Add Docker and Kubernetes deployment configuration

- Dockerfile using ARO buildsystem and runtime images
- Kubernetes manifests (deployment, service, ingress, kustomization)
- GitHub Actions workflow for building and pushing to ghcr.io

Author: KrisSimon

.dockerignore

@@ -0,0 +1,20 @@
+# Build artifacts
+.build/
+StatusPost
+
+# IDE
+.idea/
+.vscode/
+*.swp
+
+# Git
+.git/
+.gitignore
+
+# Documentation
+README.md
+
+# Deployment (not needed in image)
+deployment/
+Dockerfile
+.dockerignore

.github/workflows/build.yaml

@@ -0,0 +1,59 @@
+name: Build and Push
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=sha,prefix=
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -0,0 +1,44 @@
+# =============================================================================
+# StatusPost - Multi-stage Docker Build
+# =============================================================================
+# Uses ARO buildsystem to compile, then ARO runtime to execute
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# Stage 1: Build
+# -----------------------------------------------------------------------------
+FROM ghcr.io/arolang/aro-buildsystem:latest AS builder
+
+WORKDIR /app
+
+# Copy application source files
+COPY *.aro ./
+COPY openapi.yaml ./
+COPY templates/ ./templates/
+
+# Compile to native binary
+RUN aro build . --optimize
+
+# -----------------------------------------------------------------------------
+# Stage 2: Runtime
+# -----------------------------------------------------------------------------
+FROM ghcr.io/arolang/aro-runtime:latest
+
+WORKDIR /app
+
+# Copy compiled binary from builder
+COPY --from=builder /app/StatusPost ./StatusPost
+
+# Copy runtime assets (templates, openapi spec)
+COPY --from=builder /app/openapi.yaml ./
+COPY --from=builder /app/templates/ ./templates/
+
+# Expose HTTP port
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/ || exit 1
+
+# Run the application
+CMD ["./StatusPost"]

README.md

@@ -43,3 +43,64 @@ StatusPost/
 2. The page connects to `/ws` via WebSocket
 3. When a message is posted, it's stored and broadcast to all connected clients
 4. All clients receive the new message in real-time
+
+## Docker
+
+Build the container image:
+
+```bash
+docker build -t statuspost:latest .
+```
+
+Run locally:
+
+```bash
+docker run -p 8080:8080 statuspost:latest
+```
+
+## Kubernetes Deployment
+
+Deploy to Kubernetes using kustomize:
+
+```bash
+# Preview the manifests
+kubectl kustomize deployment/k8s/
+
+# Apply to cluster
+kubectl apply -k deployment/k8s/
+```
+
+Or apply manifests directly:
+
+```bash
+kubectl apply -f deployment/k8s/deployment.yaml
+kubectl apply -f deployment/k8s/service.yaml
+kubectl apply -f deployment/k8s/ingress.yaml
+```
+
+### Configuration
+
+Edit `deployment/k8s/kustomization.yaml` to customize the image:
+
+```yaml
+images:
+  - name: statuspost
+    newName: your-registry/statuspost
+    newTag: v1.0.0
+```
+
+Edit `deployment/k8s/ingress.yaml` to set your hostname:
+
+```yaml
+spec:
+  rules:
+    - host: your-domain.com
+```
+
+## CI/CD
+
+GitHub Actions automatically builds and pushes the Docker image to `ghcr.io` on:
+
+- Push to `main` branch → tagged as `main`
+- Version tags (`v*`) → tagged as version (e.g., `v1.0.0` → `1.0.0`)
+- Pull requests → build only (no push)

deployment/k8s/deployment.yaml

@@ -0,0 +1,62 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: statuspost
+  labels:
+    app: statuspost
+    app.kubernetes.io/name: statuspost
+    app.kubernetes.io/component: server
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: statuspost
+  template:
+    metadata:
+      labels:
+        app: statuspost
+        app.kubernetes.io/name: statuspost
+        app.kubernetes.io/component: server
+    spec:
+      containers:
+        - name: statuspost
+          image: statuspost:latest
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 3
+            periodSeconds: 5
+            timeoutSeconds: 2
+            failureThreshold: 3
+          resources:
+            requests:
+              memory: "64Mi"
+              cpu: "50m"
+            limits:
+              memory: "256Mi"
+              cpu: "500m"
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault

deployment/k8s/ingress.yaml

@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: statuspost
+  labels:
+    app: statuspost
+    app.kubernetes.io/name: statuspost
+    app.kubernetes.io/component: server
+  annotations:
+    # Enable WebSocket support
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/upstream-hash-by: "$remote_addr"
+    # Optional: Enable SSL redirect
+    # nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: statuspost.example.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: statuspost
+                port:
+                  name: http
+  # Optional: TLS configuration
+  # tls:
+  #   - hosts:
+  #       - statuspost.example.com
+  #     secretName: statuspost-tls

deployment/k8s/kustomization.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: statuspost
+
+resources:
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+
+commonLabels:
+  app.kubernetes.io/part-of: statuspost
+  app.kubernetes.io/managed-by: kustomize
+
+images:
+  - name: statuspost
+    newName: ghcr.io/arolang/statuspost
+    newTag: latest

deployment/k8s/service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: statuspost
+  labels:
+    app: statuspost
+    app.kubernetes.io/name: statuspost
+    app.kubernetes.io/component: server
+spec:
+  type: ClusterIP
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
+  selector:
+    app: statuspost