Add Github CI pipeline for linting and docker publish

[f18m]

This PR is adding a github CI that:

• verifies that all Python requirements can be correctly installed within a Python 3.11 environment
• verifies that 'flake8' linter is happy with all source code (as mentioned in doc/development.md, that's the linter used in this project)
• fixes some errors reported by 'flake8' in some Python files
• pushes a docker image into GitHub Container Registry using a Personal Access Token (PAT) secret named 'PAT_TOKEN_FOR_GITHUB'
• revise the README section added by last PR and removes the now-outdated information about Docker usage and replaces them with a new 'Deploy with Docker' section

@eschava please squash this PR when merging since most of the commits have meaningless commit message. Additional steps to get a green build in this project would be:

1. create a PAT following steps https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens . The PAT should have write permissions on the 'packages' feature of Github.
2. create a secret for this project named PAT_TOKEN_FOR_GITHUB following steps at https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository
3. setup the right permission on the 'psmqtt' package that will be associated to your account. By default the new package that will appear at https://github.com/eschava?tab=packages&repo_name=psmqtt will have 'private' visibility. It should be changed to have 'public' visibility.

Of course I can help with any of these steps if needed.

[f18m]

hi @eschava, I see you merged the PR, thanks. But the CI is red (https://github.com/eschava/psmqtt/actions ). This is because of the lack of the right secret. Let me know if you need any help with these 3 steps:

• create a PAT following steps https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens . The PAT should have write permissions on the 'packages' feature of Github.
• create a secret for this project named PAT_TOKEN_FOR_GITHUB following steps at https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository
• setup the right permission on the 'psmqtt' package that will be associated to your account. By default the new package that will appear at https://github.com/eschava?tab=packages&repo_name=psmqtt will have 'private' visibility. It should be changed to have 'public' visibility.

(just for completeness: if you don't like spending time on that, you can add me as collaborator to this project and I can take care of them)

[eschava]

Thanks for your help! Added you as a collaborator

[f18m]

Thanks for your help! Added you as a collaborator

Unfortunately I checked and I cannot create the secret for this project even if I'm now a collaborator :( Only the owner can do it... so you should be following the 2 guides below:

• create a PAT following steps https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens . The PAT should have write permissions on the 'packages' feature of Github.
• create a secret for this project named PAT_TOKEN_FOR_GITHUB following steps at https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository

Then as collaborator I guess I can do the rest :)

[eschava]

Seems to be built successfully What are the next steps?

[f18m]

It looks like the build is green now! cool! However I didn't see any package appearing for this project: https://github.com/eschava?tab=packages&repo_name=psmqtt

Perhaps if you access that link you have the possibility to bind the package 'psmqtt' to the project 'psmqtt' ? I relaunched the pipeline just to double check

[f18m]

Created https://github.com/mr-smithers-excellent/docker-build-push/issues/236 to try to understand the message in the pipeline

[f18m]

@eschava you might need to follow these steps: https://docs.github.com/en/packages/learn-github-packages/connecting-a-repository-to-a-package#connecting-a-repository-to-a-user-scoped-package-on-github

[eschava]

@f18m please check now

[f18m]

@eschava unfortunately I still don't see the package 'psmqtt' on the list of packages: https://github.com/eschava?repo_name=psmqtt&tab=packages If instead you see the package at that link, then it means it's marked as 'private' and you should convert it to 'public'.

Unfortunately I realize now collaborators cannot really help in this process for personal repositories (Github permission system works better for "organizations" and not "individual" repos), so I cannot really do much on my side.

[eschava]

I made it public. Is this safe?

[f18m]

I made it public.

perfect, it's now visible and usable by everyone!

Is this safe?

yes, totally: for open-source projects there's nothing to 'hide': making it public means just that anybody can 'download' (in docker terms 'pull') the image built by the Github pipeline and immediately run it on its system. It's just a quick way to consume the software provided by this project. Having private packages is useful mostly for private Github repos/organizations (commercial software) or in case some secret/password gets stored in the docker image (it's not the case of psmqtt).

Now I think we need just to tag a release to produce a docker image with a valid semantic version (https://semver.org/). I see that the project does not have any release.

Do you think it's a good time to release version 1.0.0 ? If yes, I can do that for you as contributor to the project (one of the few things I can do as 'collaborator' actually :D ) But the process in github is really trivial: it's enough to go at https://github.com/eschava/psmqtt/releases/new and enter the details of the new release. Let me know if you think the version is good (1.0.0 basically means it's the first release of a stable-enough software) and in case I should be doing the release :)

[eschava]

yes, please proceed

[f18m]

Done now! Released version 1.0.0 and verified that the docker works fine!

[eschava]

thank you very much! it was a great contribution!