) for advanced builds
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:  # Adjust as needed
+          context: .
+          file: ./Dockerfile
+          push: true
+          # platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          # cache-from: type=registry,ref=${{ env.CACHE_REF }}
+          # cache-to: type=registry,ref=${{ env.CACHE_REF }},mode=max
+
+      - name: Image details
+        run: |
+          echo "Image pushed: ${{ env.IMAGE_NAME }}"
+          echo "Labels: ${{ steps.meta.outputs.labels }}"
+          echo "Tags: ${{ steps.meta.outputs.tags }}"
+          echo "Digest: ${{ steps.meta.outputs.digest }}"
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..1ea6cad
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,23 @@
+ARG PYTHON_VERSION=3.12
+FROM python:${PYTHON_VERSION}-slim AS runtime
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+      git ca-certificates tini && \
+    rm -rf /var/lib/apt/lists/* && \
+    useradd -r -u 10001 -m app
+
+WORKDIR /app
+COPY pyproject.toml README.md ./
+COPY hc_bulk ./hc_bulk
+
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir .
+
+ENV PYTHONUNBUFFERED=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    HC_API_URL="https://healthchecks.io/api/"
+
+USER app
+
+ENTRYPOINT ["/usr/bin/tini","--","hc-bulk"]
+CMD ["--help"]
diff --git a/README.md b/README.md
index 007904c..71648b8 100644
--- a/README.md
+++ b/README.md
@@ -53,3 +53,15 @@ Commands:
 hc-bulk ls --tags backup,docker
 hc-bulk bulk-update --name-re "docker-system" --set-grace 3600 --set-schedule "30 3 * * 0"
 ```
+
+## 🐳 Docker
+
+A Docker image is available on Docker Hub: `estebanthi/hc-bulk`.
+
+```bash
+docker run --rm \
+    -e HC_API_KEY="your_api_key_here" \
+    -e HC_API_URL="https://hc.example.com/api" \
+    estebanthi/hc-bulk:latest  \
+    ls --tags your_tag_here
+```