Try building and pushing docker image

.github/workflows/ci.yaml

@@ -1,4 +1,8 @@
 name: CI
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 on:
   pull_request:
   push:
@@ -53,3 +57,102 @@ jobs:
           github_token: ${{ secrets.GITHUB_TOKEN || github.token }}
           publish_dir: ./github-pages
           cname: leios.cardano-scaling.org
+
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+
+    steps:
+      - name: 📥 Checkout repository
+        uses: actions/checkout@v4
+
+      # Uses the `docker/login-action` action to log in to the
+      # Container registry registry using the account and password
+      # that will publish the packages. Once published, the packages
+      # are scoped to the account defined here.
+      - name: 🛠️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # - name: 👮 Log in to Google Cloud
+      #   id: auth
+      #   uses: 'google-github-actions/auth@v2'
+      #   with:
+      #     token_format: access_token
+      #     credentials_json: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}'
+      #     access_token_lifetime: 3600s # need to be long enough for docker build to finish
+
+      - name: 👮 Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # This step uses
+      # [docker/metadata-action](https://github.com/docker/metadata-action#about)
+      # to extract tags and labels that will be applied to the
+      # specified image. The `id` "meta" allows the output of this
+      # step to be referenced in a subsequent step. The `images` value
+      # provides the base name for the tags and labels.
+      - name: 🛻 Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # This step uses the `docker/build-push-action` action to build
+      # the image, based on your repository's `Dockerfile`. If the
+      # build succeeds, it pushes the image to GitHub Packages.  It
+      # uses the `context` parameter to define the build's context as
+      # the set of files located in the specified path. For more
+      # information, see
+      # "[Usage](https://github.com/docker/build-push-action#usage)"
+      # in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label
+      # the image with the output from the "meta" step.
+      - name: 🏗️ Build and push image to GHCR
+        id: push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache
+          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache,mode=max
+
+      # - name: 👮 Login to Artifact Registry
+      #   uses: docker/login-action@v1
+      #   with:
+      #     registry: us-east1-docker.pkg.dev
+      #     username: oauth2accesstoken
+      #     password: ${{ steps.auth.outputs.access_token }}
+
+      # - name: 📦 Push to GCR
+      #   run: |-
+      #     docker pull $image_tag
+      #     docker tag $image_tag "us-east1-docker.pkg.dev/iog-hydra/peras-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
+      #     docker push "us-east1-docker.pkg.dev/iog-hydra/peras-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
+      #   env:
+      #     image_id: ${{ steps.push.outputs.imageid }}
+      #     image_tag: ${{ steps.meta.outputs.tags }}
+
+      # TODO: uncomment once the repository is public
+      #
+      # This step generates an artifact attestation for the image,
+      # which is an unforgeable statement about where and how it was
+      # built. It increases supply chain security for people who
+      # consume the image. For more information, see
+      # "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
+
+      # - name: Generate artifact attestation
+      #   uses: actions/attest-build-provenance@v1
+      #   with:
+      #     subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
+      #     subject-digest: ${{ steps.push.outputs.digest }}
+      #     push-to-registry: true

Dockerfile

@@ -0,0 +1,34 @@
+# inspired by https://github.com/phadej/docker-haskell-example/blob/master/Dockerfile
+FROM haskell:9.6.3 as build
+
+RUN apt-get update -y && \
+    apt-get upgrade -y && \
+    apt-get install -y automake build-essential pkg-config libffi-dev libgmp-dev libssl-dev libtinfo-dev libsystemd-dev zlib1g-dev make g++ tmux git jq wget libncursesw5 libtool autoconf
+
+COPY ./cabal.project /app/cabal.project
+
+RUN mkdir /app/leios-sim
+
+COPY ./leios-sim/leios-sim.cabal /app/leios-sim/leios-sim.cabal
+
+WORKDIR /app
+
+RUN cabal update
+RUN cabal build --dependencies-only all
+
+COPY . /app
+
+RUN cabal build all
+
+# Make final binary a bit smaller
+RUN strip dist-newstyle/build/x86_64-linux/ghc-9.6.3/leios-0.1.0.0/x/leios/noopt/build/leios/leios
+
+FROM ubuntu:22.04
+
+WORKDIR /app
+EXPOSE 8091
+
+COPY --from=build /app/leios-sim/* /app/
+COPY --from=build /app/dist-newstyle/build/x86_64-linux/ghc-9.6.3/leios-0.1.0.0/x/leios/noopt/build/leios/leios /app
+
+ENTRYPOINT ["/app/leios"]