Migrate build pipeline to Github Actions

I've migrated the build pipeline to GitHub Actions and changed the
container registry to GitHub Container Registry. In the process, I've
made some changes to our docker setup and caching:

- We are now using a single multi-stage Dockerfile

Instead of three separate dockerfiles, we are now using a
single multi-stage Dockerfile that can be used to build the three images
we want using build targets.

In part, this is because we're now using the docker buildx build action
currently recommended by docker. This new engine runs in a sandboxed
mode, meaning that while it can export built images to `docker` running
in the host, it cannot import local images from it to base builds on.

- Docker builds are now cached within GitHub Actions

The builds are now cached using the GitHub Actions cache of the build
cache directory. The cache keys try to match a cache generated by a
build that matches the current build as closely as possible. In case of
a cache miss, we fall back to caching from the latest image pushed to
the container repository.

- The `base` and `venv` images now have an inline cache manifest

In order to fall back intelligently to caching from the repository, the
final build and push action for the `base` and `venv` images includes an
"inline" cache manifest. This means that the build process can inspect,
without pulling, if it makes sense to pull layers to speed up the build.

The other options, pushing a cache manifest separately (not inline), is
currently not supported by GHCR.

The custom caching script has been removed.

- Linting errors are now added as GitHub Actions annotations

Just like for some of our other pipelines, linting now generates
annotations if linting errors are observed.

- Coverage is pushed to coveralls.io

A coverage summary is now pushed to coveralls.io. Each CI run will get a
unique job that's linked in the CI output. If the run is attached to a
PR, coveralls.io will automatically add a check link with the coverage
result to the PR as well.

- The README.md, Pipfile, docker-compose, and scripts have been updated

As we now need to pull from and link to the GHCR, I've updated the other
files to reflect these changes, including Pipfile run commands. I've
also changed the CI badge and added a coveralls.io badge.

1 files changed, 0 insertions, 127 deletions

diff --git a/scripts/check_dockerfiles.sh b/scripts/check_dockerfiles.sh
deleted file mode 100755
index 88cb7cc..0000000
--- a/scripts/check_dockerfiles.sh
+++ /dev/null
@@ -1,127 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-shopt -s inherit_errexit
-exec 3>&1 # New file descriptor to stdout
-
-BASE_URL="https://dev.azure.com/\
-python-discord/${SYSTEM_TEAMPROJECTID}/_apis/build/builds?\
-queryOrder=finishTimeDescending&\
-resultFilter=succeeded&\
-\$top=1&\
-repositoryType=${BUILD_REPOSITORY_PROVIDER}&\
-repositoryId=${BUILD_REPOSITORY_NAME}&\
-api-version=5.0"
-
-declare -A build_cache
-
-get_build() {
-    local branch="${1:?"get_build: argument 1 'branch' is unset"}"
-
-    # Attempt to use cached value
-    if [[ -v build_cache["${branch}"] ]]; then
-        printf '%s\n' "Retrieving build for ${branch} from cache." >&3
-        printf '%s' "${build_cache[$branch]}"
-        return 0
-    fi
-
-    local url="${BASE_URL}&branchName=${branch}"
-
-    printf '%s\n' "Retrieving the latest successful build using ${url}" >&3
-
-    local response
-    response="$(curl -sSL "${url}")"
-
-    if [[ -z "${response}" ]] \
-        || ! count="$(printf '%s' "${response}" | jq -re '.count')" \
-        || (( "${count}" < 1 ))
-    then
-        return 1
-    else
-        # Cache the response
-        build_cache["${branch}"]="${response}"
-        printf '%s' "${response}"
-    fi
-}
-
-can_pull() {
-    local image="${1:?"can_pull: argument 1 'image' is unset"}"
-
-    local master_commit
-    if master_commit="$(
-            get_build "refs/heads/master" \
-            | jq -re '.value[0].sourceVersion'
-        )" \
-        && git diff --quiet "${master_commit}" -- "${@:2}"
-    then
-        printf \
-            '%s\n' \
-            "Can pull ${image} image from Docker Hub; no changes since master."
-
-        printf '%s\n' "##vso[task.setvariable variable=${image^^}_PULL]True"
-    else
-        printf \
-            '%s\n' \
-            "Cannot pull ${image} image from Docker Hub due to detected " \
-            "changes; the ${image} image will be built."
-
-        return 1
-    fi
-}
-
-# Get the previous commit
-if [[ "${BUILD_REASON}" = "PullRequest" ]]; then
-    if ! prev_commit="$(
-            get_build "${BUILD_SOURCEBRANCH}" \
-            | jq -re '.value[0].triggerInfo."pr.sourceSha"'
-        )"
-    then
-        echo \
-            "Could not retrieve the previous build's commit." \
-            "Falling back to the head of the target branch."
-
-        prev_commit="origin/${SYSTEM_PULLREQUEST_TARGETBRANCH}"
-    fi
-elif ! prev_commit="$(
-        get_build "${BUILD_SOURCEBRANCH}" \
-        | jq -re '.value[0].sourceVersion'
-    )"
-then
-    echo \
-        "No previous build was found." \
-        "Either the previous build is too old and was deleted" \
-        "or the branch was empty before this build." \
-        "All images will be built."
-    exit 0
-fi
-
-# Compare diffs
-head="$(git rev-parse HEAD)"
-printf '%s\n' "Comparing HEAD (${head}) against ${prev_commit}."
-
-if git diff --quiet "${prev_commit}" -- docker/base.Dockerfile; then
-    echo "No changes detected in docker/base.Dockerfile."
-    echo "##vso[task.setvariable variable=BASE_CHANGED]False"
-else
-    # Always rebuild the venv if the base changes.
-    echo "Changes detected in docker/base.Dockerfile; all images will be built."
-    exit 0
-fi
-
-if git diff --quiet "${prev_commit}" -- docker/venv.Dockerfile Pipfile*; then
-    echo "No changes detected in docker/venv.Dockerfile or the Pipfiles."
-    echo "##vso[task.setvariable variable=VENV_CHANGED]False"
-
-    if ! can_pull venv docker/venv.Dockerfile Pipfile*; then
-        # Venv image can't be pulled so it needs to be built.
-        # Therefore, the base image is needed too.
-        can_pull base docker/base.Dockerfile || true
-    fi
-else
-    echo \
-        "Changes detected in docker/venv.Dockerfile or the Pipfiles;" \
-        "the venv image will be built."
-
-    # Though base image hasn't changed, it's still needed to build the venv.
-    can_pull base docker/base.Dockerfile || true
-fi