Automatically build and push Docker container

.github/workflows/docker_pygem.yml

@@ -0,0 +1,64 @@
+name: 'Build bespoke PyGEM Docker container'
+
+on:
+  # Trigger when these files change in an open PR
+  pull_request:
+    paths:
+      - '.github/workflows/docker_pygem.yml'
+      - 'docker/Dockerfile'
+
+  # Trigger when these files change on the master or dev branches
+  push:
+    branches:
+      - master
+      - dev
+    paths:
+      - '.github/workflows/docker_pygem.yml'
+      - 'docker/Dockerfile'
+
+   # Trigger every Saturday at 12AM GMT
+  schedule:
+    - cron: '0 0 * * 6'
+
+  # Manually trigger the workflow
+  workflow_dispatch:
+
+# Stop the workflow if a new one is started
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  docker:
+    name: 'Build and push Docker container'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 'Check out the repo'
+        uses: actions/checkout@v4
+
+      - name: 'Set up Docker buildx'
+        uses: docker/setup-buildx-action@v3
+
+      - name: 'Log into GitHub Container Repository'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          logout: true
+
+      - name: 'Build and Push Docker Container'
+        uses: docker/build-push-action@v5
+        with:
+          push: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev' }}
+          no-cache: true
+          file: 'docker/Dockerfile'
+          build-args: |
+            PYGEM_BRANCH=${{ github.ref == 'refs/heads/master' && 'master' || 'dev' }}
+          tags: |
+            ghcr.io/pygem-community/pygem:${{ github.ref == 'refs/heads/master' && 'latest' || github.ref == 'refs/heads/dev' && 'dev' }}

docker/Dockerfile

@@ -0,0 +1,26 @@
+FROM ubuntu:latest
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    sudo curl vim git tree python3-pip python3-venv python3-dev build-essential \
+    && rm -rf /var/lib/apt/lists/*
+
+# Add non-root user 'ubuntu' to sudo group
+RUN usermod -aG sudo ubuntu && \
+    echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu
+
+# Switch to non-root user
+USER ubuntu
+WORKDIR /home/ubuntu
+
+# Add .local/bin to PATH
+ENV PATH="/home/ubuntu/.local/bin:${PATH}"
+
+# What PyGEM branch to clone (either master or dev; see docker_pygem.yml)
+ARG PYGEM_BRANCH=master
+
+RUN git clone --branch ${PYGEM_BRANCH} https://github.com/PyGEM-Community/PyGEM.git && \
+    pip install --break-system-packages -e PyGEM
+
+# Clone the PyGEM notebooks repository, which are used for testing
+RUN git clone https://github.com/PyGEM-Community/PyGEM-notebooks.git