Automatically build and push Docker container (#61)

Closes #52.

This PR adds a workflow to automatically build and push the PyGEM image to the GitHub Container Registry (ghcr.io), that will then be visible at https://github.com/orgs/PyGEM-Community/packages. It builds it from the Dockerfile that I add as well.

It's pushed to ghcr only when the workflow is triggered on the master or dev branches: that is, if it's triggered by schedule or when we merge relevant commits to the branches. But it's always built in PRs so we can check that it builds successfully.

Currently the image is quite large (9.1 GB) but can be reduced to about 2.5GB, as described in #60.

Author: ddundo

.github/workflows/docker_pygem.yml

@@ -0,0 +1,64 @@
+name: 'Build bespoke PyGEM Docker container'
+
+on:
+  # Trigger when these files change in an open PR
+  pull_request:
+    paths:
+      - '.github/workflows/docker_pygem.yml'
+      - 'docker/Dockerfile'
+
+  # Trigger when these files change on the master or dev branches
+  push:
+    branches:
+      - master
+      - dev
+    paths:
+      - '.github/workflows/docker_pygem.yml'
+      - 'docker/Dockerfile'
+
+   # Trigger every Saturday at 12AM GMT
+  schedule:
+    - cron: '0 0 * * 6'
+
+  # Manually trigger the workflow
+  workflow_dispatch:
+
+# Stop the workflow if a new one is started
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  docker:
+    name: 'Build and push Docker container'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v4
+
+      - name: 'Set up Docker buildx'
+        uses: docker/setup-buildx-action@v3
+
+      - name: 'Log into GitHub Container Repository'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          logout: true
+
+      - name: 'Build and Push Docker Container'
+        uses: docker/build-push-action@v5
+        with:
+          push: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' }}
+          no-cache: true
+          file: 'docker/Dockerfile'
+          build-args: |
+            PYGEM_BRANCH=${{ github.ref == 'refs/heads/master' && 'master' || 'dev' }}
+          tags: |
+            ghcr.io/pygem-community/pygem:${{ github.ref == 'refs/heads/master' && 'latest' || github.ref == 'refs/heads/dev' && 'dev' }}

docker/Dockerfile

@@ -0,0 +1,26 @@
+FROM ubuntu:latest
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    sudo curl vim git tree python3-pip python3-venv python3-dev build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Add non-root user 'ubuntu' to sudo group
+RUN usermod -aG sudo ubuntu && \
+    echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Switch to non-root user
+USER ubuntu
+WORKDIR /home/ubuntu
+
+# Add .local/bin to PATH
+ENV PATH="/home/ubuntu/.local/bin:${PATH}"
+
+# What PyGEM branch to clone (either master or dev; see docker_pygem.yml)
+ARG PYGEM_BRANCH=master
+
+RUN git clone --branch ${PYGEM_BRANCH} https://github.com/PyGEM-Community/PyGEM.git && \
+    pip install --break-system-packages -e PyGEM
+
+# Clone the PyGEM notebooks repository, which are used for testing
+RUN git clone https://github.com/PyGEM-Community/PyGEM-notebooks.git