Add CI/CD

.github/dependabot.yml

@@ -0,0 +1,35 @@
+version: 2
+
+updates:
+  - package-ecosystem: gomod
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      backend:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: docker
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      docker:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    groups:
+      actions:
+        applies-to: version-updates
+        update-types:
+          - minor
+          - patch

.github/workflows/build.yaml

@@ -0,0 +1,53 @@
+name: Build
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - .github/workflows/build.yaml
+      - cmd/**
+      - internal/**
+      - go.*
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/build.yaml
+      - cmd/**
+      - internal/**
+      - go.*
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run tests
+        run: go test -short -v ./...
+
+  build-bot:
+    name: Build bot
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build bot
+        run: go build -o bot cmd/bot/*.go
+
+  build-ytplay:
+    name: Build ytplay
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build ytplay
+        run: go build -o ytplay cmd/ytplay/*.go

.github/workflows/dependabot.yaml

@@ -0,0 +1,35 @@
+# Allow Dependabot to automatically merge updates
+# In addition to this, there's a ruleset in GitHub to ensure that the CI checks
+# need to succeed before merge, which should stop Dependabot from merging
+# breaking changes.
+# SEE: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
+name: Dependabot auto-merge
+on: pull_request
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'AlexGustafsson/clabbe'
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable auto-merge for Dependabot PRs
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr merge --auto --rebase "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Approve Dependabot PRs
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}

.github/workflows/docker.yaml

@@ -0,0 +1,66 @@
+name: Build Docker image
+
+on:
+  push:
+    tags:
+      - v[0-9]+.[0-9]+.[0-9]+
+    branches:
+      - main
+    paths:
+      - .github/workflows/docker.yaml
+      - .dockerignore
+      - Dockerfile
+      - cmd/**
+      - internal/**
+      - go.*
+
+jobs:
+  build:
+    name: Build and publish
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # We need the entire history to determine the current version
+          fetch-depth: 0
+
+      - name: Log in to the container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Determine tag
+        id: determine_tag
+        run: |
+          TAG="${{ (github.ref_type == 'tag' && github.ref_name) || 'latest' }}"
+          echo "tag=${TAG#v}" >> "$GITHUB_OUTPUT"
+          echo -n "rev=" >> "$GITHUB_OUTPUT"
+          git describe >> "$GITHUB_OUTPUT"
+
+      - name: Build and publish
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ghcr.io/alexgustafsson/clabbe:${{ steps.determine_tag.outputs.tag }}
+          labels: |
+            org.opencontainers.image.title=clabbe
+            org.opencontainers.image.description=clabbe keeps track of image updates.
+            org.opencontainers.image.source=https://github.com/AlexGustafsson/clabbe
+            org.opencontainers.image.version=${{ steps.determine_tag.outputs.tag }}
+            org.opencontainers.image.licenses=MIT